From patchwork Mon Aug 17 13:09:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 11718195 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9152A618 for ; Mon, 17 Aug 2020 13:09:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 77E2F20825 for ; Mon, 17 Aug 2020 13:09:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728293AbgHQNJY (ORCPT ); Mon, 17 Aug 2020 09:09:24 -0400 Received: from mx2.suse.de ([195.135.220.15]:36832 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728022AbgHQNJY (ORCPT ); Mon, 17 Aug 2020 09:09:24 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 66A14B1E2; Mon, 17 Aug 2020 13:09:48 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Cc: Petr Vorel , Lachlan Sneff , Lakshmi Ramasubramanian , Mimi Zohar , linux-integrity@vger.kernel.org Subject: [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring Date: Mon, 17 Aug 2020 15:09:12 +0200 Message-Id: <20200817130916.27634-1-pvorel@suse.cz> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hi Mimi, Lakshmi, changes v2->v3: fixed regression in my third commit. (please verify it on installed LTP, or at least run make install in testcases/kernel/security/integrity/ima/datafiles/ima_keys/) Kind regards, Petr Lachlan Sneff (1): IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel (3): IMA/ima_keys.sh: Fix policy content check usage IMA: Refactor datafiles directory IMA/ima_keys.sh: Enhance policy checks .../kernel/security/integrity/ima/README.md | 12 +- .../security/integrity/ima/datafiles/Makefile | 10 +- .../ima/datafiles/ima_kexec/Makefile | 11 ++ .../datafiles/{ => ima_kexec}/kexec.policy | 0 .../integrity/ima/datafiles/ima_keys/Makefile | 11 ++ .../datafiles/{ => ima_keys}/keycheck.policy | 2 +- .../ima/datafiles/ima_keys/x509_ima.der | Bin 0 -> 650 bytes .../ima/datafiles/ima_policy/Makefile | 11 ++ .../datafiles/{ => ima_policy}/measure.policy | 0 .../{ => ima_policy}/measure.policy-invalid | 0 .../security/integrity/ima/tests/ima_keys.sh | 104 +++++++++++++++--- 11 files changed, 133 insertions(+), 28 deletions(-) create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_kexec}/kexec.policy (100%) create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_keys}/keycheck.policy (59%) create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_keys/x509_ima.der create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy (100%) rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy-invalid (100%) Reviewed-by: Lakshmi Ramasubramanian