[PATCH 0/3] support other types of measurements
Mimi Zohar
zohar at linux.vnet.ibm.com
Wed Jun 22 06:35:02 PDT 2016
In addition to file measurements, other types of measurements should be
included in the IMA measurement list to attest to the integrity of the
running system. This patch set introduces two new types of measurements -
buffer and pre-calculated digests.
The first, for example, can be used to measure the kexec boot command
line, while the latter could be used for including asymmetric key id
information.
Mimi Zohar (3):
ima: measure other types of data
kexec: measure boot command line
ima: add pre-calculated measurements (experimental)
Documentation/ABI/testing/ima_policy | 1 +
include/linux/ima.h | 24 +++++
kernel/kexec_file.c | 4 +
security/integrity/ima/Kconfig | 8 ++
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima.h | 4 +
security/integrity/ima/ima_buffer.c | 164 +++++++++++++++++++++++++++++++++++
security/integrity/ima/ima_policy.c | 51 ++++++++++-
8 files changed, 255 insertions(+), 3 deletions(-)
create mode 100644 security/integrity/ima/ima_buffer.c
--
2.1.0
More information about the kexec
mailing list