Commit Graph

Select branches

Hide Pull Requests

ima-evm-utils-1.2.y

ima-evm-utils-1.3.1-y

master

next

next-testing

v0.1.0

v0.1.1

v0.2

v0.3

v0.4

v0.5

v0.6

v0.7

v0.8

v0.9

v1.0

v1.1

v1.2

v1.2.1

v1.3

v1.3.1

v1.3.2

v1.4

v1.5

Mono Color

• dc0cbaea42 Merge branch 'update-ecc-doc-examples' into next next-testing next Mimi Zohar 2023-04-27 09:59:18 -04:00
• 14bce8a97c Add example scripts for EC key and certs generation Stefan Berger 2023-04-26 18:35:59 -04:00
• ce9bfdd091 Add openssl command line examples for creation of EC keys Stefan Berger 2023-04-26 18:35:58 -04:00
• 9f669a6b38 Update OpenSSL config files for support for .machine keyring Stefan Berger 2023-04-26 18:35:57 -04:00
• 6e1b9b1521 Update default key sizes and hash to up-to-date values Stefan Berger 2023-04-26 18:35:56 -04:00
• 31f4a22b57 Do not get 'generation' using ioctl when evm_portable is true Stefan Berger 2023-04-18 12:16:02 -04:00
• 29c4268764 Fix fsverity.test mount failure for ppc64 Vitaly Chikunov 2023-03-11 12:16:44 +03:00
• 0924a739e2 fsverity.test: Add /usr/sbin into $PATH Petr Vorel 2023-03-10 11:47:29 +01:00
• 1803accc3f Release version 1.5 master v1.5 Mimi Zohar 2023-02-24 12:34:00 -05:00
• 411ff0a720 tests: fix gen-keys.sh to generate sha256 certificates Mimi Zohar 2023-03-06 05:57:27 -05:00
• 2ea31a943c Update README Mimi Zohar 2023-03-03 08:12:10 -05:00
• 02c833339b Merge branch 'mmap-check-test' into next Mimi Zohar 2023-03-02 17:11:17 -05:00
• 6917e384d3 Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks Roberto Sassu 2023-03-02 19:05:02 +01:00
• 6a658e23d6 Add ima_policy_check.awk and ima_policy_check.test Roberto Sassu 2023-03-02 18:38:31 +01:00
• 1d3a0b6923 Introduce expect_pass_if() and expect_fail_if() Roberto Sassu 2023-01-31 17:02:30 +01:00
• 8f6ba073a0 Fix reading the TPM 2.0 PCRs Mimi Zohar 2023-01-27 07:22:48 -05:00
• 0290acff79 tests: use new git repo URL for fsverity-utils Eric Biggers 2023-01-25 12:10:33 -08:00
• d50e8c4397 github: Put openSSL build into own section Petr Vorel 2023-02-14 22:00:35 +01:00
• 80442de4dd github: travis: Remove COMPILE_SSL from tumbleweed Petr Vorel 2023-02-14 22:00:34 +01:00
• fdc2788d8f tests/install-swtpm.sh: Update ibmswtpm2 to 1682 Petr Vorel 2023-02-14 22:00:33 +01:00
• d18d6fff5c ci: cleanup build.sh test log output Mimi Zohar 2023-01-24 12:44:26 -05:00
• 58b4c7ac4b Merge branch 'uml' into next Mimi Zohar 2023-01-27 11:49:19 -05:00
• 40962a6690 Temporarily remove CONFIG_DEBUG_SG to test portable signatures Mimi Zohar 2023-01-26 14:58:07 +01:00
• f3289d5598 ci: haveged requires EPEL on CentOS stream:8 Mimi Zohar 2023-01-26 14:58:06 +01:00
• 452f4b2eac Use in-place built fsverity binary instead of installing it Roberto Sassu 2023-01-26 14:58:05 +01:00
• 0bccb5412c Adapt fsverity.test to be able to run in a new testing environment Roberto Sassu 2023-01-26 14:58:04 +01:00
• cf832d72f9 Add tests for EVM portable signatures Roberto Sassu 2023-01-26 14:58:03 +01:00
• b573b7d4a1 Introduce TST_LIST variable to select a test to execute Roberto Sassu 2023-01-26 14:58:02 +01:00
• f106a9022d Add support for creating a new testing environment in functions.sh Roberto Sassu 2023-01-26 14:58:01 +01:00
• 03b5d159ca Pass cleanup function and its arguments to _report_exit_and_cleanup() Roberto Sassu 2023-01-26 14:58:00 +01:00
• 3fadf997a6 Compile the UML kernel and download it in Github Actions Roberto Sassu 2023-01-26 14:57:59 +01:00
