diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 87d2b601cf8e..5a244ebc61d9 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c

@@ -190,6 +190,64 @@ int ima_read_xattr(struct dentry *dentry,
 	return ret;
 }

+static void process_xattr_error(int rc, struct integrity_iint_cache *iint,
+				int opened, char const **cause,
+				enum integrity_status *status)
+{
+	if (rc && rc != -ENODATA)
+		return;
+
+	*cause = iint->flags & IMA_DIGSIG_REQUIRED ?
+		"IMA-signature-required" : "missing-hash";
+	*status = INTEGRITY_NOLABEL;
+
+	if (opened & FILE_CREATED)
+		iint->flags |= IMA_NEW_FILE;
+
+	if ((iint->flags & IMA_NEW_FILE) &&
+	    !(iint->flags & IMA_DIGSIG_REQUIRED))
+		*status = INTEGRITY_PASS;
+}
+
+static int appraise_modsig(struct integrity_iint_cache *iint,
+			   struct evm_ima_xattr_data *xattr_value,
+			   int xattr_len)
+{
+	enum hash_algo algo;
+	const void *digest;
+	void *buf;
+	int rc, len;
+	u8 dig_len;
+
+	rc = ima_modsig_verify(INTEGRITY_KEYRING_IMA, xattr_value);
+	if (rc)
+		return rc;
+
+	/*
+	 * The signature is good. Now let's put the sig hash
+	 * into the iint cache so that it gets stored in the
+	 * measurement list.
+	 */
+
+	rc = ima_get_modsig_hash(xattr_value, &algo, &digest, &dig_len);
+	if (rc)
+		return rc;
+
+	len = sizeof(iint->ima_hash) + dig_len;
+	buf = krealloc(iint->ima_hash, len, GFP_NOFS);
+	if (!buf)
+		return -ENOMEM;
+
+	iint->ima_hash = buf;
+	iint->flags |= IMA_DIGSIG;
+	iint->ima_hash->algo = algo;
+	iint->ima_hash->length = dig_len;
+
+	memcpy(iint->ima_hash->digest, digest, dig_len);
+
+	return 0;
+}