[v3] Reintrodce Hornet LSM

[PATCH v3 5/9] lsm: security: Add additional enum values for bpf integrity checks

Posted by Blaise Boscaccy 1 week ago

First add a generic LSM_INT_VERDICT_FAULT value to indicate a system
failure during checking. Second, add a LSM_INT_VERDICT_UNKNOWNKEY to
signal that the payload was signed with a key other than one that
exists in the secondary keyring. And finally add an
LSM_INT_VERDICT_UNEXPECTED enum value to indicate that a unexpected
hash value was encountered at some stage of verification.

Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
---
 include/linux/security.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/linux/security.h b/include/linux/security.h
index 298a43b7744a4..84c82c41b48c4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -106,6 +106,9 @@ enum lsm_integrity_verdict {
 	LSM_INT_VERDICT_OK,
 	LSM_INT_VERDICT_UNSIGNED,
 	LSM_INT_VERDICT_PARTIALSIG,
+	LSM_INT_VERDICT_UNKNOWNKEY,
+	LSM_INT_VERDICT_UNEXPECTED,
+	LSM_INT_VERDICT_FAULT,
 	LSM_INT_VERDICT_BADSIG,
 };
 
-- 
2.53.0

[PATCH v3 1/9] crypto: pkcs7: add flag for validated trust on a signed info block
[PATCH v3 2/9] crypto: pkcs7: add ability to extract signed attributes by OID
[PATCH v3 3/9] crypto: pkcs7: add tests for pkcs7_get_authattr
[PATCH v3 4/9] lsm: framework for BPF integrity verification
[PATCH v3 5/9] lsm: security: Add additional enum values for bpf integrity checks
[PATCH v3 6/9] security: Hornet LSM
[PATCH v3 7/9] hornet: Introduce gen_sig
[PATCH v3 8/9] hornet: Add a light skeleton data extractor scripts
[PATCH v3 9/9] selftests/hornet: Add a selftest for the Hornet LSM