22 Jun, 2017
3 commits
-
If the func_tokens array uses the same indices as enum ima_hooks,
policy_func_show can be a lot simpler, and the func_* enum becomes
unnecessary.Also, if we use the same macro trick used by kernel_read_file_id_str we can
use one hooks list for both the enum and the string array, making sure they
are always in sync (suggested by Mimi Zohar).Finally, by using the printf pattern for the function token directly
instead of using the pt macro we can simplify policy_func_show even further
and avoid needing a temporary buffer.Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar -
These changes are too small to warrant their own patches:
The keyid and sig_size members of struct signature_v2_hdr are in BE format,
so use a type that makes this assumption explicit. Also, use beXX_to_cpu
instead of __beXX_to_cpu to read them.Change integrity_kernel_read to take a void * buffer instead of char *
buffer, so that callers don't have to use a cast if they provide a buffer
that isn't a char *.Add missing #endif comment in ima.h pointing out which macro it refers to.
Add missing fall through comment in ima_appraise.c.
Constify mask_tokens and func_tokens arrays.
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar -
While reading the code, I noticed that these #endif comments don't match
how they're actually nested. This patch fixes that.Signed-off-by: Tycho Andersen
Signed-off-by: Mimi Zohar
28 Jan, 2017
1 commit
-
On failure to return a pathname from ima_d_path(), a pointer to
dname is returned, which is subsequently used in the IMA measurement
list, the IMA audit records, and other audit logging. Saving the
pointer to dname for later use has the potential to race with rename.Intead of returning a pointer to dname on failure, this patch returns
a pointer to a copy of the filename.Reported-by: Al Viro
Signed-off-by: Mimi Zohar
Cc: stable@vger.kernel.org
21 Dec, 2016
5 commits
-
The IMA binary_runtime_measurements list is currently in platform native
format.To allow restoring a measurement list carried across kexec with a
different endianness than the targeted kernel, this patch defines
little-endian as the canonical format. For big endian systems wanting
to save/restore the measurement list from a system with a different
endianness, a new boot command line parameter named "ima_canonical_fmt"
is defined.Considerations: use of the "ima_canonical_fmt" boot command line option
will break existing userspace applications on big endian systems
expecting the binary_runtime_measurements list to be in platform native
format.Link: http://lkml.kernel.org/r/1480554346-29071-10-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
Cc: Thiago Jung Bauermann
Cc: "Eric W. Biederman"
Cc: Andreas Steffen
Cc: Josh Sklar
Cc: Dave Young
Cc: Vivek Goyal
Cc: Baoquan He
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Stewart Smith
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The builtin and single custom templates are currently stored in an
array. In preparation for being able to restore a measurement list
containing multiple builtin/custom templates, this patch stores the
builtin and custom templates as a linked list. This will permit
defining more than one custom template per boot.Link: http://lkml.kernel.org/r/1480554346-29071-8-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
Cc: Thiago Jung Bauermann
Cc: "Eric W. Biederman"
Cc: Andreas Steffen
Cc: Josh Sklar
Cc: Dave Young
Cc: Vivek Goyal
Cc: Baoquan He
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Stewart Smith
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The TPM PCRs are only reset on a hard reboot. In order to validate a
TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement
list of the running kernel must be saved and restored on boot.This patch uses the kexec buffer passing mechanism to pass the
serialized IMA binary_runtime_measurements to the next kernel.Link: http://lkml.kernel.org/r/1480554346-29071-7-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Thiago Jung Bauermann
Signed-off-by: Mimi Zohar
Acked-by: "Eric W. Biederman"
Acked-by: Dmitry Kasatkin
Cc: Andreas Steffen
Cc: Josh Sklar
Cc: Dave Young
Cc: Vivek Goyal
Cc: Baoquan He
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Stewart Smith
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
In preparation for serializing the binary_runtime_measurements, this
patch maintains the amount of memory required.Link: http://lkml.kernel.org/r/1480554346-29071-5-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
Cc: Thiago Jung Bauermann
Cc: "Eric W. Biederman"
Cc: Andreas Steffen
Cc: Josh Sklar
Cc: Dave Young
Cc: Vivek Goyal
Cc: Baoquan He
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Stewart Smith
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The TPM PCRs are only reset on a hard reboot. In order to validate a
TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement
list of the running kernel must be saved and restored on boot. This
patch restores the measurement list.Link: http://lkml.kernel.org/r/1480554346-29071-3-git-send-email-zohar@linux.vnet.ibm.com
Signed-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
Cc: Thiago Jung Bauermann
Cc: "Eric W. Biederman"
Cc: Andreas Steffen
Cc: Josh Sklar
Cc: Dave Young
Cc: Vivek Goyal
Cc: Baoquan He
Cc: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Stewart Smith
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
30 Jun, 2016
2 commits
-
The IMA measurement list entries include the Kconfig defined PCR value.
