aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2021-07-23ima: Introduce ima_get_current_hash_algo()Roberto Sassu1-1/+6
2021-07-23IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-11IMA: support for duplicate measurement recordsTushar Sugandhi2-2/+10
2021-06-11ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'Lakshmi Ramasubramanian1-0/+1
2021-06-10ima: differentiate between EVM failures in the audit logMimi Zohar1-1/+2
2021-06-08ima: Fix fall-through warning for ClangGustavo A. R. Silva1-0/+1
2021-06-08ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()Roberto Sassu1-1/+1
2021-06-08ima: Include header defining ima_post_key_create_or_update()Roberto Sassu1-0/+1
2021-06-08ima/evm: Fix type mismatchRoberto Sassu4-11/+12
2021-06-08ima: Set correct casting typesRoberto Sassu2-9/+10
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-03ima: Define new template evm-sigRoberto Sassu1-1/+4
2021-06-02ima: Define new template fields xattrnames, xattrlengths and xattrvaluesRoberto Sassu4-0/+148
2021-06-01evm: Verify portable signatures against all protected xattrsRoberto Sassu4-12/+68
2021-06-01ima: Define new template field imodeRoberto Sassu3-0/+26
2021-06-01ima: Define new template fields iuid and igidRoberto Sassu3-0/+53
2021-06-01ima: Add ima_show_template_uint() template library functionRoberto Sassu2-1/+39
2021-06-01ima: Don't remove security.ima if file must not be appraisedRoberto Sassu1-2/+0
2021-06-01ima: Introduce template field evmsig and write to field sig as fallbackRoberto Sassu3-1/+36
2021-06-01ima: Allow imasig requirement to be satisfied by EVM portable signaturesRoberto Sassu1-7/+17
2021-06-01evm: Allow setxattr() and setattr() for unmodified metadataRoberto Sassu1-1/+112
2021-05-21evm: Pass user namespace to set/remove xattr hooksRoberto Sassu1-6/+11
2021-05-21evm: Allow xattr/attr operations for portable signaturesRoberto Sassu2-6/+29
2021-05-21evm: Introduce evm_hmac_disabled() to safely ignore verification errorsRoberto Sassu1-1/+38
2021-05-21evm: Introduce evm_revalidate_status()Roberto Sassu2-9/+46
2021-05-21evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loadedRoberto Sassu1-4/+4
2021-05-21evm: Load EVM key in ima_load_x509() to avoid appraisalRoberto Sassu2-1/+7
2021-05-21evm: Execute evm_inode_init_security() only when an HMAC key is loadedRoberto Sassu1-2/+3
2021-05-20evm: fix writing <securityfs>/evm overflowMimi Zohar1-2/+3
2021-05-01Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-4/+15
2021-04-28Merge tag 'devicetree-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-10/+3
2021-04-27Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-8/+8
2021-04-26Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-16/+14
2021-04-26Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds2-2/+29
2021-04-20ima: Fix fall-through warnings for ClangGustavo A. R. Silva2-0/+3
2021-04-09integrity: Add declarations to init_once void arguments.Jiele Zhao1-1/+1
2021-04-09ima: Fix function name error in comment.Jiele Zhao1-1/+1
2021-04-09ima: enable loading of build time generated key on .ima keyringNayna Jain1-0/+2
2021-03-26ima: Support EC keys for signature verificationStefan Berger1-16/+14
2021-03-24ima: Fix the error code for restoring the PCR valueLi Huafei1-2/+2
2021-03-22lsm: separate security_task_getsecid() into subjective and objective variantsPaul Moore2-8/+8
2021-03-22ima: without an IMA policy loaded, return quicklyMimi Zohar1-0/+6
2021-03-22integrity: double check iint_cache was initializedMimi Zohar1-0/+8
2021-03-11integrity: Load mokx variables into the blacklist keyringEric Snowberg1-2/+18
2021-03-11certs: Add EFI_CERT_X509_GUID support for dbx entriesEric Snowberg1-0/+11
2021-03-08powerpc: Move arch independent ima kexec functions to drivers/of/kexec.cLakshmi Ramasubramanian2-4/+1
2021-03-08powerpc: Move ima buffer fields to struct kimageLakshmi Ramasubramanian1-6/+2
2021-02-23Merge tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-3/+2
2021-02-23Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds10-54/+82
2021-02-12integrity: Make function integrity_add_key() staticWei Yongjun1-2/+2
