dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement recursive IMA signing

Browse Source 
Recursive signing is needed when doing filesystem image signing.
Using script is very slow due to multiple forking and executing.
C-based implementation provides about 7 times performance improvements.
It is very significant when doing large image signing.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-01-17 15:18:48 +02:00
parent 5b852c0fbb
commit 3dc656bc6f
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/evmctl.c
View File

@ -1130,9 +1130,19 @@ static int get_file_type(const char *path, const char *search_type)
return dts;
}
static int sign_ima_file(const char *file)
{
char *key;
key = keyfile ? : "/etc/keys/privkey_evm.pem";
return sign_ima(file, key);
}
static int cmd_sign_ima(struct command *cmd)
{
char *key, *file = g_argv[optind++];
char *file = g_argv[optind++];
int err, dts = REG_MASK; /* only regular files by default */
if (!file) {
log_err("Parameters missing\n");
@ -1140,10 +1150,18 @@ static int cmd_sign_ima(struct command *cmd)
return -1;
}
key = keyfile ? : "/etc/keys/privkey_evm.pem";
return sign_ima(file, key);
if (recursive) {
if (search_type) {
dts = get_file_type(file, search_type);
if (dts < 0)
return dts;
}
err = find(file, dts, sign_ima_file);
} else {
err = sign_ima_file(file);
}
return err;
}
static int sign_evm_path(const char *file)