Re: [PATCH v4 3/5] IMA: add support to restrict the hash algorithms used for... | linux-integrity

[PATCH v4 0/5] IMA: restrict the accepted digest algorithms for · THOBY Simon <hidden> · 2021-07-27
[PATCH v4 1/5] IMA: remove the dependency on CRYPTO_MD5 · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 1/5] IMA: remove the dependency on CRYPTO_MD5 · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27
[PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27
Re: [PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-28
Re: [PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v4 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-28
[PATCH v4 4/5] IMA: add a policy option to restrict xattr hash algorithms on appraisal · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 4/5] IMA: add a policy option to restrict xattr hash algorithms on appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27
[PATCH v4 3/5] IMA: add support to restrict the hash algorithms used for file appraisal · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 3/5] IMA: add support to restrict the hash algorithms used for file appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27
[PATCH v4 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27
Re: [PATCH v4 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · THOBY Simon <hidden> · 2021-07-27
Re: [PATCH v4 0/5] IMA: restrict the accepted digest algorithms for · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-27

Re: [PATCH v4 3/5] IMA: add support to restrict the hash algorithms used for file appraisal

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-07-27 20:38:59

Hi Simon,

On Tue, 2021-07-27 at 16:33 +0000, THOBY Simon wrote:

The kernel accepts any hash algorithm as a value for the security.ima
xattr. Users may wish to restrict the accepted algorithms to only
support strong cryptographic ones.

Provide the plumbing to restrict the permitted set of hash algorithms
used for verifying file hashes and digest algorithms stored in
security.ima xattr.

This do not apply only to IMA in hash mode, it also works with digital
signatures, in which case it checks that the hash (which was then
signed by the trusted private key) have been generated with one of
the algortihms whitelisted for this specific rule.

Signed-off-by: Simon Thoby <redacted>

I haven't yet tested building the kernel after applying each patch. 
Assuming that it compiles properly: 

Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help