| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1466602505-21915-1-git-send-email-zohar@linux.vnet.ibm.com> Date: Wed, 22 Jun 2016 09:35:02 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: linux-security-module <linux-security-module@...r.kernel.org>, linux-ima-devel <linux-ima-devel@...ts.sourceforge.net> Cc: Dave Young <dyoung@...hat.com>, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, Eric Biederman <ebiederm@...ssion.com>, Mimi Zohar <zohar@...ux.vnet.ibm.com> Subject: [PATCH 0/3] support other types of measurements In addition to file measurements, other types of measurements should be included in the IMA measurement list to attest to the integrity of the running system. This patch set introduces two new types of measurements - buffer and pre-calculated digests. The first, for example, can be used to measure the kexec boot command line, while the latter could be used for including asymmetric key id information. Mimi Zohar (3): ima: measure other types of data kexec: measure boot command line ima: add pre-calculated measurements (experimental) Documentation/ABI/testing/ima_policy | 1 + include/linux/ima.h | 24 +++++ kernel/kexec_file.c | 4 + security/integrity/ima/Kconfig | 8 ++ security/integrity/ima/Makefile | 2 +- security/integrity/ima/ima.h | 4 + security/integrity/ima/ima_buffer.c | 164 +++++++++++++++++++++++++++++++++++ security/integrity/ima/ima_policy.c | 51 ++++++++++- 8 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 security/integrity/ima/ima_buffer.c -- 2.1.0
Powered by blists - more mailing lists