This patch defines a new ima_template_entry field for including the PCR
as specified in the policy rule.Signed-off-by: Eric Richter
Signed-off-by: Mimi Zohar -
Different policy rules may extend different PCRs. This patch retrieves
the specific PCR for the matched rule. Subsequent patches will include
the rule specific PCR in the measurement list and extend the appropriate
PCR.Signed-off-by: Eric Richter
Signed-off-by: Mimi Zohar
28 Mar, 2016
1 commit
-
Signed-off-by: Al Viro
21 Feb, 2016
4 commits
-
Add support for measuring and appraising the IMA policy itself.
Changelog v4:
- use braces on both if/else branches, even if single line on one of the
branches - Dmitry
- Use the id mapping - DmitrySigned-off-by: Mimi Zohar
Acked-by: Petko Manolov
Acked-by: Dmitry Kasatkin -
Add IMA policy support for measuring/appraising the kexec image and
initramfs. Two new IMA policy identifiers KEXEC_KERNEL_CHECK and
KEXEC_INITRAMFS_CHECK are defined.Example policy rules:
measure func=KEXEC_KERNEL_CHECK
appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig
measure func=KEXEC_INITRAMFS_CHECK
appraise func=KEXEC_INITRAMFS_CHECK appraise_type=imasigMoving the enumeration to the vfs layer simplified the patches, allowing
the IMA changes, for the most part, to be separated from the other
changes. Unfortunately, passing either a kernel_read_file_id or a
ima_hooks enumeration within IMA is messy.Option 1: duplicate kernel_read_file enumeration in ima_hooks
enum kernel_read_file_id {
...
READING_KEXEC_IMAGE,
READING_KEXEC_INITRAMFS,
READING_MAX_IDenum ima_hooks {
...
KEXEC_KERNEL_CHECK
KEXEC_INITRAMFS_CHECKOption 2: define ima_hooks as extension of kernel_read_file
eg: enum ima_hooks {
FILE_CHECK = READING_MAX_ID,
MMAP_CHECK,In order to pass both kernel_read_file_id and ima_hooks values, we
would need to specify a struct containing a union.struct caller_id {
union {
enum ima_hooks func_id;
enum kernel_read_file_id read_id;
};
};Option 3: incorportate the ima_hooks enumeration into kernel_read_file_id,
perhaps changing the enumeration name.For now, duplicate the new READING_KEXEC_IMAGE/INITRAMFS in the ima_hooks.
Changelog v4:
- replaced switch statement with a kernel_read_file_id to an ima_hooks
id mapping array - Dmitry
- renamed ima_hook tokens KEXEC_CHECK and INITRAMFS_CHECK to
KEXEC_KERNEL_CHECK and KEXEC_INITRAMFS_CHECK respectively - Dave YoungSigned-off-by: Mimi Zohar
Acked-by: Petko Manolov
Acked-by: Dmitry Kasatkin
Cc: Dave Young -
Each time a file is read by the kernel, the file should be re-measured and
the file signature re-appraised, based on policy. As there is no need to
preserve the status information, this patch replaces the firmware and
module specific cache status with a generic one named read_file.This change simplifies adding support for other files read by the kernel.
Signed-off-by: Mimi Zohar
Acked-by: Petko Manolov
Acked-by: Dmitry Kasatkin -
This patch defines a new IMA hook ima_post_read_file() for measuring
and appraising files read by the kernel. The caller loads the file into
memory before calling this function, which calculates the hash followed by
the normal IMA policy based processing.Changelog v5:
- fail ima_post_read_file() if either file or buf is NULL
v3:
- rename ima_hash_and_process_file() to ima_post_read_file()v1:
- split patchSigned-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
19 Feb, 2016
3 commits
-
This patch provides convenient buffer hash calculation function.
Changelog v3:
- fix while hash calculation - Dmitry
v1:
- rewrite to support loff_t sized buffers - Mimi
(based on Fenguang Wu's testing)Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar -
Cleanup the function arguments by using "ima_hooks" enumerator as needed.
