1
linux/security/ipe/digest.h
Deven Bowers e155858dd9 ipe: add support for dm-verity as a trust provider
Allows author of IPE policy to indicate trust for a singular dm-verity
volume, identified by roothash, through "dmverity_roothash" and all
signed and validated dm-verity volumes, through "dmverity_signature".

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: fixed some line length issues in the comments]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-20 14:02:45 -04:00

27 lines
636 B
C

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
*/
#ifndef _IPE_DIGEST_H
#define _IPE_DIGEST_H
#include <linux/types.h>
#include <linux/audit.h>
#include "policy.h"
struct digest_info {
const char *alg;
const u8 *digest;
size_t digest_len;
};
struct digest_info *ipe_digest_parse(const char *valstr);
void ipe_digest_free(struct digest_info *digest_info);
void ipe_digest_audit(struct audit_buffer *ab, const struct digest_info *val);
bool ipe_digest_eval(const struct digest_info *expected,
const struct digest_info *digest);
#endif /* _IPE_DIGEST_H */