Commit 9cdca336 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity 

Pull integrity updates from Mimi Zohar:
 "There are two main changes, one feature removal, some code cleanup,
  and a number of bug fixes.

  Main changes:
   - Detecting secure boot mode was limited to IMA. Make detecting
     secure boot mode accessible to EVM and other LSMs
   - IMA sigv3 support was limited to fsverity. Add IMA sigv3 support
     for IMA regular file hashes and EVM portable signatures

  Remove:
   - Remove IMA support for asychronous hash calculation originally
     added for hardware acceleration

  Cleanup:
   - Remove unnecessary Kconfig CONFIG_MODULE_SIG and CONFIG_KEXEC_SIG
     tests
   - Add descriptions of the IMA atomic flags

  Bug fixes:
   - Like IMA, properly limit EVM "fix" mode
   - Define and call evm_fix_hmac() to update security.evm
   - Fallback to using i_version to detect file change for filesystems
     that do not support STATX_CHANGE_COOKIE
   - Address missing kernel support for configured (new) TPM hash
     algorithms
   - Add missing crypto_shash_final() return value"

* tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  evm: Enforce signatures version 3 with new EVM policy 'bit 3'
  integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG
  ima: add support to require IMA sigv3 signatures
  ima: add regular file data hash signature version 3 support
  ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures
  ima: remove buggy support for asynchronous hashes
  integrity: Eliminate weak definition of arch_get_secureboot()
  ima: Add code comments to explain IMA iint cache atomic_flags
  ima_fs: Correctly create securityfs files for unsupported hash algos
  ima: check return value of crypto_shash_final() in boot aggregate
  ima: Define and use a digest_size field in the ima_algo_desc structure
  powerpc/ima: Drop unnecessary check for CONFIG_MODULE_SIG
  ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG
  ima: fallback to using i_version to detect file change
  evm: fix security.evm for a file with IMA signature
  s390: Drop unnecessary CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
  evm: Don't enable fix mode when secure boot is enabled
  integrity: Make arch_ima_get_secureboot integrity-wide
parents ba314ed1 82bbd447

Documentation/ABI/testing/evm

+1 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ Description: 
		2	  Permit modification of EVM-protected metadata at

			  runtime. Not supported if HMAC validation and

			  creation is enabled (deprecated).

		3	  Require asymmetric signatures to be version 3

		31	  Disable further runtime modification of EVM policy

		===	  ==================================================

Documentation/ABI/testing/ima_policy

+6 −4
Original line number Diff line number Diff line
@@ -53,10 +53,7 @@ Description: 
			    where 'imasig' is the original or the signature

				format v2.

			    where 'modsig' is an appended signature,

			    where 'sigv3' is the signature format v3. (Currently

				limited to fsverity digest based signatures

				stored in security.ima xattr. Requires

				specifying "digest_type=verity" first.)

			    where 'sigv3' is the signature format v3.



			appraise_flag:= [check_blacklist] (deprecated)

			Setting the check_blacklist flag is no longer necessary.
@@ -186,6 +183,11 @@ Description: 
			appraise func=BPRM_CHECK digest_type=verity \

				appraise_type=sigv3



		Example of a regular IMA file hash 'appraise' rule requiring

		signature version 3 format stored in security.ima xattr.



			appraise func=BPRM_CHECK appraise_type=sigv3



		All of these policy rules could, for example, be constrained

		either based on a filesystem's UUID (fsuuid) or based on LSM

		labels.

Documentation/admin-guide/kernel-parameters.txt

+0 −17
Original line number Diff line number Diff line
@@ -2410,23 +2410,6 @@ Kernel parameters 
			[IMA] Define a custom template format.

			Format: { "field1|...|fieldN" }



	ima.ahash_minsize= [IMA] Minimum file size for asynchronous hash usage

			Format: <min_file_size>

			Set the minimal file size for using asynchronous hash.

			If left unspecified, ahash usage is disabled.



			ahash performance varies for different data sizes on

			different crypto accelerators. This option can be used

			to achieve the best performance for a particular HW.



	ima.ahash_bufsize= [IMA] Asynchronous hash buffer size

			Format: <bufsize>

			Set hashing buffer size. Default: 4k.



			ahash performance varies for different chunk sizes on

			different crypto accelerators. This option can be used

			to achieve best performance for particular HW.



	ima=		[IMA] Enable or disable IMA

			Format: { "off" | "on" }

			Default: "on"

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -12732,6 +12732,7 @@ R: Eric Snowberg <eric.snowberg@oracle.com> 
L:	linux-integrity@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git

F:	include/linux/secure_boot.h

F:	security/integrity/

F:	security/integrity/ima/
































arch/Kconfig



+3
−0






























Original line number
Diff line number
Diff line







@@ -1839,4 +1839,7 @@ config ARCH_WANTS_PRE_LINK_VMLINUX







config ARCH_HAS_CPU_ATTACK_VECTORS









	bool



















config HAVE_ARCH_GET_SECUREBOOT









	def_bool EFI



















endmenu