Asymmetric keys were introduced in linux-3.7 to verify the signature on signed kernel modules. The asymmetric keys infrastructure abstracts the signature verification from the crypto details. This patch adds IMA/EVM signature verification using asymmetric keys. Support for additional signature verification methods can now be delegated to the asymmetric key infrastructure. Although the module signature header and the IMA/EVM signature header could use the same header format, to minimize the signature length and save space in the extended attribute, the IMA/EVM header format is different than the module signature header. The main difference is that the key identifier is a sha1[12 - 19] hash of the key modulus and exponent and similar to the current implementation. The only purpose is to identify corresponding key in the kernel keyring. ima-evm-utils was updated to support the new signature format. BR, Dmitry Dmitry Kasatkin (1): ima: digital signature verification using asymmetric keys security/integrity/Kconfig | 12 +++++ security/integrity/digsig.c | 103 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 114 insertions(+), 1 deletion(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
