linux/security
Mimi Zohar 398c42e2c4 ima: support fs-verity file digest based version 3 signatures
IMA may verify a file's integrity against a "good" value stored in the
'security.ima' xattr or as an appended signature, based on policy.  When
the "good value" is stored in the xattr, the xattr may contain a file
hash or signature.  In either case, the "good" value is preceded by a
header.  The first byte of the xattr header indicates the type of data
- hash, signature - stored in the xattr.  To support storing fs-verity
signatures in the 'security.ima' xattr requires further differentiating
the fs-verity signature from the existing IMA signature.

In addition the signatures stored in 'security.ima' xattr, need to be
disambiguated.  Instead of directly signing the fs-verity digest, a new
signature format version 3 is defined as the hash of the ima_file_id
structure, which identifies the type of signature and the digest.

The IMA policy defines "which" files are to be measured, verified, and/or
audited.  For those files being verified, the policy rules indicate "how"
the file should be verified.  For example to require a file be signed,
the appraise policy rule must include the 'appraise_type' option.

	appraise_type:= [imasig] | [imasig|modsig] | [sigv3]
           where 'imasig' is the original or signature format v2 (default),
           where 'modsig' is an appended signature,
           where 'sigv3' is the signature format v3.

The policy rule must also indicate the type of digest, if not the IMA
default, by first specifying the digest type:

	digest_type:= [verity]

The following policy rule requires fsverity signatures.  The rule may be
constrained, for example based on a fsuuid or LSM label.

      appraise func=BPRM_CHECK digest_type=verity appraise_type=sigv3

Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-05-05 17:41:51 -04:00
..
apparmor tracehook: Remove tracehook.h 2022-03-10 16:51:51 -06:00
bpf
integrity ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
keys ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
landlock landlock: Use square brackets around "landlock-ruleset" 2022-02-04 14:07:44 +01:00
loadpin
lockdown
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-02-28 15:45:32 -08:00
tomoyo drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
yama
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean 2022-01-19 12:51:30 -08:00
inode.c
Kconfig hardening updates for v5.18-rc1-fix1 2022-03-31 11:43:01 -07:00
Kconfig.hardening gcc-plugins/stackleak: Provide verbose mode 2022-02-06 10:49:57 -08:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c
security.c selinux/stable-5.18 PR 20220321 2022-03-21 20:47:54 -07:00