ima-ng sha1:59d4b[...]330b0 /etc/ld.so.cache
This patch has been created starting from the master branch of the main tree:
Signed-off-by: Silvia Sisinni
Signed-off-by: Enrico Bravi
---
security/integrity/ima/Kconfig | 30 +++
security/integrity/ima/ima.h
Hi Mimi,
thank you for your feedback.
On 19/12/23 21:54, Mimi Zohar wrote:
> Hi Enrico,
>
> On Thu, 2023-12-14 at 15:51 +0100, Enrico Bravi wrote:
>> The purpose of this patch is to add the possibility to configure the hash
>> algorithm to use when calculating the template
hash
algorithm.
- Removed template data hash algo name prefix.
- Removed ima_template_hash command line option.
- Introducing a new file in the securityfs ima subdir for each PCR banks
algorithm configured in the TPM.
(suggested by Roberto)
Signed-off-by: Enrico Bravi
Signed-off-by
Hi Roberto,
thanks a lot for your quick feedback.
On 22/01/24 09:20, Roberto Sassu wrote:
> On Sun, 2024-01-21 at 17:16 +0100, Enrico Bravi wrote:
>> The template hash showed by the ascii_runtime_measurements and
>> binary_runtime_measurements is the one calculated using sha1
-r--r- [...] runtime_measurements_count
-r--r- [...] violations
Signed-off-by: Enrico Bravi
Signed-off-by: Silvia Sisinni
---
v3:
- Added create_measurements_list_files function for measurements files
creation.
- Parametrized the remove_measurements_list_files function and add NULL
check
-r--r- [...] violations
Signed-off-by: Enrico Bravi
Signed-off-by: Silvia Sisinni
---
v4:
- Added NULL check on m->file for measurements list dump called by
ima_dump_measurement_list() on kexec.
- Exported ima_algo_array and struct ima_algo_desc declaration from
ima_crypto.c to access this infor
On 18/03/24 09:25, Roberto Sassu wrote:
> On Fri, 2024-03-08 at 11:49 +0100, Enrico Bravi wrote:
>> The template hash showed by the ascii_runtime_measurements and
>> binary_runtime_measurements is the one calculated using sha1 and there is
>> no possibility to change this va
On 18/03/24 14:05, Mimi Zohar wrote:
> On Fri, 2024-03-08 at 11:49 +0100, Enrico Bravi wrote:
>> The template hash showed by the ascii_runtime_measurements and
>> binary_runtime_measurements is the one calculated using sha1 and there is
>> no possibility to change this value,
On 20/03/24 13:07, Mimi Zohar wrote:
>
diff --git a/security/integrity/ima/ima_fs.c
b/security/integrity/ima/ima_fs.c
index cd1683dad3bf..475ab368e32f 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -116,9 +116,13 @@ void ima_putc
-r--r- [...] violations
Signed-off-by: Enrico Bravi
Signed-off-by: Silvia Sisinni
---
v5:
- Added lookup_algo_by_dentry() function to select the hash algo during
measurements dump. (suggested by Roberto)
- Renamed remove_measurements_list_files() to
remove_securityfs_measurement_lists
On 08/04/24 13:35, Roberto Sassu wrote:
> On Mon, 2024-04-08 at 13:17 +0200, Enrico Bravi wrote:
>> The template hash showed by the ascii_runtime_measurements and
>> binary_runtime_measurements is the one calculated using sha1 and there is
>> no possibility to change this va
-r--r- [...] violations
Signed-off-by: Enrico Bravi
Signed-off-by: Silvia Sisinni
Reviewed-by: Roberto Sassu
---
v6:
- Fixed format error when applying the patch.
v5:
- Added lookup_algo_by_dentry() function to select the hash algo during
measurements dump. (suggested by Roberto)
- R
On 09/04/24 14:43, Mimi Zohar wrote:
> Hi Enrico,
>
> On Mon, 2024-04-08 at 23:28 +0200, Enrico Bravi wrote:
>> The template hash showed by the ascii_runtime_measurements and
>> binary_runtime_measurements is the one calculated using sha1 and there is
>> no possi
-r--r- [...] violations
Signed-off-by: Enrico Bravi
Signed-off-by: Silvia Sisinni
Reviewed-by: Roberto Sassu
---
v7:
- Renamed lookup_algo_by_dentry() to lookup_template_data_hash_algo().
- Set ima_algo_array as __ro_after_init.
- Fixed some lines > 80 characters.
v6:
- Fixed format error when app
() calls to correctly remove all the
dentry already allocated.
Fixes: 9fa8e7625008 ("ima: add crypto agility support for template-hash
algorithm")
Signed-off-by: Enrico Bravi
---
security/integrity/ima/ima_fs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/security
("ima: fix violation measurement list record")
Signed-off-by: Samasth Norway Ananda
Tested-by: Enrico Bravi (PhD at polito.it)
---
security/integrity/ima/ima_template_lib.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_templat
On 6/6/2024 11:11 PM, Stéphane Graber wrote:
Hello,
We're going to have the usual containers and checkpoint/restore
micro-conference at this year's edition of the Linux Plumbers
Conference.
This is going to be in Vienna, Austria between September 18th and 20th 2024.
Registration is open already
On Thu, 2025-02-27 at 15:49 +0100, Roberto Sassu wrote:
> On Thu, 2025-02-27 at 11:36 +0000, Enrico Bravi wrote:
> > On Wed, 2025-02-26 at 22:05 -0500, Mimi Zohar wrote:
> > > On Wed, 2025-02-26 at 22:53 +0000, Enrico Bravi wrote:
> > > > On Tue, 2025-02-25 at
On Wed, 2025-03-05 at 09:59 +0100, Roberto Sassu wrote:
> On Mon, 2025-03-03 at 10:26 +0000, Enrico Bravi wrote:
> > On Thu, 2025-02-27 at 15:49 +0100, Roberto Sassu wrote:
> > > On Thu, 2025-02-27 at 11:36 +0000, Enrico Bravi wrote:
> > > > On Wed, 2025-02-26 at
On Thu, 2025-03-06 at 09:47 +0100, Roberto Sassu wrote:
> On Thu, 2025-03-06 at 08:20 +0000, Enrico Bravi wrote:
> > On Wed, 2025-03-05 at 09:59 +0100, Roberto Sassu wrote:
> > > On Mon, 2025-03-03 at 10:26 +0000, Enrico Bravi wrote:
> > > > On Thu, 2025-02-27 at 15
On Tue, 2025-02-25 at 20:53 -0500, Mimi Zohar wrote:
> On Tue, 2025-02-25 at 14:12 +0100, Enrico Bravi wrote:
> > The first write on the ima policy file permits to override the default
> > policy defined with the ima_policy= boot parameter. This can be done
> > by adding th
/security/ima/policy
In this case, there is no mechanism to verify the integrity of the new
policy.
Add a new entry in the ima measurements list containing the ascii custom
ima policy buffer when not verified at load time.
Signed-off-by: Enrico Bravi
---
security/integrity/ima/ima.h|
On Wed, 2025-02-26 at 22:05 -0500, Mimi Zohar wrote:
> On Wed, 2025-02-26 at 22:53 +0000, Enrico Bravi wrote:
> > On Tue, 2025-02-25 at 20:53 -0500, Mimi Zohar wrote:
> > > On Tue, 2025-02-25 at 14:12 +0100, Enrico Bravi wrote:
> > > > The first write on the ima p
23 matches
Mail list logo
