[PATCH v4 ima-evm-utils 0/3] fs-verity file signature support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Extend the existing file list digest signing and the IMA measurement
list file signature verification to support the new sigv3 format
version.  Neither file digest signing nor signature verification
require calculating the fs-verity file digest.

evmctl examples of signing fs-verity file hashes and verifying the
fs-verity file signatures are included the respective patch
description.

Changelog v4:
- Addressed Stefan's comments (e.g. fixed max digest size, removed
  unnecessary errno clearing, updated evmctl sign_hash usage format).

Changelog v3:

- Refactor the existing file hash signing function so that both
signature format version 2 and 3 may use it.  Signature v2 directly
signs the file hash, while signature v3 indirectly signs the file hash.

- Addressed Stefan Berger's comments: properly clear errno, properly
limit the hash algorithm name size to address an out of bounds error.
Instead of allowing the maximum hash algorithm name size, use the
current fs-verity supported maximum hash algorithm size.

- Based on Eric Bigger's recommendation of using "fsverity digest"
instead of "fsverity measure", replaced all references.

Mimi Zohar (3):
  Reset 'errno' after failure to open or access a file
  Sign an fs-verity file digest
  Verify an fs-verity file digest based signature

 README          |   3 +-
 src/evmctl.c    | 126 ++++++++++++++++++++++++++++++------
 src/imaevm.h    |   5 +-
 src/libimaevm.c | 166 ++++++++++++++++++++++++++++++++++++++++++++----
 4 files changed, 268 insertions(+), 32 deletions(-)

-- 
2.27.0




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux