diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2021-11-23 13:37:52 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-05-01 16:39:36 -0400 |
| commit | 246d921646c071b878480997c294db6c83215b06 (patch) | |
| tree | 15becd1e0c5d5546f70a8712df57cd4a5986685b /fs/verity/Kconfig | |
| parent | 09091c44cb737256f588050e363c4675d88aaac3 (diff) | |
| download | linux-246d921646c071b878480997c294db6c83215b06.tar.gz linux-246d921646c071b878480997c294db6c83215b06.tar.bz2 linux-246d921646c071b878480997c294db6c83215b06.zip | |
fs-verity: define a function to return the integrity protected file digest
Define a function named fsverity_get_digest() to return the verity file
digest and the associated hash algorithm (enum hash_algo).
This assumes that before calling fsverity_get_digest() the file must have
been opened, which is even true for the IMA measure/appraise on file
open policy rule use case (func=FILE_CHECK). do_open() calls vfs_open()
immediately prior to ima_file_check().
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'fs/verity/Kconfig')
| -rw-r--r-- | fs/verity/Kconfig | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig index 24d1b54de807..54598cd80145 100644 --- a/fs/verity/Kconfig +++ b/fs/verity/Kconfig @@ -3,6 +3,7 @@ config FS_VERITY bool "FS Verity (read-only file-based authenticity protection)" select CRYPTO + select CRYPTO_HASH_INFO # SHA-256 is implied as it's intended to be the default hash algorithm. # To avoid bloat, other wanted algorithms must be selected explicitly. # Note that CRYPTO_SHA256 denotes the generic C implementation, but |