Activity for Integrity Measurement Architecture (IMA)

  • Mimi Zohar committed [dc0cba] on IMA/EVM Utils

    Merge branch 'update-ecc-doc-examples' into next

  • Mimi Zohar committed [14bce8] on IMA/EVM Utils

    Add example scripts for EC key and certs generation

  • Mimi Zohar committed [ce9bfd] on IMA/EVM Utils

    Add openssl command line examples for creation of EC keys

  • Mimi Zohar committed [9f669a] on IMA/EVM Utils

    Update OpenSSL config files for support for .machine keyring

  • Mimi Zohar committed [6e1b9b] on IMA/EVM Utils

    Update default key sizes and hash to up-to-date values

  • Mimi Zohar committed [31f4a2] on IMA/EVM Utils

    Do not get 'generation' using ioctl when evm_portable is true

  • Mimi Zohar committed [29c426] on IMA/EVM Utils

    Fix fsverity.test mount failure for ppc64

  • Mimi Zohar committed [0924a7] on IMA/EVM Utils

    fsverity.test: Add /usr/sbin into $PATH

  • Mimi Zohar committed [1803ac] on IMA/EVM Utils

    Release version 1.5

  • Mimi Zohar committed [411ff0] on IMA/EVM Utils

    tests: fix gen-keys.sh to generate sha256 certificates

  • Mimi Zohar committed [2ea31a] on IMA/EVM Utils

    Update README

  • Mimi Zohar committed [02c833] on IMA/EVM Utils

    Merge branch 'mmap-check-test' into next

  • Mimi Zohar committed [6917e3] on IMA/EVM Utils

    Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks

  • Mimi Zohar committed [6a658e] on IMA/EVM Utils

    Add ima_policy_check.awk and ima_policy_check.test

  • Mimi Zohar committed [1d3a0b] on IMA/EVM Utils

    Introduce expect_pass_if() and expect_fail_if()

  • Mimi Zohar committed [8f6ba0] on IMA/EVM Utils

    Fix reading the TPM 2.0 PCRs

  • Mimi Zohar committed [0290ac] on IMA/EVM Utils

    tests: use new git repo URL for fsverity-utils

  • Mimi Zohar committed [d50e8c] on IMA/EVM Utils

    github: Put openSSL build into own section

  • Mimi Zohar committed [80442d] on IMA/EVM Utils

    github: travis: Remove COMPILE_SSL from tumbleweed

  • Mimi Zohar committed [fdc278] on IMA/EVM Utils

    tests/install-swtpm.sh: Update ibmswtpm2 to 1682

  • Mimi Zohar committed [d18d6f] on IMA/EVM Utils

    ci: cleanup build.sh test log output

  • Mimi Zohar committed [58b4c7] on IMA/EVM Utils

    Merge branch 'uml' into next

  • Mimi Zohar committed [40962a] on IMA/EVM Utils

    Temporarily remove CONFIG_DEBUG_SG to test portable signatures

  • Mimi Zohar committed [f3289d] on IMA/EVM Utils

    ci: haveged requires EPEL on CentOS stream:8

  • Mimi Zohar committed [452f4b] on IMA/EVM Utils

    Use in-place built fsverity binary instead of installing it

  • Mimi Zohar committed [0bccb5] on IMA/EVM Utils

    Adapt fsverity.test to be able to run in a new testing environment

  • Mimi Zohar committed [cf832d] on IMA/EVM Utils

    Add tests for EVM portable signatures

  • Mimi Zohar committed [b573b7] on IMA/EVM Utils

    Introduce TST_LIST variable to select a test to execute

  • Mimi Zohar committed [f106a9] on IMA/EVM Utils

    Add support for creating a new testing environment in functions.sh

  • Mimi Zohar committed [03b5d1] on IMA/EVM Utils

    Pass cleanup function and its arguments to _report_exit_and_cleanup()

  • Mimi Zohar committed [3fadf9] on IMA/EVM Utils

    Compile the UML kernel and download it in Github Actions

  • Mimi Zohar committed [a910fe] on IMA/EVM Utils

    Add kernel configuration for tests

  • Mimi Zohar committed [d1b48e] on IMA/EVM Utils

    Fix error messages and vars in calc_evm_hmac()

  • Mimi Zohar committed [eea982] on IMA/EVM Utils

    libimaevm: do not crash if the certificate cannot be read

  • Mimi Zohar committed [3f162e] on IMA/EVM Utils

    Experimental fsverity.test related GA CI improvements

  • Mimi Zohar committed [b259a2] on IMA/EVM Utils

    tests: add fsverity measurement test

  • Mimi Zohar committed [aad5d3] on IMA/EVM Utils

    Save ima-evm-utils sourceforge wiki

  • Alberto Mardegan Alberto Mardegan created merge request #4 on IMA/EVM Utils

    libimaevm: do not crash if the certificate cannot be read

  • Mimi Zohar committed [066685]

    Change condition to free(pub)

  • Mimi Zohar committed [ca68dd]

    Fix memory leak related to entry.template

  • Mimi Zohar committed [c79287]

    Add assert to ensure that algo_name in bank is set

  • Mimi Zohar committed [d7dffe]

    Fix memory leaks of tpm_bank_info allocations

  • Mimi Zohar committed [a141bd]

    add support for reading per bank TPM 2.0 PCRs via sysfs

  • Mimi Zohar committed [7aaf92]

    Fix tpm2_pcr_supported() output messages

  • Mimi Zohar committed [22f8ef]

    Define and verify the template data length upper bounds

  • Mimi Zohar committed [27e910]

