From: Lachlan Sneff <t-josne@linux.microsoft.com>
To: zohar@linux.ibm.com, pvorel@suse.cz, ltp@lists.linux.it
Cc: nramas@linux.microsoft.com, balajib@linux.microsoft.com,
linux-integrity@vger.kernel.org
Subject: [PATCH v5 0/2] IMA: Verify measurement of certificates
Date: Tue, 14 Jul 2020 14:17:01 -0400 [thread overview]
Message-ID: <20200714181703.6374-1-t-josne@linux.microsoft.com> (raw)
The IMA subsystem is capable of importing and measuring certificates. This
set of patches adds tests for verifying that keys are imported and measured
correctly.
Changelog:
v5
- Fix failure case of key measurement test.
v4
- Clarify documentation about required certificate.
- Fix case where multiple KEY_CHECK rules are present.
v3
- Document requirements for running the ima key tests and provide resources
for generating keys.
v2
- Un-linebreak a few strings
- Enforce that some commands are available before running
- Move compute_digest function to ima_setup.sh
- Fix file permissions on ima_key.sh
- Move IMA_POLICY variable to ima_setup.sh
- Add keycheck.policy datafile
v1
- The following patchsets should be applied in that order.
- Add tests that verify measurement of keys and importing certificates.
Lachlan Sneff (2):
IMA: Add a test to verify measurment of keys
IMA: Add a test to verify importing a certificate into keyring
runtest/ima | 1 +
.../kernel/security/integrity/ima/README.md | 22 ++++
.../integrity/ima/datafiles/keycheck.policy | 1 +
.../security/integrity/ima/tests/ima_keys.sh | 111 ++++++++++++++++++
.../integrity/ima/tests/ima_measurements.sh | 36 +-----
.../integrity/ima/tests/ima_policy.sh | 1 -
.../security/integrity/ima/tests/ima_setup.sh | 35 ++++++
7 files changed, 171 insertions(+), 36 deletions(-)
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/keycheck.policy
create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_keys.sh
--
2.25.1
next reply other threads:[~2020-07-14 18:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 18:17 Lachlan Sneff [this message]
2020-07-14 18:17 ` [PATCH v5 1/2] IMA: Add a test to verify measurment of keys Lachlan Sneff
2020-07-15 13:00 ` Petr Vorel
2020-07-14 18:17 ` [PATCH v5 2/2] IMA: Add a test to verify importing a certificate into keyring Lachlan Sneff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714181703.6374-1-t-josne@linux.microsoft.com \
--to=t-josne@linux.microsoft.com \
--cc=balajib@linux.microsoft.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=pvorel@suse.cz \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).