Hi Enrico, On Thu, 2023-12-14 at 15:51 +0100, Enrico Bravi wrote: > The purpose of this patch is to add the possibility to configure the hash > algorithm to use when calculating the template-hash. The patch description should be written in the imperative mood. For an explanation, please refer to "Describe your changes" in Documentation/process/submitting-patches.rst. For example: The second field of the IMA measurement list, the template data hash, contains a fixed sized SHA1 digest. Add support to replace the SHA1 digest with other hash algorithms. For backwards compatability, only the new larger digests will be prefixed with ... > The ima_template_hash command line parameter has been introduced to enable > this configuration. The term "ima_template_hash" could be misconstrued to refer to the hash algorithm used to calculate the file digest. To differentiate between the hash algorithm used to calculate the file digest, the term 'ima_template_data_hash' is longer, but I think clearer. > The entry will contain the hash_algo_name before the actual template-hash, > separated by a colon (:). This chnage will break existing userspace applications, unless the SHA1 digest isn't prefixed. > An example of the resulting ima log is the following: > > 10 sha256:64326[...]25313 ima-ng sha1:5fc9b[...]974e6 boot_aggregate > 10 sha256:afd64[...]e3123 ima-ng sha1:5a493[...]f9566 /init > 10 sha256:99329[...]a6353 ima-ng sha1:8c87d[...]3d8c7 /usr/bin/sh > 10 sha256:a16ad[...]2ac0e ima-ng sha1:59d4b[...]330b0 /etc/ld.so.cache > > This patch has been created starting from the master branch of the main tree: > <git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git> With the base-commit included at the end of the cover letter, this comment is unnessary. Please remove. thanks, Mimi > > Signed-off-by: Silvia Sisinni <silvia.sisinni@xxxxxxxxx> > Signed-off-by: Enrico Bravi <enrico.bravi@xxxxxxxxx>
