On Wed, 12 Jun 2019, Prakhar Srivastava wrote: > A buffer(kexec cmdline args) measured into ima cannot be > appraised without already being aware of the buffer contents. > Since hashes are non-reversible, raw buffer is needed for > validation or regenerating hash for appraisal/attestation. > > This patch adds support to ima to allow store/read the > buffer contents in HEX. > > - Add two new fields to ima_event_data to hold the buf and > buf_len [Suggested by Roberto] > - Add a new temaplte field 'buf' to be used to store/read > the buffer data.[Suggested by Mimi] > - Updated process_buffer_meaurement to add the buffer to > ima_event_data. process_buffer_measurement added in > "Define a new IMA hook to measure the boot command line > arguments" > - Add a new template policy name ima-buf to represent > 'd-ng|n-ng|buf' > > Signed-off-by: Prakhar Srivastava <prsriva02@xxxxxxxxx> > Reviewed-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
