[PATCH v4 05/10] lsm: security: Add additional enum values for bpf integrity checks

Next message: Jeff Layton: "[PATCH v2 01/28] filelock: pass current blocking lease to trace_break_lease_block() rather than &quot;new_fl&quot;"
Previous message: Jeff Layton: "[PATCH v2 12/28] nfsd: update the fsnotify mark when setting or removing a dir delegation"
In reply to: Blaise Boscaccy: "[PATCH v4 01/10] crypto: pkcs7: add flag for validated trust on a signed info block"
Next in thread: Blaise Boscaccy: "[PATCH v4 08/10] hornet: Add a light skeleton data extractor scripts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Blaise Boscaccy

Date: Thu Apr 16 2026 - 13:37:11 EST

First add a generic LSM_INT_VERDICT_FAULT value to indicate a system
failure during checking. Second, add a LSM_INT_VERDICT_UNKNOWNKEY to
signal that the payload was signed with a key other than one that
exists in the secondary keyring. And finally add an
LSM_INT_VERDICT_UNEXPECTED enum value to indicate that a unexpected
hash value was encountered at some stage of verification.

Signed-off-by: Blaise Boscaccy <bboscaccy@xxxxxxxxxxxxxxxxxxx>
---
include/linux/security.h | 3 +++
1 file changed, 3 insertions(+)

diff --git a/include/linux/security.h b/include/linux/security.h
index b3fd04baa78d0..4b4b8808f67de 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -106,6 +106,9 @@ enum lsm_integrity_verdict {
LSM_INT_VERDICT_OK,
LSM_INT_VERDICT_UNSIGNED,
LSM_INT_VERDICT_PARTIALSIG,
+ LSM_INT_VERDICT_UNKNOWNKEY,
+ LSM_INT_VERDICT_UNEXPECTED,
+ LSM_INT_VERDICT_FAULT,
LSM_INT_VERDICT_BADSIG,
};

--
2.53.0