summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_queue_keys.c
diff options
context:
space:
mode:
authorTushar Sugandhi <tusharsu@linux.microsoft.com>2021-01-07 20:07:02 -0800
committerMimi Zohar <zohar@linux.ibm.com>2021-01-14 23:41:23 -0500
commit291af651b350817f7f1cbe308faaf7fa7af2a92c (patch)
tree4172c749579e27e6dc99b1da9da336ef898cfb42 /security/integrity/ima/ima_queue_keys.c
parent2b4a2474a2027eb683bc421eff286fc617ce1d82 (diff)
IMA: add support to measure buffer data hash
The original IMA buffer data measurement sizes were small (e.g. boot command line), but the new buffer data measurement use cases have data sizes that are a lot larger. Just as IMA measures the file data hash, not the file data, IMA should similarly support the option for measuring buffer data hash. Introduce a boolean parameter to support measuring buffer data hash, which would be much smaller, instead of the buffer itself. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_queue_keys.c')
-rw-r--r--security/integrity/ima/ima_queue_keys.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
index 69a8626a35c0..c2f2ad34f9b7 100644
--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -162,7 +162,8 @@ void ima_process_queued_keys(void)
entry->payload_len,
entry->keyring_name,
KEY_CHECK, 0,
- entry->keyring_name);
+ entry->keyring_name,
+ false);
list_del(&entry->list);
ima_free_key_entry(entry);
}