Signed-off-by: Mimi Zohar
Acked-by: Petko Manolov
Acked-by: Dmitry Kasatkin -
Instead of passing pointers to pointers to ima_collect_measurent() to
read and return the 'security.ima' xattr value, this patch moves the
functionality to the calling process_measurement() to directly read
the xattr and pass only the hash algo to the ima_collect_measurement().Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar
25 Dec, 2015
1 commit
-
Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be accessed.Changelog:
- Move list_empty() test to ima_release_policy(), before audit msg - MimiSigned-off-by: Sasha Levin
Signed-off-by: Mimi Zohar
15 Dec, 2015
1 commit
-
It is often useful to be able to read back the IMA policy. It is
even more important after introducing CONFIG_IMA_WRITE_POLICY.
This option allows the root user to see the current policy rules.Signed-off-by: Zbigniew Jasinski
Signed-off-by: Petko Manolov
Signed-off-by: Mimi Zohar
24 Nov, 2015
1 commit
-
Require all keys added to the EVM keyring be signed by an
existing trusted key on the system trusted keyring.This patch also switches IMA to use integrity_init_keyring().
Changes in v3:
* Added 'init_keyring' config based variable to skip initializing
keyring instead of using __integrity_init_keyring() wrapper.
* Added dependency back to CONFIG_IMA_TRUSTED_KEYRINGChanges in v2:
* Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common
CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option
* Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config
file compatibility. (Mimi Zohar)Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar
16 Jun, 2015
1 commit
-
This patch fixes a bug introduced in "4d7aeee ima: define new template
ima-ng and template fields d-ng and n-ng".Changelog:
- change int to uint32 (Roberto Sassu's suggestion)Signed-off-by: Mimi Zohar
Signed-off-by: Roberto Sassu
Cc: stable@vger.kernel.org # 3.13
22 May, 2015
2 commits
-
This patch adds the iint associated to the current inode as a new
parameter of ima_add_violation(). The passed iint is always not NULL
if a violation is detected. This modification will be used to determine
the inode for which there is a violation.Since the 'd' and 'd-ng' template field init() functions were detecting
a violation from the value of the iint pointer, they now check the new
field 'violation', added to the 'ima_event_data' structure.Changelog:
- v1:
- modified an old comment (Roberto Sassu)Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
All event related data has been wrapped into the new 'ima_event_data'
structure. The main benefit of this patch is that a new information
can be made available to template fields initialization functions
by simply adding a new field to the new structure instead of modifying
the definition of those functions.Changelog:
- v2:
- f_dentry replaced with f_path.dentry (Roberto Sassu)
- removed declaration of temporary variables in template field functions
when possible (suggested by Dmitry Kasatkin)Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar
18 Sep, 2014
2 commits
-
This patch introduces the new variable 'ima_policy_flag', whose bits
are set depending on the action of the current policy rules. Only the
flags IMA_MEASURE, IMA_APPRAISE and IMA_AUDIT are set.The new variable will be used to improve performance by skipping the
unnecessary execution of IMA code if the policy does not contain rules
with the above actions.Changes in v6 (Roberto Sassu)
* do not check 'ima_initialized' before calling ima_update_policy_flag()
in ima_update_policy() (suggested by Dmitry)
* calling ima_update_policy_flag() moved to init_ima to co-locate with
ima_initialized (Dmitry)
* add/revise comments (Mimi)Changes in v5 (Roberto Sassu)
* reset IMA_APPRAISE flag in 'ima_policy_flag' if 'ima_appraise' is set
to zero (reported by Dmitry)
* update 'ima_policy_flag' only if IMA initialization is successful
(suggested by Mimi and Dmitry)
* check 'ima_policy_flag' instead of 'ima_initialized'
(suggested by Mimi and Dmitry)Signed-off-by: Roberto Sassu
Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar -
The kernel boot parameter "ima_appraise" currently defines 'off',
'enforce' and 'fix' modes. When designing a policy and labeling
the system, access to files are either blocked in the default
'enforce' mode or automatically fixed in the 'fix' mode. It is
beneficial to be able to run the system in a logging only mode,
without fixing it, in order to properly analyze the system. This
patch adds a 'log' mode to run the system in a permissive mode and
log the appraisal results.Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar
09 Sep, 2014
3 commits
-
Add missing keywords to the function definition to cleanup
to discard initialization code.Signed-off-by: Dmitry Kasatkin
Reviewed-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
Commit f381c27 "integrity: move ima inode integrity data management"
(re)moved few functions but left their declarations in header files.
