Hi Simon, On Tue, 2021-07-27 at 16:33 +0000, THOBY Simon wrote: > The kernel accepts any hash algorithm as a value for the security.ima > xattr. Users may wish to restrict the accepted algorithms to only > support strong cryptographic ones. > > Provide the plumbing to restrict the permitted set of hash algorithms > used for verifying file hashes and digest algorithms stored in > security.ima xattr. > > This do not apply only to IMA in hash mode, it also works with digital > signatures, in which case it checks that the hash (which was then > signed by the trusted private key) have been generated with one of > the algortihms whitelisted for this specific rule. > > Signed-off-by: Simon Thoby <simon.thoby@xxxxxxxxxx> I haven't yet tested building the kernel after applying each patch. Assuming that it compiles properly: Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
