Thread (17 messages) 17 messages, 2 authors, 2021-07-28

Re: [PATCH v4 3/5] IMA: add support to restrict the hash algorithms used for file appraisal

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-07-27 20:38:59

Hi Simon,

On Tue, 2021-07-27 at 16:33 +0000, THOBY Simon wrote:
The kernel accepts any hash algorithm as a value for the security.ima
xattr. Users may wish to restrict the accepted algorithms to only
support strong cryptographic ones.

Provide the plumbing to restrict the permitted set of hash algorithms
used for verifying file hashes and digest algorithms stored in
security.ima xattr.

This do not apply only to IMA in hash mode, it also works with digital
signatures, in which case it checks that the hash (which was then
signed by the trusted private key) have been generated with one of
the algortihms whitelisted for this specific rule.

Signed-off-by: Simon Thoby <redacted>
I haven't yet tested building the kernel after applying each patch. 
Assuming that it compiles properly: 

Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help