[PATCH] integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG

Next message: Aaron Tomlin: "[PATCH v6 0/2] fs/resctrl: Add &quot;*&quot; shorthand to set io_alloc CBM for all domains"
Previous message: Nathan Chancellor: "Prebuilt LLVM 22.1.2 uploaded"
Next in thread: Mimi Zohar: "Re: [PATCH] integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefan Berger

Date: Tue Mar 24 2026 - 20:11:36 EST

Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG on RSA, ECDSA,
ECRDSA, and SM2 signatures.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
security/integrity/digsig_asymmetric.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 6b21b9bf829e..6e68ec3becbd 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -154,7 +154,8 @@ static int calc_file_id_hash(enum evm_ima_xattr_type type,
size_t file_id_size;
int rc;

- if (type != IMA_VERITY_DIGSIG && type != EVM_IMA_XATTR_DIGSIG)
+ if (type != IMA_VERITY_DIGSIG && type != EVM_IMA_XATTR_DIGSIG &&
+ type != EVM_XATTR_PORTABLE_DIGSIG)
return -EINVAL;

tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);

base-commit: 3fa0dea50084da8279fb4b1175b3a9b4fc16f052
--
2.53.0