Tyler Hicks c6f45c5b07 ima: Fail rule parsing when asymmetric key measurement isn't supportable ...

[ Upstream commit 48ce1ddce1 ]

Measuring keys is currently only supported for asymmetric keys. In the
future, this might change.

For now, the "func=KEY_CHECK" and "keyrings=" options are only
appropriate when CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Make
this clear at policy load so that IMA policy authors don't assume that
these policy language constructs are supported.

Fixes: 2b60c0eced ("IMA: Read keyrings= option from the IMA policy")
Fixes: 5808611ccc ("IMA: Add KEY_CHECK func to measure keys")
Suggested-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

2020-10-29 10:11:15 +01:00

..

evm

Merge tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

2020-06-06 09:39:05 -07:00

ima

ima: Fail rule parsing when asymmetric key measurement isn't supportable

2020-10-29 10:11:15 +01:00

platform_certs

Merge tag 'efi-next' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/core

2020-02-26 15:21:22 +01:00

digsig_asymmetric.c

integrity: remove redundant initialization of variable ret

2020-07-27 16:52:09 -04:00

digsig.c

integrity: Remove duplicate pr_fmt definitions

2020-02-28 14:32:58 -05:00

iint.c

integrity/ima: switch to using __kernel_read

2020-07-08 08:27:57 +02:00

integrity_audit.c

integrity: Add errno field in audit message

2020-07-16 21:48:11 -04:00

integrity.h

integrity: Add errno field in audit message

2020-07-16 21:48:11 -04:00

Kconfig

powerpc: Load firmware trusted keys/hashes into kernel keyring

2019-11-13 00:33:23 +11:00

Makefile

powerpc: Load firmware trusted keys/hashes into kernel keyring

2019-11-13 00:33:23 +11:00