2021-02-10Merge branch 'ima-kexec-fixes' into next-integrityMimi Zohar1-0/+3
2021-02-10ima: Free IMA measurement buffer after kexec syscallLakshmi Ramasubramanian1-0/+2
2021-02-10ima: Free IMA measurement buffer on errorLakshmi Ramasubramanian1-0/+1
2021-01-26IMA: Measure kernel version in early bootRaphael Gianotti1-0/+5
2021-01-24ima: handle idmapped mountsChristian Brauner7-40/+68
2021-01-24fs: make helpers idmap mount awareChristian Brauner1-1/+1
2021-01-24xattr: handle idmapped mountsTycho Andersen3-11/+12
2021-01-21certs: Fix blacklist flag type confusionDavid Howells1-3/+2
2021-01-14IMA: define a builtin critical data measurement policyLakshmi Ramasubramanian1-0/+12
2021-01-14IMA: extend critical data hook to limit the measurement based on a labelTushar Sugandhi1-3/+5
2021-01-14IMA: limit critical data measurement based on a labelTushar Sugandhi1-3/+34
2021-01-14IMA: add policy rule to measure critical dataTushar Sugandhi1-4/+25
2021-01-14IMA: define a hook to measure kernel integrity critical dataTushar Sugandhi3-1/+26
2021-01-14IMA: add support to measure buffer data hashTushar Sugandhi5-9/+30
2021-01-14IMA: generalize keyring specific measurement constructsTushar Sugandhi4-26/+35
2021-01-13evm: Fix memleak in init_descDinghao Liu1-2/+5
2020-12-24Merge tag 'efi_updates_for_v5.11' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-0/+77
2020-12-16Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-37/+54
2020-12-15Merge tag 'net-next-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-24/+54
2020-12-14Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-1/+1
2020-11-29ima: Don't modify file descriptor mode on the flyRoberto Sassu1-15/+5
2020-11-26ima: Implement ima_inode_hashKP Singh1-24/+54
2020-11-20ima: select ima-buf template for buffer measurementLakshmi Ramasubramanian4-16/+37
2020-11-20crypto: sha - split sha.h into sha1.h and sha2.hEric Biggers1-1/+1
2020-11-06ima: generalize x86/EFI arch glue for other EFI architecturesChester Lin2-0/+77
2020-11-02ima: defer arch_ima_get_secureboot() call to IMA init timeArd Biesheuvel2-6/+12
2020-10-29ima: Replace zero-length array with flexible-array memberGustavo A. R. Silva1-1/+1
2020-10-15Merge tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-67/+161
2020-10-15Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds4-23/+69
2020-10-13Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+11
2020-10-12Merge tag 'efi-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-19/+66
2020-10-05fs/kernel_file_read: Add "offset" arg for partial readsKees Cook2-2/+3
2020-10-05IMA: Add support for file reads without contentsScott Branden1-6/+16
2020-10-05LSM: Add "contents" flag to kernel_read_file hookKees Cook1-1/+9
2020-10-05firmware_loader: Use security_post_load_data()Kees Cook1-10/+10
2020-10-05LSM: Introduce kernel_post_load_data() hookKees Cook1-1/+23
2020-10-05fs/kernel_read_file: Add file_size output argumentKees Cook2-2/+2
2020-10-05fs/kernel_read_file: Switch buffer size arg to size_tKees Cook2-2/+2
2020-10-05fs/kernel_read_file: Remove redundant size argumentKees Cook2-4/+7
2020-10-05fs/kernel_read_file: Split into separate include fileScott Branden4-0/+4
2020-10-05fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enumKees Cook3-6/+4
2020-09-25integrity: Asymmetric digsig supports SM2-with-SM3 algorithmTianjia Zhang1-3/+11
2020-09-16ima: Fix NULL pointer dereference in ima_file_hashKP Singh1-0/+10
2020-09-16integrity: Load certs from the EFI MOK config tableLenny Szubowicz1-0/+22
2020-09-16integrity: Move import of MokListRT certs to a separate routineLenny Szubowicz1-19/+44
2020-09-15evm: Check size of security.evm before using itRoberto Sassu1-0/+6
2020-09-15ima: Remove semicolon at the end of ima_get_binary_runtime_size()Roberto Sassu1-1/+1
2020-09-15ima: Don't ignore errors from crypto_shash_update()Roberto Sassu1-0/+2
2020-09-15ima: Use kmemdup rather than kmalloc+memcpyAlex Dewar1-5/+4
2020-09-09integrity: include keyring name for unknown key requestBruno Meneguele1-2/+8
2020-09-09ima: limit secure boot feedback scope for appraiseBruno Meneguele1-9/+16