    Sanity check the template data field sizes

  • Mimi Zohar committed [6778e3]

    Don't ignore number of items read

  • Mimi Zohar committed [297d01]

    Build OpenSSL without engine support

  • Mimi Zohar committed [c8b175]

    Make sure the key file is a regular file

  • Mimi Zohar committed [abf7b5]

    Compile a newer version of OpenSSL

  • Mimi Zohar committed [1d4970]

    Base sm2/sm3 test on openssl version installed

  • Mimi Zohar committed [232836]

    Limit the file hash algorithm name length

  • Mimi Zohar committed [f57ea9]

    Missing template data size lower bounds checking

  • Mimi Zohar committed [c1635a]

    Disable use of OpenSSL "engine" support

  • Mimi Zohar committed [f2b1b6]

    Fix potential use after free in read_tpm_banks()

  • Mimi Zohar committed [67ca79]

    Replace the low level HMAC calls when calculating the EVM HMAC

  • Mimi Zohar committed [a7b5bd]

    Add missing EVP_MD_CTX_free() call in calc_evm_hash()

  • Mimi Zohar committed [b9c975]

    Replace the low level SHA1 calls when calculating the TPM 1.2 PCRs

  • Mimi Zohar committed [8e1da3]

    Update configure.ac to address a couple of obsolete warnings

  • Mimi Zohar committed [751a39]

    Deprecate IMA signature version 1

  • Mimi Zohar committed [ba2b6a]

    log and reset 'errno' after failure to open non-critical files

  • Mimi Zohar committed [1fcac5]

    Log and reset 'errno' on lsetxattr failure

  • Mimi Zohar committed [f8c962]

    travis: update dist=focal

  • Mimi Zohar committed [0f3b9a]

    Revert "Reset 'errno' after failure to open or access a file"

  • Mimi Zohar committed [75fada]

    ci/alpine.sh: Install bash

  • Mimi Zohar committed [8f1e52]

    ci/ubuntu: impish -> jammy

  • Mimi Zohar committed [3d7713]

    Verify an fs-verity file digest based signature

  • Mimi Zohar committed [fc46af]

    Sign an fs-verity file digest

  • Mimi Zohar committed [acb19d]

    Reset 'errno' after failure to open or access a file

  • Mimi Zohar committed [eb956b]

    travis: install fuse-overlayfs before podman

  • Mimi Zohar committed [373178]

    ci: Replace groovy -> impish

  • Mimi Zohar committed [e06980]

    ci/GitHub: Remove CentOS 8

  • Mimi Zohar committed [170be4]

    travis: include CentOS stream 8

  • mzohar mzohar updated merge request #3

    Allow Disablement of evmctl and Doc Generation

  • mzohar mzohar posted a comment on merge request #3

    Responded on the ima-evm-utils mailing list with suggestions: - display new variable status in configure.ac - questioned the need for --disable-evmctl-doc - no need for if/then/else in src/Makefile.am

  • Purushottam Kulkarni Purushottam Kulkarni created merge request #3

    Allow Disablement of evmctl and Doc Generation

  • Integrity Measurement Architecture (IMA) Integrity Measurement Architecture (IMA) released /ima-evm-utils/ima-evm-utils-1.4.tar.gz

  • Mimi Zohar committed [9171c1]

    travis: switch to using crun for podman

  • Mimi Zohar committed [3d4a74]

    travis: use alt:sisyphus from docker.io

  • Mimi Zohar committed [1a9472]

    travis: Fix fedora:latest, alpine:latest, and alt:sisyphus

  • Mimi Zohar committed [4dab85]

    ci: upgrade to glibc-2.34 uses clone3 causing CI to fail

  • Mimi Zohar committed [2c3ff9]

    Release version 1.4

  • Mimi Zohar committed [6fbb2a]

    evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable

  • Mimi Zohar committed [1de1e3]

    evmctl: Define and use an ENGINE field in libimaevm_params

  • Mimi Zohar committed [29aa74]

    evmctl: Implement function for setting up an OpenSSL engine

  • Mimi Zohar committed [47510a]

    evmctl: Handle failure to initialize the openssl engine

  • Mimi Zohar committed [3b32ac]

    evmctl: use the pkcs11 engine for pkcs11: prefixed URIs

  • Mimi Zohar committed [ebcdbf]

    tests: Get the packages for pkcs11 testing on the CI/CD system

  • Mimi Zohar committed [6350e0]

    libimaevm: Add support for pkcs11 private keys for signing a v2 hash

  • Mimi Zohar committed [4a977c]

    tests: Import softhsm_setup script to enable pkcs11 test case

  • Mimi Zohar committed [e5b309]

    tests: Extend sign_verify test with pkcs11-specific test

  • Mimi Zohar committed [80bb31]

    set default hash algorithm in configuration time

  • Mimi Zohar committed [5356b0]

    Merge branch 'pkcs11-support-v4' into next

  • Mimi Zohar committed [3328f6]

    make SHA-256 the default hash algorithm

  • Mimi Zohar committed [ba366f]

    Merge branch 'default-hash-algo' into next

  • Mimi Zohar committed [fa2ba9]

    evmctl: fix memory leak in get_password

  • Mimi Zohar committed [ff4f27]

    evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable

  • Mimi Zohar committed [b1818c]

    Create alternative tpm2_pcr_read() that uses IBM TSS

  • Mimi Zohar committed [efacc1]

    Expand the INSTALL instructions

  • Mimi Zohar committed [e52fc1]

    Change PCR iterator from int to uint32_t

1 >