Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca authored by Mimi Zohar on 09 November 2018, 05:53:40 UTC, committed by James Morris on 13 November 2018, 21:09:56 UTC 
integrity: support new struct public_key_signature encoding field
 
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima).  Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.

Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change.  This patch updates the integrity asymmetric_verify()
caller.

Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
1 parent ccda4af
Raw File
Tip revision: fd35f192e42cf7c0df1e2480bfd5965e35b2f4ca authored by Mimi Zohar on 09 November 2018, 05:53:40 UTC
integrity: support new struct public_key_signature encoding field
Tip revision: fd35f19
.gitignore 
#
# NOTE! Don't add files that are generated in specific
# subdirectories here. Add them in the ".gitignore" file
# in that subdirectory instead.
#
# NOTE! Please use 'git ls-files -i --exclude-standard'
# command after changing this file, to see if there are
# any tracked files which get ignored after the change.
#
# Normal rules (sorted alphabetically)
#
.*
*.a
*.asn1.[ch]
*.bin
*.bz2
*.c.[012]*.*
*.dtb
*.dtb.S
*.dwo
*.elf
*.gcno
*.gz
*.i
*.ko
*.lex.c
*.ll
*.lst
*.lz4
*.lzma
*.lzo
*.mod.c
*.o
*.o.*
*.order
*.patch
*.s
*.so
*.so.dbg
*.su
*.symtypes
*.tab.[ch]
*.tar
*.xz
Module.symvers
modules.builtin

#
# Top-level generic files
#
/tags
/TAGS
/linux
/vmlinux
/vmlinux.32
/vmlinux-gdb.py
/vmlinuz
/System.map
/Module.markers

#
# RPM spec file (make rpm-pkg)
#
/*.spec

#
# Debian directory (make deb-pkg)
#
/debian/

#
# Snap directory (make snap-pkg)
#
/snap/

#
# tar directory (make tar*-pkg)
#
/tar-install/

#
# git files that we don't want to ignore even if they are dot-files
#
!.gitignore
!.mailmap
!.cocciconfig
!.clang-format

#
# Generated include files
#
include/config
include/generated
include/ksym
arch/*/include/generated

# stgit generated dirs
patches-*

# quilt's files
patches
series

# cscope files
cscope.*
ncscope.*

# gnu global files
GPATH
GRTAGS
GSYMS
GTAGS

# id-utils files
ID

*.orig
*~
\#*#

#
# Leavings from module signing
#
extra_certificates
signing_key.pem
signing_key.priv
signing_key.x509
x509.genkey

# Kconfig presets
all.config

# Kdevelop4
*.kdev4
back to top