2020-09-08integrity: invalid kernel parameters feedbackBruno Meneguele4-4/+16
2020-09-08ima: add check for enforced appraise optionBruno Meneguele1-0/+2
2020-08-31integrity: Use current_uid() in integrity_audit_message()Denis Efremov1-1/+1
2020-08-31ima: Fail rule parsing when asymmetric key measurement isn't supportableTyler Hicks1-2/+4
2020-08-31ima: Pre-parse the list of keyrings in a KEY_CHECK ruleTyler Hicks1-45/+93
2020-08-23treewide: Use fallthrough pseudo-keywordGustavo A. R. Silva3-7/+7
2020-08-11Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...Linus Torvalds4-4/+4
2020-08-06Replace HTTP links with HTTPS ones: securityAlexander A. Klimov4-4/+4
2020-08-06Merge tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds12-140/+283
2020-07-27integrity: remove redundant initialization of variable retColin Ian King1-1/+1
2020-07-20ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtimeBruno Meneguele2-1/+7
2020-07-20ima: AppArmor satisfies the audit rule requirementsTyler Hicks1-1/+1
2020-07-20ima: Rename internal filter rule functionsTyler Hicks2-25/+21
2020-07-20ima: Support additional conditionals in the KEXEC_CMDLINE hook functionTyler Hicks7-22/+28
2020-07-20ima: Use the common function to detect LSM conditionals in a ruleTyler Hicks1-9/+2
2020-07-20ima: Move comprehensive rule validation checks out of the token parserTyler Hicks3-46/+37
2020-07-20ima: Use correct type for the args_p member of ima_rule_entry.lsm elementsTyler Hicks1-9/+9
2020-07-20ima: Shallow copy the args_p member of ima_rule_entry.lsm elementsTyler Hicks1-10/+8
2020-07-20ima: Fail rule parsing when appraise_flag=blacklist is unsupportableTyler Hicks1-1/+14
2020-07-16ima: Fail rule parsing when the KEY_CHECK hook is combined with an invalid condTyler Hicks1-0/+7
2020-07-16ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invali...Tyler Hicks1-0/+21
2020-07-16ima: Fail rule parsing when buffer hook functions have an invalid actionTyler Hicks1-2/+38
2020-07-16ima: Free the entire rule if it fails to parseTyler Hicks1-1/+2
2020-07-16ima: Free the entire rule when deleting a list of rulesTyler Hicks1-5/+24
2020-07-16ima: Have the LSM free its audit ruleTyler Hicks2-1/+6
2020-07-16IMA: Add audit log for failure conditionsLakshmi Ramasubramanian4-22/+51
2020-07-16integrity: Add errno field in audit messageLakshmi Ramasubramanian2-1/+23
2020-07-08integrity/ima: switch to using __kernel_readChristoph Hellwig1-13/+1
2020-06-24ima: extend boot_aggregate with kernel measurementsMaurizio Drocco2-2/+15
2020-06-15ima: Replace zero-length array with flexible-arrayGustavo A. R. Silva1-2/+2
2020-06-12Merge tag 'integrity-v5.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-1/+2
2020-06-12ima: fix mprotect checkingMimi Zohar1-1/+2
2020-06-07ima: Remove __init annotation from ima_pcrread()Roberto Sassu1-1/+1
2020-06-06Merge tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds11-86/+384
2020-06-05ima: Directly free *entry in ima_alloc_init_template() if digests is NULLRoberto Sassu1-2/+3
2020-06-03ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()Roberto Sassu4-5/+24
2020-06-03ima: Directly assign the ima_default_policy pointer to ima_rulesRoberto Sassu1-2/+1
2020-05-22ima: verify mprotect change is consistent with mmap policyMimi Zohar1-0/+51
2020-05-14evm: Fix a small race in init_desc()Dan Carpenter1-22/+22
2020-05-07evm: Fix possible memory leak in evm_calc_hmac_or_hash()Roberto Sassu1-1/+1
2020-05-07ima: Set again build_ima_appraise variableKrzysztof Struczynski1-2/+8
2020-05-07ima: Remove redundant policy rule set in add_rules()Krzysztof Struczynski1-4/+1
2020-05-07ima: Fix ima digest hash table key calculationKrzysztof Struczynski1-3/+4
2020-05-07evm: Fix RCU list related warningsMadhuparna Bhowmik3-4/+11
2020-05-07ima: Fix return value of ima_write_policy()Roberto Sassu1-2/+1
2020-05-07evm: Check also if *tfm is an error pointer in init_desc()Roberto Sassu1-1/+1
2020-05-07ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()Roberto Sassu1-6/+6
2020-04-19ima: Use ima_hash_algo for collision detection in the measurement listRoberto Sassu3-5/+23
