projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4cfb908) | patch
integrity: Enforce digitalSignature usage in the ima and evm keyrings
authorEric Snowberg <eric.snowberg@oracle.com>
Mon, 22 May 2023 23:09:43 +0000 (19:09 -0400)
committerJarkko Sakkinen <jarkko@kernel.org>
Thu, 17 Aug 2023 20:12:35 +0000 (20:12 +0000)
commit90f6f691a706754e33d2d0c6fa2e1dacedb477f6
tree21f58a26b3370ff62708d5f18bb3b501180456fctree | snapshot
parent4cfb908054456ad8b6b8cd5108bbdf80faade8cdcommit | diff
integrity: Enforce digitalSignature usage in the ima and evm keyrings

After being vouched for by a system keyring, only allow keys into the .ima
and .evm keyrings that have the digitalSignature usage field set.

Link: https://lore.kernel.org/all/41dffdaeb7eb7840f7e38bc691fbda836635c9f9.camel@linux.ibm.com
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Acked-and-tested-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/digsig.c diff | blob | history
security/integrity/evm/Kconfig diff | blob | history
security/integrity/ima/Kconfig diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git