This patch removes them and also removes duplicated declaration of
integrity_iint_find().Commit c7de7ad "ima: remove unused cleanup functions". This patch
removes these definitions as well.Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar -
Empty files and missing xattrs do not guarantee that a file was
just created. This patch passes FILE_CREATED flag to IMA to
reliably identify new files.Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar
Cc: 3.14+
26 Jul, 2014
1 commit
-
The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.Signed-off-by: Mimi Zohar
Signed-off-by: Kees Cook
17 Jul, 2014
1 commit
-
Require all keys added to the IMA keyring be signed by an
existing trusted key on the system trusted keyring.Changelog v6:
- remove ifdef CONFIG_IMA_TRUSTED_KEYRING in C code - Dmitry
- update Kconfig dependency and help
- select KEYS_DEBUG_PROC_KEYS - DmitryChangelog v5:
- Move integrity_init_keyring() to init_ima() - Dmitry
- reset keyring[id] on failure - DmitryChangelog v1:
- don't link IMA trusted keyring to user keyringChangelog:
- define stub integrity_init_keyring() function (reported-by Fengguang Wu)
- differentiate between regular and trusted keyring names.
- replace printk with pr_info (D. Kasatkin)
- only make the IMA keyring a trusted keyring (reported-by D. Kastatkin)
- define stub integrity_init_keyring() definition based on
CONFIG_INTEGRITY_SIGNATURE, not CONFIG_INTEGRITY_ASYMMETRIC_KEYS.
(reported-by Jim Davis)Signed-off-by: Mimi Zohar
Signed-off-by: Dmitry Kasatkin
Acked-by: David Howells
08 Mar, 2014
1 commit
-
With the new template mechanism introduced in IMA since kernel 3.13,
the format of data sent through the binary_runtime_measurements interface
is slightly changed. Now, for a generic measurement, the format of
template data (after the template name) is:template_len | field1_len | field1 | ... | fieldN_len | fieldN
In addition, fields containing a string now include the '\0' termination
character.Instead, the format for the 'ima' template should be:
SHA1 digest | event name length | event name
It must be noted that while in the IMA 3.13 code 'event name length' is
'IMA_EVENT_NAME_LEN_MAX + 1' (256 bytes), so that the template digest
is calculated correctly, and 'event name' contains '\0', in the pre 3.13
code 'event name length' is exactly the string length and 'event name'
does not contain the termination character.The patch restores the behavior of the IMA code pre 3.13 for the 'ima'
template so that legacy userspace tools obtain a consistent behavior
when receiving data from the binary_runtime_measurements interface
regardless of which kernel version is used.Signed-off-by: Roberto Sassu
Cc: # 3.3.13: 3ce1217 ima: define template fields library
Signed-off-by: Mimi Zohar
03 Dec, 2013
1 commit
-
The new templates management mechanism records information associated
to an event into an array of 'ima_field_data' structures and makes it
available through the 'template_data' field of the 'ima_template_entry'
structure (the element of the measurements list created by IMA).Since 'ima_field_data' contains dynamically allocated data (which length
varies depending on the data associated to a selected template field),
it is not enough to just free the memory reserved for a
'ima_template_entry' structure if something goes wrong.This patch creates the new function ima_free_template_entry() which
walks the array of 'ima_field_data' structures, frees the memory
referenced by the 'data' pointer and finally the space reserved for
the 'ima_template_entry' structure. Further, it replaces existing kfree()
that have a pointer to an 'ima_template_entry' structure as argument
with calls to the new function.Fixes: a71dc65: ima: switch to new template management mechanism
Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar
25 Nov, 2013
2 commits
-
This patch defines a new value for the 'ima_show_type' enumerator
(IMA_SHOW_BINARY_NO_FIELD_LEN) to prevent that the field length
is transmitted through the 'binary_runtime_measurements' interface
for the digest field of the 'ima' template.Fixes commit: 3ce1217 ima: define template fields library and new helpers
Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
To maintain compatibility with userspace tools, the field length must not
be included in the template digest calculation for the 'ima' template.Fixes commit: a71dc65 ima: switch to new template management mechanism
Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar
01 Nov, 2013
1 commit
-
This patch defines a new template called 'ima-sig', which includes
the file signature in the template data, in addition to the file's
digest and pathname.A template is composed of a set of fields. Associated with each
field is an initialization and display function. This patch defines
a new template field called 'sig', the initialization function