2020-04-19ima: Calculate and extend PCR with digests in ima_template_entryRoberto Sassu3-15/+58
2020-04-19ima: Allocate and initialize tfm for each PCR bankRoberto Sassu1-26/+119
2020-04-19ima: Switch to dynamically allocated buffer for template digestsRoberto Sassu6-10/+45
2020-04-19ima: Store template digest directly in ima_template_entryRoberto Sassu3-24/+9
2020-04-19ima: Evaluate error in init_ima()Roberto Sassu1-0/+3
2020-04-19ima: Switch to ima_hash_algo for boot aggregateRoberto Sassu2-11/+58
2020-04-02Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds19-34/+19
2020-03-12ima: add a new CONFIG for loading arch-specific policiesNayna Jain1-0/+7
2020-02-28integrity: Remove duplicate pr_fmt definitionsTushar Sugandhi17-31/+6
2020-02-28IMA: Add log statements for failure conditionsTushar Sugandhi1-0/+3
2020-02-28IMA: Update KBUILD_MODNAME for IMA files to imaTushar Sugandhi1-3/+3
2020-02-26Merge tag 'efi-next' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi...Ingo Molnar1-1/+1
2020-02-23integrity: Check properly whether EFI GetVariable() is availableArd Biesheuvel1-1/+1
2020-02-18ima: add sm3 algorithm to hash algorithm configuration listTianjia Zhang1-0/+5
2020-02-18efi: Only print errors about failing to get certs if EFI vars are foundJavier Martinez Canillas1-14/+26
2020-01-28Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds11-38/+496
2020-01-23IMA: Defined delayed workqueue to free the queued keysLakshmi Ramasubramanian3-6/+48
2020-01-23IMA: Call workqueue functions to measure queued keysLakshmi Ramasubramanian2-0/+11
2020-01-23IMA: Define workqueue for early boot key measurementsLakshmi Ramasubramanian4-0/+166
2020-01-22IMA: pre-allocate buffer to hold keyrings stringLakshmi Ramasubramanian1-8/+30
2020-01-22ima: ima/lsm policy rule loading logic bug fixesJanne Karhunen1-18/+26
2020-01-22ima: add the ability to query the cached hash of a given fileFlorent Revest1-0/+49
2020-01-22ima: Add a space after printing LSM rules for readabilityClay Chang1-0/+1
2020-01-09IMA: fix measuring asymmetric keys KconfigLakshmi Ramasubramanian2-1/+7
2019-12-12IMA: Read keyrings= option from the IMA policyLakshmi Ramasubramanian1-1/+28
2019-12-12IMA: Add support to limit measuring keysLakshmi Ramasubramanian6-17/+82
2019-12-12IMA: Define an IMA hook to measure keysLakshmi Ramasubramanian2-0/+53
2019-12-12IMA: Add KEY_CHECK func to measure keysLakshmi Ramasubramanian2-1/+4
2019-12-12IMA: Check IMA policy flagLakshmi Ramasubramanian1-0/+3
2019-12-12ima: avoid appraise error for hash calc interruptPatrick Callaghan1-1/+3
2019-12-09treewide: Use sizeof_field() macroPankaj Bharadiya1-2/+2
2019-11-29x86/efi: remove unused variablesYueHaibing1-5/+0
2019-11-13powerpc: Load firmware trusted keys/hashes into kernel keyringNayna Jain3-1/+108
2019-11-13x86/efi: move common keyring handler functions to new fileNayna Jain4-67/+115
2019-11-12ima: Check against blacklisted hashes for files with modsigNayna Jain5-6/+60
2019-11-12ima: Make process_buffer_measurement() genericNayna Jain2-18/+43
2019-10-05integrity: remove pointless subdir-$(CONFIG_...)Masahiro Yamada1-2/+0
2019-10-05integrity: remove unneeded, broken attempt to add -fshort-wcharMasahiro Yamada1-1/+0
2019-09-28Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds4-3/+55
2019-08-29ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva1-2/+2
2019-08-29ima: use struct_size() in kzalloc()Gustavo A. R. Silva1-3/+2
2019-08-28ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann1-1/+2
2019-08-19kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett3-1/+53
2019-08-19kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2-2/+2
2019-08-05ima: fix freeing ongoing ahash_requestSascha Hauer1-0/+5
2019-08-05ima: always return negative code for errorSascha Hauer1-1/+4
2019-08-05ima: Store the measurement again when appraising a modsigThiago Jung Bauermann4-7/+47
2019-08-05ima: Define ima-modsig templateThiago Jung Bauermann8-6/+156
2019-08-05ima: Collect modsigThiago Jung Bauermann5-5/+60
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-20 07:47:05 +0000