• a910fe25a9 Add kernel configuration for tests Roberto Sassu 2023-01-26 14:57:58 +01:00
• d1b48e9783 Fix error messages and vars in calc_evm_hmac() Roberto Sassu 2023-01-26 14:57:57 +01:00
• eea9827d99 libimaevm: do not crash if the certificate cannot be read Alberto Mardegan 2023-01-09 07:52:48 +00:00
• 3f162e8e3d Experimental fsverity.test related GA CI improvements Vitaly Chikunov 2022-12-01 03:26:54 +03:00
• b259a2ba8b tests: add fsverity measurement test Mimi Zohar 2022-11-13 08:48:32 -05:00
• aad5d334a6 Save ima-evm-utils sourceforge wiki Mimi Zohar 2022-11-07 16:02:41 -05:00
• 066685d162 Change condition to free(pub) Stefan Berger 2022-11-02 14:45:34 -04:00
• c7928795cd Add assert to ensure that algo_name in bank is set Stefan Berger 2022-11-02 14:45:33 -04:00
• ca68ddd857 Fix memory leak related to entry.template Stefan Berger 2022-11-02 14:45:32 -04:00
• d7dffec5f7 Fix memory leaks of tpm_bank_info allocations Stefan Berger 2022-11-02 14:45:31 -04:00
• a141bd5942 add support for reading per bank TPM 2.0 PCRs via sysfs Tergel Myanganbayar 2022-09-07 20:25:00 -04:00
• 7aaf923d0b Fix tpm2_pcr_supported() output messages Mimi Zohar 2022-09-14 08:26:39 -04:00
• 27e91006d8 Sanity check the template data field sizes Mimi Zohar 2022-09-13 16:48:30 -04:00
• 22f8effda5 Define and verify the template data length upper bounds Mimi Zohar 2022-09-13 12:23:55 -04:00
• 6778e3511b Don't ignore number of items read Mimi Zohar 2022-09-13 10:17:57 -04:00
• c8b1757270 Make sure the key file is a regular file Mimi Zohar 2022-09-11 14:51:52 -04:00
• 297d01bdb6 Build OpenSSL without engine support Mimi Zohar 2022-09-07 21:38:28 -04:00
• abf7b5e236 Compile a newer version of OpenSSL Mimi Zohar 2022-09-04 21:25:23 -04:00
• 1d4970b46b Base sm2/sm3 test on openssl version installed Mimi Zohar 2022-09-11 22:07:27 -04:00
• f57ea92d6e Missing template data size lower bounds checking Mimi Zohar 2022-08-26 14:36:46 -04:00
• 232836a079 Limit the file hash algorithm name length Mimi Zohar 2022-08-26 14:25:56 -04:00
• f2b1b66b7c Fix potential use after free in read_tpm_banks() Mimi Zohar 2022-08-26 14:10:43 -04:00
• c1635add22 Disable use of OpenSSL "engine" support Mimi Zohar 2022-08-11 07:33:54 -04:00
• a7b5bdbf36 Add missing EVP_MD_CTX_free() call in calc_evm_hash() Mimi Zohar 2022-08-10 10:12:16 -04:00
• 67ca790435 Replace the low level HMAC calls when calculating the EVM HMAC Mimi Zohar 2022-08-04 07:59:27 -04:00
• b9c9759a7e Replace the low level SHA1 calls when calculating the TPM 1.2 PCRs Mimi Zohar 2022-08-04 18:41:18 -04:00
• 751a395772 Deprecate IMA signature version 1 Mimi Zohar 2022-08-04 18:33:38 -04:00
• 8e1da33b0c Update configure.ac to address a couple of obsolete warnings Mimi Zohar 2022-08-03 14:02:57 -04:00
• f8c9621d88 travis: update dist=focal Mimi Zohar 2022-08-04 14:51:12 -04:00
• 1fcac50e30 Log and reset 'errno' on lsetxattr failure Mimi Zohar 2022-10-28 16:13:52 -04:00
• ba2b6a97c1 log and reset 'errno' after failure to open non-critical files Mimi Zohar 2022-10-21 07:25:19 -04:00
• 0f3b9a0b2c Revert "Reset 'errno' after failure to open or access a file" Mimi Zohar 2022-10-27 13:24:27 -04:00
• 75fadad261 ci/alpine.sh: Install bash Petr Vorel 2022-07-15 09:31:21 +02:00
• 8f1e5224e6 ci/ubuntu: impish -> jammy Petr Vorel 2022-06-17 15:56:25 +02:00
• 3d77138811 Verify an fs-verity file digest based signature Mimi Zohar 2021-11-24 08:35:20 -05:00