ima_eventsig_init(), and the display function ima_show_template_sig().This patch modifies the .field_init() function definition to include
the 'security.ima' extended attribute and length.Changelog:
- remove unused code (Dmitry Kasatkin)
- avoid calling ima_write_template_field_data() unnecesarily (Roberto Sassu)
- rename DATA_FMT_SIG to DATA_FMT_HEX
- cleanup ima_eventsig_init() based on Roberto's commentsSigned-off-by: Mimi Zohar
Signed-off-by: Dmitry Kasatkin
Signed-off-by: Roberto Sassu
26 Oct, 2013
3 commits
-
This patch performs the switch to the new template mechanism by modifying
the functions ima_alloc_init_template(), ima_measurements_show() and
ima_ascii_measurements_show(). The old function ima_template_show() was
removed as it is no longer needed. Also, if the template descriptor used
to generate a measurement entry is not 'ima', the whole length of field
data stored for an entry is provided before the data itself through the
binary_runtime_measurement interface.Changelog:
- unnecessary to use strncmp() (Mimi Zohar)
- create new variable 'field' in ima_alloc_init_template() (Roberto Sassu)
- use GFP_NOFS flag in ima_alloc_init_template() (Roberto Sassu)
- new variable 'num_fields' in ima_store_template() (Roberto Sassu,
proposed by Mimi Zohar)
- rename ima_calc_buffer_hash/template_hash() to ima_calc_field_array_hash(),
something more generic (Mimi, requested by Dmitry)
- sparse error fix - Fengguang Wu
- fix lindent warnings
- always include the field length in the template data length
- include the template field length variable size in the template data length
- include both the template field data and field length in the template digest
calculation. Simplifies verifying the template digest. (Mimi)Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
This patch defines a library containing two initial template fields,
inode digest (d) and file name (n), the 'ima' template descriptor,
whose format is 'd|n', and two helper functions,
ima_write_template_field_data() and ima_show_template_field_data().Changelog:
- replace ima_eventname_init() parameter NULL checking with BUG_ON.
(suggested by Mimi)
- include "new template fields for inode digest (d) and file name (n)"
definitions to fix a compiler warning. - Mimi
- unnecessary to prefix static function names with 'ima_'. remove
prefix to resolve Lindent formatting changes. - Mimi
- abbreviated/removed inline comments - Mimi
- always send the template field length - MimiSigned-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
The original 'ima' template is fixed length, containing the filedata hash
and pathname. The filedata hash is limited to 20 bytes (md5/sha1). The
pathname is a null terminated string, limited to 255 characters. To
overcome these limitations and to add additional file metadata, it is
necessary to extend the current version of IMA by defining additional
templates.The main reason to introduce this feature is that, each time a new
template is defined, the functions that generate and display the
measurement list would include the code for handling a new format and,
thus, would significantly grow over time.This patch set solves this problem by separating the template management
from the remaining IMA code. The core of this solution is the definition
of two new data structures: a template descriptor, to determine which
information should be included in the measurement list, and a template
field, to generate and display data of a given type.To define a new template field, developers define the field identifier
and implement two functions, init() and show(), respectively to generate
and display measurement entries. Initially, this patch set defines the
following template fields (support for additional data types will be
added later):
- 'd': the digest of the event (i.e. the digest of a measured file),
calculated with the SHA1 or MD5 hash algorithm;
- 'n': the name of the event (i.e. the file name), with size up to
255 bytes;
- 'd-ng': the digest of the event, calculated with an arbitrary hash
algorithm (field format: [:]digest, where the digest
prefix is shown only if the hash algorithm is not SHA1 or MD5);
- 'n-ng': the name of the event, without size limitations.Defining a new template descriptor requires specifying the template format,
a string of field identifiers separated by the '|' character. This patch
set defines the following template descriptors:
- "ima": its format is 'd|n';
- "ima-ng" (default): its format is 'd-ng|n-ng'Further details about the new template architecture can be found in
Documentation/security/IMA-templates.txt.Changelog:
- don't defer calling ima_init_template() - Mimi
- don't define ima_lookup_template_desc() until used - Mimi
- squashed with documentation patch - MimiSigned-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar