Re: [PATCH v2 0/7] ima: Add template fields to verify EVM portable signatures

[Mimi Zohar]

On Fri, 2021-05-28 at 09:38 +0200, Roberto Sassu wrote:
> The recent patch set 'evm: Improve usability of portable signatures' added
> the possibility to include EVM portable signatures in the IMA measurement
> list.
> 
> However, the information necessary to verify the signature were not
> included in the IMA measurement list. This patch set introduces new
> template fields to accomplish this goal:
> 
> - 'iuid': the inode UID;
> - 'igid': the inode GID;
> - 'imode': the inode mode;
> - 'xattrnames': a list of xattr names (separated by |), only if the xattr is
>   present;
> - 'xattrlengths': a list of xattr lengths (u32), only if the xattr is present;
> - 'xattrvalues': a list of xattr values;
> 
> Patch 1 adds an helper function to show integers in the measurement list.
> Patches 2, 3 and 5 introduce new template fields. Patch 4 make it possible
> to verify EVM portable signatures which protect xattrs belonging to LSMs
> not enabled in the target platform. Patch 6 introduces the new IMA template
> evm-sig. Patch 7 fixes a small issue in evm_write_xattrs() when audit is
> not enabled.

Thanks, Roberto. 

Applied to: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
next-integrity-testing branch.

Mimi