linux/security/integrity/ima
Mimi Zohar 398c42e2c4 ima: support fs-verity file digest based version 3 signatures
IMA may verify a file's integrity against a "good" value stored in the
'security.ima' xattr or as an appended signature, based on policy.  When
the "good value" is stored in the xattr, the xattr may contain a file
hash or signature.  In either case, the "good" value is preceded by a
header.  The first byte of the xattr header indicates the type of data
- hash, signature - stored in the xattr.  To support storing fs-verity
signatures in the 'security.ima' xattr requires further differentiating
the fs-verity signature from the existing IMA signature.

In addition the signatures stored in 'security.ima' xattr, need to be
disambiguated.  Instead of directly signing the fs-verity digest, a new
signature format version 3 is defined as the hash of the ima_file_id
structure, which identifies the type of signature and the digest.

The IMA policy defines "which" files are to be measured, verified, and/or
audited.  For those files being verified, the policy rules indicate "how"
the file should be verified.  For example to require a file be signed,
the appraise policy rule must include the 'appraise_type' option.

	appraise_type:= [imasig] | [imasig|modsig] | [sigv3]
           where 'imasig' is the original or signature format v2 (default),
           where 'modsig' is an appended signature,
           where 'sigv3' is the signature format v3.

The policy rule must also indicate the type of digest, if not the IMA
default, by first specifying the digest type:

	digest_type:= [verity]

The following policy rule requires fsverity signatures.  The rule may be
constrained, for example based on a fsuuid or LSM label.

      appraise func=BPRM_CHECK digest_type=verity appraise_type=sigv3

Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-05-05 17:41:51 -04:00
..
ima_api.c ima: permit fsverity's file digests in the IMA measurement list 2022-05-05 11:49:13 -04:00
ima_appraise.c ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
ima_asymmetric_keys.c ima: Add digest and digest_len params to the functions to measure a buffer 2021-07-23 09:27:02 -04:00
ima_crypto.c ima/evm: Fix type mismatch 2021-06-08 16:29:10 -04:00
ima_efi.c ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00
ima_fs.c ima: Return error code obtained from securityfs functions 2022-02-15 11:17:01 -05:00
ima_init.c ima: define ima_max_digest_data struct without a flexible array variable 2022-02-15 11:52:06 -05:00
ima_kexec.c ima: silence measurement list hexdump during kexec 2022-01-05 06:22:00 -05:00
ima_main.c ima: permit fsverity's file digests in the IMA measurement list 2022-05-05 11:49:13 -04:00
ima_modsig.c ima: Move comprehensive rule validation checks out of the token parser 2020-07-20 13:28:15 -04:00
ima_mok.c IMA: remove -Wmissing-prototypes warning 2021-07-23 08:05:06 -04:00
ima_policy.c ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
ima_queue_keys.c ima: Add digest and digest_len params to the functions to measure a buffer 2021-07-23 09:27:02 -04:00
ima_queue.c IMA: support for duplicate measurement records 2021-06-11 12:54:13 -04:00
ima_template_lib.c ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
ima_template_lib.h ima: define a new template field named 'd-ngv2' and templates 2022-05-05 11:49:13 -04:00
ima_template.c ima: define a new template field named 'd-ngv2' and templates 2022-05-05 11:49:13 -04:00
ima.h IMA: introduce a new policy option func=SETXATTR_CHECK 2021-08-16 17:35:35 -04:00
Kconfig ima: remove the IMA_TEMPLATE Kconfig option 2022-04-07 08:48:20 -04:00
Makefile ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00