summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima.h
diff options
context:
space:
mode:
authorTushar Sugandhi <tusharsu@linux.microsoft.com>2021-01-08 07:07:02 +0300
committerMimi Zohar <zohar@linux.ibm.com>2021-01-15 07:41:23 +0300
commit291af651b350817f7f1cbe308faaf7fa7af2a92c (patch)
tree4172c749579e27e6dc99b1da9da336ef898cfb42 /security/integrity/ima/ima.h
parent2b4a2474a2027eb683bc421eff286fc617ce1d82 (diff)
downloadlinux-291af651b350817f7f1cbe308faaf7fa7af2a92c.tar.xz
IMA: add support to measure buffer data hash
The original IMA buffer data measurement sizes were small (e.g. boot command line), but the new buffer data measurement use cases have data sizes that are a lot larger. Just as IMA measures the file data hash, not the file data, IMA should similarly support the option for measuring buffer data hash. Introduce a boolean parameter to support measuring buffer data hash, which would be much smaller, instead of the buffer itself. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima.h')
-rw-r--r--security/integrity/ima/ima.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index e5622ce8cbb1..0b4634515839 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -268,7 +268,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
struct ima_template_desc *template_desc);
void process_buffer_measurement(struct inode *inode, const void *buf, int size,
const char *eventname, enum ima_hooks func,
- int pcr, const char *func_data);
+ int pcr, const char *func_data,
+ bool buf_hash);
void ima_audit_measurement(struct integrity_iint_cache *iint,
const unsigned char *filename);
int ima_alloc_init_template(struct ima_event_data *event_data,
generated by cgit v1.2.3 (git 2.39.0) at 2024-12-28 19:00:21 +0300