Roberto Sassu 88016de3ab ima: Define new template evm-sig ... With the recent introduction of the evmsig template field, remote verifiers can obtain the EVM portable signature instead of the IMA signature, to verify file metadata. After introducing the new fields to include file metadata in the measurement list, this patch finally defines the evm-sig template, whose format is: d-ng|n-ng|evmsig|xattrnames|xattrlengths|xattrvalues|iuid|igid|imode xattrnames, xattrlengths and xattrvalues are populated only from defined EVM protected xattrs, i.e. the ones that EVM considers to verify the portable signature. xattrnames and xattrlengths are populated only if the xattr is present. xattrnames and xattrlengths are not necessary for verifying the EVM portable signature, but they are included for completeness of information, if a remote verifier wants to infer more from file metadata. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>		2021-06-03 10:02:37 -04:00
..
evm	ima: Define new template fields xattrnames, xattrlengths and xattrvalues	2021-06-02 18:56:13 -04:00
ima	ima: Define new template evm-sig	2021-06-03 10:02:37 -04:00
platform_certs	integrity: Load mokx variables into the blacklist keyring	2021-03-11 16:34:48 +00:00
digsig_asymmetric.c	ima: Support EC keys for signature verification	2021-03-26 19:41:59 +11:00
digsig.c	ima: enable loading of build time generated key on .ima keyring	2021-04-09 10:40:20 -04:00
iint.c	evm: Load EVM key in ima_load_x509() to avoid appraisal	2021-05-21 12:47:04 -04:00
integrity_audit.c	integrity: Use current_uid() in integrity_audit_message()	2020-08-31 17:46:50 -04:00
integrity.h	crypto: sha - split sha.h into sha1.h and sha2.h	2020-11-20 14:45:33 +11:00
Kconfig	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00
Makefile	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00