Home
last modified time | relevance | path

Searched refs:modsig (Results 1 – 11 of 11) sorted by relevance

/Linux-v5.4/security/integrity/ima/
Dima_modsig.c18 struct modsig { struct
61 struct modsig **modsig) in ima_read_modsig() argument
65 struct modsig *hdr; in ima_read_modsig()
105 *modsig = hdr; in ima_read_modsig()
117 void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size) in ima_collect_modsig() argument
125 size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) + in ima_collect_modsig()
127 rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size); in ima_collect_modsig()
132 rc = pkcs7_get_digest(modsig->pkcs7_msg, &modsig->digest, in ima_collect_modsig()
133 &modsig->digest_size, &modsig->hash_algo); in ima_collect_modsig()
136 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig) in ima_modsig_verify() argument
[all …]
Dima.h63 const struct modsig *modsig; member
205 struct modsig;
214 enum hash_algo algo, struct modsig *modsig);
218 int xattr_len, const struct modsig *modsig, int pcr,
260 int xattr_len, const struct modsig *modsig);
277 const struct modsig *modsig) in ima_appraise_measurement() argument
317 struct modsig **modsig);
318 void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size);
319 int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo,
321 int ima_get_raw_modsig(const struct modsig *modsig, const void **data,
[all …]
Dima_api.c208 enum hash_algo algo, struct modsig *modsig) in ima_collect_measurement() argument
227 if (modsig) in ima_collect_measurement()
228 ima_collect_modsig(modsig, buf, size); in ima_collect_measurement()
296 int xattr_len, const struct modsig *modsig, int pcr, in ima_store_measurement() argument
309 .modsig = modsig }; in ima_store_measurement()
318 if (iint->measured_pcrs & (0x1 << pcr) && !modsig) in ima_store_measurement()
Dima_appraise.c286 static int modsig_verify(enum ima_hooks func, const struct modsig *modsig, in modsig_verify() argument
291 rc = integrity_modsig_verify(INTEGRITY_KEYRING_IMA, modsig); in modsig_verify()
295 modsig); in modsig_verify()
318 int xattr_len, const struct modsig *modsig) in ima_appraise_measurement() argument
326 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; in ima_appraise_measurement()
381 rc = modsig_verify(func, modsig, &status, &cause); in ima_appraise_measurement()
Dima_main.c205 struct modsig *modsig = NULL; in process_measurement() local
316 rc = ima_read_modsig(func, buf, size, &modsig); in process_measurement()
326 rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig); in process_measurement()
335 xattr_value, xattr_len, modsig, pcr, in process_measurement()
340 xattr_value, xattr_len, modsig); in process_measurement()
357 ima_free_modsig(modsig); in process_measurement()
Dima_template_lib.c343 if (!event_data->modsig) in ima_eventdigest_modsig_init()
354 rc = ima_get_modsig_digest(event_data->modsig, &hash_algo, in ima_eventdigest_modsig_init()
457 if (!event_data->modsig) in ima_eventmodsig_init()
464 rc = ima_get_raw_modsig(event_data->modsig, &data, &data_len); in ima_eventmodsig_init()
DKconfig246 The modsig keyword can be used in the IMA policy to allow a hook
/Linux-v5.4/security/integrity/
Dintegrity.h151 struct modsig;
157 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig);
173 const struct modsig *modsig) in integrity_modsig_verify() argument
204 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig);
207 const struct modsig *modsig) in ima_modsig_verify() argument
Ddigsig.c86 int integrity_modsig_verify(const unsigned int id, const struct modsig *modsig) in integrity_modsig_verify() argument
94 return ima_modsig_verify(keyring, modsig); in integrity_modsig_verify()
/Linux-v5.4/Documentation/security/
DIMA-templates.rst71 - 'd-modsig': the digest of the event without the appended modsig;
74 - 'modsig' the appended file signature;
84 - "ima-modsig": its format is ``d-ng|n-ng|sig|d-modsig|modsig``;
/Linux-v5.4/Documentation/ABI/testing/
Dima_policy40 option: appraise_type:= [imasig] [imasig|modsig]
109 Example of appraise rule allowing modsig appended signatures:
111 appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig