Before upgrading to the new OpenSSL 1.1 API, let's clean up the code
a bit and add some missing functionality:
- option to specify the pcr sysfs location
- verify the measurement list using multiple keys
- verify the measurement list using multiple pcrs
- verify a measurement signature against the measurement list digest
- for completeness, extend "ima_verify" to verify the local security.ima hash
Mimi
Mimi Zohar (10):
ima-evm-utils: fix "ima_measurement" template fields length
ima-evm-utils: revert the change to use printf instead of log_info()
ima-evm-utils: fix spelling error
ima-evm-utils: remove the unnecessary display of the keyid
ima-evm-utils: support verifying the measurement list using multiple
keys
ima-evm-utils: indicate measurement list signature verification
failure
ima-evm-utils: add support for specifying the pcr file location
ima-evm-utils: verify the measurement list signature based on the list
digest
ima-evm-utils: verify IMA file hashes stored as xattrs
ima-evm-utils: add support for validating multiple pcrs
README | 2 +-
src/evmctl.c | 94 ++++++++++++++++++++++++++++-----------
src/imaevm.h | 7 ++-
src/libimaevm.c | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
4 files changed, 199 insertions(+), 39 deletions(-)
--
2.7.4
