From: Lachlan Sneff <t-josne@linux.microsoft.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v1 0/3] Verify measurement of certificate imported into a keyring
Date: Mon, 3 Aug 2020 13:59:01 -0400 [thread overview]
Message-ID: <20200803175904.40269-1-t-josne@linux.microsoft.com> (raw)
The IMA subsystem supports measuring certificates that have been loaded into
user-defined keyrings and system built-in keyrings. A test to verify that
those measurements are correct is required.
The first two patches in this patchset fix up left-over documentation and
move some datafiles around to prepare for more datafiles in the 3rd patch.
The third patch adds a new test to the `ima_keys.sh` file, which imports
a certificate into a user-defined keyring, and then verifies that the
certificate has been measured correctly by the IMA subsystem.
Lachlan Sneff (3):
IMA: Update key test documentation
IMA: Refactor datafiles directory
IMA: Add a test to verify measurement of certificate imported into a
keyring
.../kernel/security/integrity/ima/README.md | 32 +++++++------
.../security/integrity/ima/datafiles/Makefile | 6 +--
.../integrity/ima/datafiles/keys/Makefile | 15 ++++++
.../integrity/ima/datafiles/keys/x509_ima.der | Bin 0 -> 650 bytes
.../integrity/ima/datafiles/policy/Makefile | 15 ++++++
.../ima/datafiles/{ => policy}/kexec.policy | 0
.../datafiles/{ => policy}/keycheck.policy | 0
.../ima/datafiles/{ => policy}/measure.policy | 0
.../{ => policy}/measure.policy-invalid | 0
.../security/integrity/ima/tests/ima_keys.sh | 44 +++++++++++++++++-
10 files changed, 91 insertions(+), 21 deletions(-)
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/keys/Makefile
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/keys/x509_ima.der
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/policy/Makefile
rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/kexec.policy (100%)
rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/keycheck.policy (100%)
rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/measure.policy (100%)
rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/measure.policy-invalid (100%)
--
2.25.1
next reply other threads:[~2020-08-03 17:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-03 17:59 Lachlan Sneff [this message]
2020-08-03 17:59 ` [LTP] [PATCH 1/3] IMA: Update key test documentation Lachlan Sneff
2020-08-03 17:59 ` [LTP] [PATCH 2/3] IMA: Refactor datafiles directory Lachlan Sneff
2020-08-03 17:59 ` [LTP] [PATCH 3/3] IMA: Add a test to verify measurement of certificate imported into a keyring Lachlan Sneff
-- strict thread matches above, loose matches on Subject: below --
2020-08-03 18:47 [LTP] [PATCH v1 0/3] Verify " Lachlan Sneff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200803175904.40269-1-t-josne@linux.microsoft.com \
--to=t-josne@linux.microsoft.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox