diff options
author | Tushar Sugandhi <tusharsu@linux.microsoft.com> | 2021-01-08 07:07:02 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-01-15 07:41:23 +0300 |
commit | 291af651b350817f7f1cbe308faaf7fa7af2a92c (patch) | |
tree | 4172c749579e27e6dc99b1da9da336ef898cfb42 /security/integrity/ima/ima_asymmetric_keys.c | |
parent | 2b4a2474a2027eb683bc421eff286fc617ce1d82 (diff) | |
download | linux-291af651b350817f7f1cbe308faaf7fa7af2a92c.tar.xz |
IMA: add support to measure buffer data hash
The original IMA buffer data measurement sizes were small (e.g. boot
command line), but the new buffer data measurement use cases have data
sizes that are a lot larger. Just as IMA measures the file data hash,
not the file data, IMA should similarly support the option for measuring
buffer data hash.
Introduce a boolean parameter to support measuring buffer data hash,
which would be much smaller, instead of the buffer itself.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_asymmetric_keys.c')
-rw-r--r-- | security/integrity/ima/ima_asymmetric_keys.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c index 1c68c500c26f..a74095793936 100644 --- a/security/integrity/ima/ima_asymmetric_keys.c +++ b/security/integrity/ima/ima_asymmetric_keys.c @@ -60,5 +60,5 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, */ process_buffer_measurement(NULL, payload, payload_len, keyring->description, KEY_CHECK, 0, - keyring->description); + keyring->description, false); } |