| Message ID | 20230324181149.44694-1-roberto.sassu@huaweicloud.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ima-evm-utils,1/2] Add --hmackey option for evmctl | expand |
On Fri, 2023-03-24 at 19:11 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@huawei.com> > > Add the --hmackey option, to specify an alternative path for the file > containing the HMAC key. By default evmctl looks in > /etc/keys/evm-key-plain. > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Please document the change in the evmctl.c usage and the README. Please note that when DEBUG is not enabled, "evmctl hmac" is not defined. Patch 2/2 assumes that "evmctl hmac" is configured.
diff --git a/src/evmctl.c b/src/evmctl.c index 304b70de40f..df38e763041 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1413,7 +1413,8 @@ static int cmd_hmac_evm(struct command *cmd) return err; } - return hmac_evm(file, "/etc/keys/evm-key-plain"); + return hmac_evm(file, imaevm_params.hmackeyfile ? : + "/etc/keys/evm-key-plain"); } static int ima_fix(const char *path) @@ -2940,6 +2941,7 @@ static struct option opts[] = { {"keyid-from-cert", 1, 0, 145}, {"veritysig", 0, 0, 146}, {"hwtpm", 0, 0, 147}, + {"hmackey", 1, 0, 148}, {} }; @@ -3185,6 +3187,9 @@ int main(int argc, char *argv[]) case 147: hwtpm = 1; break; + case 148: + imaevm_params.hmackeyfile = optarg; + break; case '?': exit(1); break; diff --git a/src/imaevm.h b/src/imaevm.h index 78e7ed5e89d..18d7b0e447e 100644 --- a/src/imaevm.h +++ b/src/imaevm.h @@ -221,6 +221,7 @@ struct libimaevm_params { const char *keypass; uint32_t keyid; /* keyid overriding value, unless 0. (Host order.) */ ENGINE *eng; + const char *hmackeyfile; }; struct RSA_ASN1_template {