linux/Documentation/security
Mimi Zohar 398c42e2c4 ima: support fs-verity file digest based version 3 signatures
IMA may verify a file's integrity against a "good" value stored in the
'security.ima' xattr or as an appended signature, based on policy.  When
the "good value" is stored in the xattr, the xattr may contain a file
hash or signature.  In either case, the "good" value is preceded by a
header.  The first byte of the xattr header indicates the type of data
- hash, signature - stored in the xattr.  To support storing fs-verity
signatures in the 'security.ima' xattr requires further differentiating
the fs-verity signature from the existing IMA signature.

In addition the signatures stored in 'security.ima' xattr, need to be
disambiguated.  Instead of directly signing the fs-verity digest, a new
signature format version 3 is defined as the hash of the ima_file_id
structure, which identifies the type of signature and the digest.

The IMA policy defines "which" files are to be measured, verified, and/or
audited.  For those files being verified, the policy rules indicate "how"
the file should be verified.  For example to require a file be signed,
the appraise policy rule must include the 'appraise_type' option.

	appraise_type:= [imasig] | [imasig|modsig] | [sigv3]
           where 'imasig' is the original or signature format v2 (default),
           where 'modsig' is an appended signature,
           where 'sigv3' is the signature format v3.

The policy rule must also indicate the type of digest, if not the IMA
default, by first specifying the digest type:

	digest_type:= [verity]

The following policy rule requires fsverity signatures.  The rule may be
constrained, for example based on a fsuuid or LSM label.

      appraise func=BPRM_CHECK digest_type=verity appraise_type=sigv3

Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-05-05 17:41:51 -04:00
..
keys KEYS: encrypted: Instantiate key with user-provided decrypted data 2022-02-21 19:47:45 -05:00
tpm Documentation: drop optional BOMs 2021-05-10 15:17:34 -06:00
credentials.rst Documentation: remove current_security() reference 2020-09-09 11:33:59 -06:00
digsig.rst docs: move digsig docs to the security book 2020-05-15 12:03:48 -06:00
IMA-templates.rst ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
index.rst landlock: Add user and kernel documentation 2021-04-22 12:22:11 -07:00
landlock.rst docs: security: landlock.rst: avoid using ReST :doc:foo markup 2021-06-17 13:24:39 -06:00
lsm-development.rst Documentation: Replace lkml.org links with lore 2021-01-11 12:47:38 -07:00
lsm.rst Documentation: LSM: Correct the basic LSM description 2020-05-25 18:59:59 -06:00
sak.rst docs: security: move some books to it and update 2019-07-15 11:03:01 -03:00
SCTP.rst docs: fix 'make htmldocs' warning in SCTP.rst 2022-02-28 11:09:10 -05:00
self-protection.rst docs: update self-protection __ro_after_init status 2021-12-10 14:02:06 -07:00
siphash.rst crypto: lib/sha1 - rename "sha" to "sha1" 2020-05-08 15:32:17 +10:00