mirror of https://gitee.com/openkylin/linux.git
fd35f192e4
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima). Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.
Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change. This patch updates the integrity asymmetric_verify()
caller.
Fixes:
|
||
---|---|---|
.. | ||
evm | ||
ima | ||
Kconfig | ||
Makefile | ||
digsig.c | ||
digsig_asymmetric.c | ||
iint.c | ||
integrity.h | ||
integrity_audit.c |