mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-09-17 17:35:20 +02:00
ima-evm-utils: support verifying the measurement list using multiple keys
On a running system, different software packages might be signed by different parties. Support verifying signatures in the measurement list using multiple public keys(eg. -k "key1, key2, ..."). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Mimi Zohar
@@ -1419,6 +1419,10 @@ static int ima_measurement(const char *file)
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Support multiple public keys */
|
||||
if (params.keyfile)
|
||||
init_public_keys(params.keyfile);
|
||||
|
||||
while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
|
||||
ima_extend_pcr(pcr, entry.header.digest, SHA_DIGEST_LENGTH);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user