]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1be7cf) | patch
ima: extend boot_aggregate with kernel measurements
authorMaurizio Drocco <maurizio.drocco@ibm.com>
Tue, 23 Jun 2020 15:57:32 +0000 (11:57 -0400)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Wed, 20 Jan 2021 13:24:51 +0000 (14:24 +0100)
commit75e91dec337a4c1957f13810509447db0847fcbc
tree8bbb5d126a0e5601fbf0e1d7feb24eb10105e249tree
parentb1be7cfbbc703450bc8eeac6b875ca1eea0242bccommit | diff
ima: extend boot_aggregate with kernel measurements

BugLink: https://bugs.launchpad.net/bugs/1908564
[ Upstream commit 20c59ce010f84300f6c655d32db2610d3433f85c ]

Registers 8-9 are used to store measurements of the kernel and its
command line (e.g., grub2 bootloader with tpm module enabled). IMA
should include them in the boot aggregate. Registers 8-9 should be
only included in non-SHA1 digests to avoid ambiguity.

Signed-off-by: Maurizio Drocco <maurizio.drocco@ibm.com>
Reviewed-by: Bruno Meneguele <bmeneg@redhat.com>
Tested-by: Bruno Meneguele <bmeneg@redhat.com> (TPM 1.2, TPM 2.0)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
security/integrity/ima/ima.h diff | blob | blame | history
security/integrity/ima/ima_crypto.c diff | blob | blame | history
Ubuntu Focal Linux kernel mirror