[PATCH v5 10/13] ima: Add support for flushing the hash table when staging measurements
Mimi Zohar
zohar at linux.ibm.com
Thu May 21 16:06:22 UTC 2026
On Wed, 2026-04-29 at 18:03 +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Introduce the new kernel option ima_flush_htable to decide whether or not
> the digests of staged measurement entries are flushed from the hash table,
> when they are deleted.
Unless explicitly requested, the existing hash table is not cleared after
exporting the measurement list. Why is clearing the hash table configurable?
The boot command line option does not provide enough information to decide why
you would or wouldn't want to clear the hash table. Please update the patch
description and the boot command line option.
thanks,
Mimi
>
> When the option is enabled, replace the old hash table with a new one,
> by calling ima_alloc_replace_htable(), and completely delete the
> measurements entries.
>
> Note: This code derives from the Alt-IMA Huawei project, whose license is
> GPL-2.0 OR MIT.
>
> Link: https://github.com/linux-integrity/linux/issues/1
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
More information about the Linux-security-module-archive
mailing list