bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

ima: add regular file data hash signature version 3 support

Browse Source 
Instead of directly verifying the signature of a file data hash,
signature v3 verifies the signature of the ima_file_id structure
containing the file data hash.

To disambiguate the signature usage, the ima_file_id structure also
includes the hash algorithm and the type of data (e.g. regular file
hash or fs-verity root hash).

Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar
2026-03-10 21:36:44 -04:00
parent dccfbafb1f
commit 64c658f358
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/ima/ima_appraise.c
View File

@@ -297,7 +297,7 @@ static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
}
sig = (typeof(sig))xattr_value;
if (sig->version >= 3) {
if (sig->version > 3) {
*cause = "invalid-signature-version";
*status = INTEGRITY_FAIL;
break;