• fc46af121e Sign an fs-verity file digest Mimi Zohar 2021-11-24 08:35:20 -05:00
• acb19d1894 Reset 'errno' after failure to open or access a file Mimi Zohar 2022-05-12 18:18:14 -04:00
• eb956b8d35 travis: install fuse-overlayfs before podman Mimi Zohar 2022-06-13 21:31:42 -04:00
• 170be44a7b travis: include CentOS stream 8 Mimi Zohar 2022-03-22 13:39:39 -04:00
• e06980b245 ci/GitHub: Remove CentOS 8 Petr Vorel 2022-03-23 14:47:20 +01:00
• 37317838b4 ci: Replace groovy -> impish Petr Vorel 2022-01-19 08:39:39 +01:00
• 318a3e6b2d Release version 1.4 v1.4 Mimi Zohar 2021-10-22 15:33:01 -04:00
• f9b805fabc travis: use alt:sisyphus from docker.io Mimi Zohar 2021-10-31 17:28:35 -04:00
• 1a9472a09c travis: Fix fedora:latest, alpine:latest, and alt:sisyphus Mimi Zohar 2021-10-28 17:24:59 -04:00
• 4dab8558fc ci: upgrade to glibc-2.34 uses clone3 causing CI to fail Mimi Zohar 2021-10-24 17:33:20 -04:00
• 9171c1ce43 travis: switch to using crun for podman Mimi Zohar 2021-10-25 16:55:11 -04:00
• ba366f0b41 Merge branch 'default-hash-algo' into next Mimi Zohar 2021-09-13 19:20:50 -04:00
• 3328f6efed make SHA-256 the default hash algorithm Bruno Meneguele 2021-09-10 15:47:01 -03:00
• 80bb310152 set default hash algorithm in configuration time Bruno Meneguele 2021-09-10 15:47:00 -03:00
• 5356b0487a Merge branch 'pkcs11-support-v4' into next Mimi Zohar 2021-09-13 18:56:22 -04:00
• ebcdbfe91e tests: Get the packages for pkcs11 testing on the CI/CD system Stefan Berger 2021-09-13 18:18:13 -04:00
• e5b3097821 tests: Extend sign_verify test with pkcs11-specific test Stefan Berger 2021-09-13 18:18:12 -04:00
• 4a977c8d23 tests: Import softhsm_setup script to enable pkcs11 test case Stefan Berger 2021-09-13 18:18:11 -04:00
• 6350e014a8 libimaevm: Add support for pkcs11 private keys for signing a v2 hash Stefan Berger 2021-09-13 18:18:10 -04:00
• 3b32acbc7d evmctl: use the pkcs11 engine for pkcs11: prefixed URIs Stefan Berger 2021-09-13 18:18:09 -04:00
• 1de1e3c8ce evmctl: Define and use an ENGINE field in libimaevm_params Stefan Berger 2021-09-13 18:18:08 -04:00
• 29aa7465d5 evmctl: Implement function for setting up an OpenSSL engine Stefan Berger 2021-09-13 18:18:07 -04:00
• 47510a1050 evmctl: Handle failure to initialize the openssl engine Stefan Berger 2021-09-13 18:18:06 -04:00
• 6fbb2a305b evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable Stefan Berger 2021-09-13 18:18:05 -04:00
• fa2ba9a6e9 evmctl: fix memory leak in get_password Bruno Meneguele 2021-08-16 12:15:59 -03:00
• b1818c1113 Create alternative tpm2_pcr_read() that uses IBM TSS Ken Goldman 2021-08-03 16:40:08 -04:00
• e52fc1d330 Change PCR iterator from int to uint32_t Ken Goldman 2021-08-03 16:40:07 -04:00
• efacc1f396 Expand the INSTALL instructions Ken Goldman 2021-08-03 16:40:06 -04:00
• 2a7658bf0e ima-evm-utils: Fix incorrect algorithm name in hash_info.gen Tianjia Zhang 2021-07-24 17:56:47 +08:00
• a5f5dd7c8e ima-evm-utils: Support SM2/3 algorithm for sign and verify Tianjia Zhang 2021-07-21 11:16:59 +08:00
• 40621b2259 Read keyid from the cert appended to the key file Vitaly Chikunov 2021-07-16 18:16:02 +03:00
• 0e7a00e26b Allow manual setting keyid from a cert file Vitaly Chikunov 2021-07-16 18:16:01 +03:00
• 51b694bfea Allow manual setting keyid for signing Vitaly Chikunov 2021-07-16 18:16:00 +03:00
• 6ecb883528 evmctl: Remove left-over check S_ISDIR() for directory signing Stefan Berger 2021-07-16 15:33:00 -04:00