@@ -16,6 +16,7 @@
#include "dm-verity.h"
#include "dm-verity-fec.h"
#include "dm-verity-verify-sig.h"
+#include "dm-ima.h"
#include <linux/module.h>
#include <linux/reboot.h>
#include <linux/scatterlist.h>
@@ -219,8 +220,13 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
const char *type_str = "";
struct mapped_device *md = dm_table_get_md(v->ti->table);
- /* Corruption should be visible in device status in all modes */
- v->hash_failed = 1;
+ /* Only change and measure change if not already corrupted */
+ if (!v->hash_failed) {
+ /* Corruption should be visible in device status in all modes */
+ v->hash_failed = 1;
+ /* After the state has changed remeasure target table */
+ dm_ima_measure_on_target_update(v->ti);
+ }
if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS)
goto out;
On first corruption the verity targets triggers a "dm_target_update" event. This allows other systems to detect the corruption via IMA instead of manually querying the table. The corruption cannot be detected using the other IMA measurements because "dm_table_load" only measures the table content during target creation. Using the new "dm_target_update" remeasures the target table entries during runtime. The event is only triggered if the target was not corrupted before because verity_handle_err(..) is still called when the target is corrupted and the IMA log should only contain an entry when the table changed. Signed-off-by: Thore Sommer <public@thson.de> --- - v1: rewrite check to not use an extra variable drivers/md/dm-verity-target.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)