asedeno.scripts.mit.edu Git - linux.git/commit

author	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
	Wed, 11 Dec 2019 16:47:04 +0000 (08:47 -0800)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Thu, 12 Dec 2019 13:53:50 +0000 (08:53 -0500)
commit	88e70da170e8945f6b1c1299083d1b942705beb5
tree	9cb77512be5486c88a2a29612ec8733108850d78	tree \| snapshot
parent	5808611cccb28044940d04ebd303dc90f33b77b1	commit \| diff

IMA: Define an IMA hook to measure keys

Measure asymmetric keys used for verifying file signatures,
certificates, etc.

This patch defines a new IMA hook namely ima_post_key_create_or_update()
to measure the payload used to create a new asymmetric key or
update an existing asymmetric key.

Asymmetric key structure is defined only when
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is defined. Since the IMA hook
measures asymmetric keys, the IMA hook is defined in a new file namely
ima_asymmetric_keys.c which is built only if
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is defined.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

security/integrity/ima/Makefile		diff \| blob \| history
security/integrity/ima/ima_asymmetric_keys.c	[new file with mode: 0644]	blob