[v2,0/4] IMA: verify measurement of certificate imported into a keyring

Message ID	20200807204652.5928-1-pvorel@suse.cz (mailing list archive)
Headers	show Return-Path: <SRS0=qkAG=BR=vger.kernel.org=linux-integrity-owner@kernel.org> From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <pvorel@suse.cz>, Lachlan Sneff <t-josne@linux.microsoft.com>, Lakshmi Ramasubramanian <nramas@linux.microsoft.com>, Mimi Zohar <zohar@linux.vnet.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH v2 0/4] IMA: verify measurement of certificate imported into a keyring Date: Fri, 7 Aug 2020 22:46:48 +0200 Message-Id: <20200807204652.5928-1-pvorel@suse.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	IMA: verify measurement of certificate imported into a keyring \| expand [v2,0/4] IMA: verify measurement of certificate imported into a keyring [v2,1/4] IMA/ima_keys.sh Fix policy content check usage [v2,2/4] IMA: Refactor datafiles directory [v2,3/4] IMA: Add a test to verify measurement of certificate imported into a keyring [v2,4/4] IMA/ima_keys.sh: Enhance policy checks

Message ID

20200807204652.5928-1-pvorel@suse.cz (mailing list archive)

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
        Lachlan Sneff <t-josne@linux.microsoft.com>,
        Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        linux-integrity@vger.kernel.org
Subject: [PATCH v2 0/4] IMA: verify measurement of certificate imported into a
 keyring
Date: Fri,  7 Aug 2020 22:46:48 +0200
Message-Id: <20200807204652.5928-1-pvorel@suse.cz>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

IMA: verify measurement of certificate imported into a keyring | expand

Message

Petr Vorel Aug. 7, 2020, 8:46 p.m. UTC

Hi,

sending enhanced Lachlan's version.
I haven't tested this patchset, could please anybody test it?

Kind regards,
Petr

Lachlan Sneff (1):
  IMA: Add a test to verify measurement of certificate imported into a
    keyring

Petr Vorel (3):
  IMA/ima_keys.sh Fix policy content check usage
  IMA: Refactor datafiles directory
  IMA/ima_keys.sh: Enhance policy checks

 .../kernel/security/integrity/ima/README.md   |  12 ++-
 .../security/integrity/ima/datafiles/Makefile |  10 +-
 .../ima/datafiles/ima_kexec/Makefile          |  11 ++
 .../datafiles/{ => ima_kexec}/kexec.policy    |   0
 .../integrity/ima/datafiles/ima_keys/Makefile |  11 ++
 .../datafiles/{ => ima_keys}/keycheck.policy  |   2 +-
 .../ima/datafiles/ima_keys/x509_ima.der       | Bin 0 -> 650 bytes
 .../ima/datafiles/ima_policy/Makefile         |  11 ++
 .../datafiles/{ => ima_policy}/measure.policy |   0
 .../{ => ima_policy}/measure.policy-invalid   |   0
 .../security/integrity/ima/tests/ima_keys.sh  |  96 +++++++++++++++---
 11 files changed, 129 insertions(+), 24 deletions(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_kexec}/kexec.policy (100%)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_keys}/keycheck.policy (59%)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_keys/x509_ima.der
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy (100%)
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy-invalid (100%)

Comments

Petr Vorel Aug. 12, 2020, 1:35 p.m. UTC | #1

Hi Mimi,

> sending enhanced Lachlan's version.
> I haven't tested this patchset, could please anybody test it?

@Mimi FYI, I'm waiting for your review to merge this patchset (when you have
time).

Kind regards,
Petr

> Lachlan Sneff (1):
>   IMA: Add a test to verify measurement of certificate imported into a
>     keyring
I guess I should shorten this message.

> Petr Vorel (3):
>   IMA/ima_keys.sh Fix policy content check usage
>   IMA: Refactor datafiles directory
>   IMA/ima_keys.sh: Enhance policy checks

Kind regards,
Petr