]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dccfbaf) | patch
ima: add regular file data hash signature version 3 support
authorMimi Zohar <zohar@linux.ibm.com>
Wed, 11 Mar 2026 01:36:44 +0000 (21:36 -0400)
committerMimi Zohar <zohar@linux.ibm.com>
Wed, 1 Apr 2026 14:16:20 +0000 (10:16 -0400)
commit64c658f358ec6ed6e992d4cf05482eaa2ab4b1a4
tree617e697dc9120b18e8a0841024ce09f65a66aed5tree | snapshot
parentdccfbafb1f34a98898ac685e0f3f86eeaf25ecc6commit | diff
ima: add regular file data hash signature version 3 support

Instead of directly verifying the signature of a file data hash,
signature v3 verifies the signature of the ima_file_id structure
containing the file data hash.

To disambiguate the signature usage, the ima_file_id structure also
includes the hash algorithm and the type of data (e.g. regular file
hash or fs-verity root hash).

Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
security/integrity/digsig_asymmetric.c diff | blob | blame | history
security/integrity/ima/ima_appraise.c diff | blob | blame | history
A mirror of Linus' kernel repository