Commit 4286587d authored by Mimi Zohar's avatar Mimi Zohar

ima: add Kconfig default measurement list template

This patch adds a Kconfig option to select the default IMA
measurement list template.  The 'ima' template limited the
filedata hash to 20 bytes and the pathname to 255 charaters.
The 'ima-ng' measurement list template permits larger hash
digests and longer pathnames.

Changelog:
- keep 'select CRYPTO_HASH_INFO' in 'config IMA' section (Kconfig)
  (Roberto Sassu);
- removed trailing whitespaces (Roberto Sassu).
- Lindent fixes
Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
parent add1c05d
...@@ -46,6 +46,31 @@ config IMA_LSM_RULES ...@@ -46,6 +46,31 @@ config IMA_LSM_RULES
help help
Disabling this option will disregard LSM based policy rules. Disabling this option will disregard LSM based policy rules.
choice
prompt "Default template"
default IMA_NG_TEMPLATE
depends on IMA
help
Select the default IMA measurement template.
The original 'ima' measurement list template contains a
hash, defined as 20 bytes, and a null terminated pathname,
limited to 255 characters. The 'ima-ng' measurement list
template permits both larger hash digests and longer
pathnames.
config IMA_TEMPLATE
bool "ima"
config IMA_NG_TEMPLATE
bool "ima-ng (default)"
endchoice
config IMA_DEFAULT_TEMPLATE
string
depends on IMA
default "ima" if IMA_TEMPLATE
default "ima-ng" if IMA_NG_TEMPLATE
config IMA_APPRAISE config IMA_APPRAISE
bool "Appraise integrity measurements" bool "Appraise integrity measurements"
depends on IMA depends on IMA
......
...@@ -127,8 +127,8 @@ static int init_defined_templates(void) ...@@ -127,8 +127,8 @@ static int init_defined_templates(void)
struct ima_template_desc *ima_template_desc_current(void) struct ima_template_desc *ima_template_desc_current(void)
{ {
if (!ima_template) if (!ima_template)
ima_template = lookup_template_desc(IMA_TEMPLATE_IMA_NAME); ima_template =
lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE);
return ima_template; return ima_template;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment