summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/Kconfig
diff options
context:
space:
mode:
authorThiago Jung Bauermann <bauerman@linux.ibm.com>2019-06-28 04:19:30 +0200
committerMimi Zohar <zohar@linux.ibm.com>2019-08-06 00:40:23 +0200
commit39b07096364a42c516415d5f841069e885234e61 (patch)
tree5ab235d361dcf9671a715f4fa38259789fa68e3f /security/integrity/ima/Kconfig
parentima: Factor xattr_verify() out of ima_appraise_measurement() (diff)
downloadlinux-39b07096364a42c516415d5f841069e885234e61.tar.xz
linux-39b07096364a42c516415d5f841069e885234e61.zip
ima: Implement support for module-style appended signatures
Implement the appraise_type=imasig|modsig option, allowing IMA to read and verify modsig signatures. In case a file has both an xattr signature and an appended modsig, IMA will only use the appended signature if the key used by the xattr signature isn't present in the IMA or platform keyring. Because modsig verification needs to convert from an integrity keyring id to the keyring itself, add an integrity_keyring_from_id() function in digsig.c so that integrity_modsig_verify() can use it. Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/Kconfig')
-rw-r--r--security/integrity/ima/Kconfig3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 8bf46646b185..897bafc59a33 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -236,6 +236,9 @@ config IMA_APPRAISE_BOOTPARAM
config IMA_APPRAISE_MODSIG
bool "Support module-style signatures for appraisal"
depends on IMA_APPRAISE
+ depends on INTEGRITY_ASYMMETRIC_KEYS
+ select PKCS7_MESSAGE_PARSER
+ select MODULE_SIG_FORMAT
default n
help
Adds support for signatures appended to files. The format of the
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 21:51:31 +0100