mbox series

[v5,0/2] IMA: Verify measurement of certificates

Message ID 20200714181703.6374-1-t-josne@linux.microsoft.com
Headers show
Series IMA: Verify measurement of certificates | expand


Lachlan Sneff July 14, 2020, 6:17 p.m. UTC
The IMA subsystem is capable of importing and measuring certificates. This
set of patches adds tests for verifying that keys are imported and measured


- Fix failure case of key measurement test.

- Clarify documentation about required certificate.
- Fix case where multiple KEY_CHECK rules are present.

- Document requirements for running the ima key tests and provide resources
  for generating keys.

- Un-linebreak a few strings
- Enforce that some commands are available before running
- Move compute_digest function to ima_setup.sh
- Fix file permissions on ima_key.sh
- Move IMA_POLICY variable to ima_setup.sh
- Add keycheck.policy datafile

- The following patchsets should be applied in that order.
- Add tests that verify measurement of keys and importing certificates.

Lachlan Sneff (2):
  IMA: Add a test to verify measurment of keys
  IMA: Add a test to verify importing a certificate into keyring

 runtest/ima                                   |   1 +
 .../kernel/security/integrity/ima/README.md   |  22 ++++
 .../integrity/ima/datafiles/keycheck.policy   |   1 +
 .../security/integrity/ima/tests/ima_keys.sh  | 111 ++++++++++++++++++
 .../integrity/ima/tests/ima_measurements.sh   |  36 +-----
 .../integrity/ima/tests/ima_policy.sh         |   1 -
 .../security/integrity/ima/tests/ima_setup.sh |  35 ++++++
 7 files changed, 171 insertions(+), 36 deletions(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/keycheck.policy
 create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_keys.sh