From: Dmitry Baryshkov <dbaryshkov@xxxxxxxxx>
EVM signature code checked explicitly checked for signature type to be
EVM_IMA_XATTR_DIGSIG (0x03). Allow it to be either EVM_IMA_XATTR_DIGSIG
or EVM_XATTR_PORTABLE_DIGSIG.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@xxxxxxxxx>
---
src/evmctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index b02be8b1507a..b3f6f65523ef 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -824,7 +824,7 @@ static int verify_evm(const char *file)
return len;
}
- if (sig[0] != 0x03) {
+ if (sig[0] != EVM_IMA_XATTR_DIGSIG || sig[0] != EVM_XATTR_PORTABLE_DIGSIG) {
log_err("%s has no signature\n", xattr_evm);
return -1;
}
--
2.25.1
