projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 50f742d) | patch
IMA: add support to restrict the hash algorithms used for file appraisal
authorTHOBY Simon <Simon.THOBY@viveris.fr>
Mon, 16 Aug 2021 08:11:00 +0000 (08:11 +0000)
committerMimi Zohar <zohar@linux.ibm.com>
Mon, 16 Aug 2021 21:30:41 +0000 (17:30 -0400)
commit1624dc0086056c3a35fd34b0235bb1eb88c1c4d5
tree5b2d3eb0600d257add0a38841c7af1c275b7c540tree | snapshot
parent50f742dd91474e7f4954bf88d094eede59783883commit | diff
IMA: add support to restrict the hash algorithms used for file appraisal

The kernel accepts any hash algorithm as a value for the security.ima
xattr. Users may wish to restrict the accepted algorithms to only
support strong cryptographic ones.

Provide the plumbing to restrict the permitted set of hash algorithms
used for verifying file hashes and signatures stored in security.ima
xattr.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
security/integrity/ima/ima.h diff | blob | history
security/integrity/ima/ima_api.c diff | blob | history
security/integrity/ima/ima_appraise.c diff | blob | history
security/integrity/ima/ima_main.c diff | blob | history
security/integrity/ima/ima_policy.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git