ima: Add IMA digest lists extension · Pull Request !1923 · openEuler/kernel

PR sync from: Zhou Shuiqing zhoushuiqing2@huawei.com
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/Y4ZEQFP3KJBBVVS4AJ3IMTY3S5YWP4WU/
This patchset supports IMA digest lists for the kernel.

v2:
-remove unused variable in ima_main.c

v3:
-modify patch header information

David Howells (4):
PGPLIB: PGP definitions (RFC 4880)
PGPLIB: Basic packet parser
KEYS: Provide PGP key description autogeneration
KEYS: Provide a function to load keys from a PGP keyring blob

Mimi Zohar (1):
initramfs: add file metadata

Roberto Sassu (34):
initramfs: read metadata from special file METADATA!!!
gen_init_cpio: add support for file metadata
init: Add kernel option to force usage of tmpfs for rootfs
ima: Allow choice of file hash algorithm for measurement and audit
ima: Generalize ima_read_policy()
ima: Generalize ima_write_policy() and raise uploaded data size limit
ima: Generalize policy file operations
ima: Use ima_show_htable_value to show violations and hash table data
ima: Add parser of compact digest list
ima: Prevent usage of digest lists not measured or appraised
ima: Introduce new securityfs files
ima: Introduce new hook DIGEST_LIST_CHECK
ima: Load all digest lists from a directory at boot time
ima: Add support for measurement with digest lists
ima: Add support for appraisal with digest lists
evm: Add support for digest lists of metadata
ima: Add meta_immutable appraisal type
ima: Introduce exec_tcb policy
ima: Introduce appraise_exec_tcb policy
ima: Introduce appraise_exec_immutable policy
ima: Add Documentation/security/IMA-digest-lists.txt
mpi: introduce mpi_key_length()
rsa: add parser of raw format
KEYS: PGP data parser
KEYS: Introduce load_pgp_public_keyring()
certs: Introduce search_trusted_key()
ima: Search key in the built-in keyrings
ima: Allow direct upload of digest lists to securityfs
ima: Add parser keyword to the policy
evm: Extend evm= with x509. allow_metadata_writes and complete values
ima: Execute parser to upload digest lists not recognizable by the
kernel
evm: Propagate choice of HMAC algorithm in evm_crypto.c
config: add digest list options for arm64 and x86

Zhang Tianxing (5):
ima: fix a memory leak in ima_del_digest_data_entry
ima: Add max size for IMA digest database
ima: don't allow control characters in policy path
ima: fix CONFIG_IMA_DIGEST_DB_MEGABYTES in openeuler_defconfig
ima: fix db size overflow and Kconfig issues

Zheng Zengkai (1):
Revert "evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is
loaded"

shenxiangwei (1):
ima: bugfix for digest lists importing

--
2.33.0

#I7QZ2M:【openEuler 23.09】在6.4内核上适配IMA摘要列表特性补丁

GVPopenEuler / kernel

搜索帮助

GVP openEuler / kernel