15 Dec, 2015
1 commit
-
A crypto HW kernel module can possibly initialize the EVM key from the
kernel __init code to enable EVM before calling the 'init' process.
This patch provides a function evm_set_key() to set the EVM key
directly without using the KEY subsystem.Changes in v4:
* kernel-doc style for evm_set_keyChanges in v3:
* error reporting moved to evm_set_key
* EVM_INIT_HMAC moved to evm_set_key
* added bitop to prevent key setting raceChanges in v2:
* use size_t for key size instead of signed int
* provide EVM_MAX_KEY_SIZE macro in
* provide EVM_MIN_KEY_SIZE macro inSigned-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar
27 Mar, 2013
1 commit
-
Signed-off-by: Paul Bolle
Signed-off-by: Jiri Kosina
15 Sep, 2011
1 commit
-
The posix xattr acls are 'system' prefixed, which normally would not
affect security.evm. An interesting side affect of writing posix xattr
acls is their modifying of the i_mode, which is included in security.evm.This patch updates security.evm when posix xattr acls are written.
Signed-off-by: Mimi Zohar
11 Aug, 2011
2 commits
-
evm_inode_init_security() should return 0, when EVM is not enabled.
(Returning an error is a remnant of evm_inode_post_init_security.)Signed-off-by: Mimi Zohar
Signed-off-by: James Morris -
- Missing 'inline' on evm_inode_setattr() definition.
Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent
updating an invalid security.evm").- Missing security_old_inode_init_security() stub function definition.
Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security
API adds function callback").Reported-by: Stephen Rothwell
Signed-off-by: Mimi Zohar
Signed-off-by: James Morris
19 Jul, 2011
6 commits
-
Permit changing of security.evm only when valid, unless in fixmode.
Reported-by: Roberto Sassu
Signed-off-by: Mimi Zohar -
Additional iint parameter allows to skip lookup in the cache.
Signed-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar -
Initialize 'security.evm' for new files.
Changelog v7:
- renamed evm_inode_post_init_security to evm_inode_init_security
- moved struct xattr definition to earlier patch
- allocate xattr name
Changelog v6:
- Use 'struct evm_ima_xattr_data'Signed-off-by: Mimi Zohar
-
Changing the inode's metadata may require the 'security.evm' extended
attribute to be re-calculated and updated.Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn -
When an EVM protected extended attribute is removed, update 'security.evm'.
Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn -
Imbed the evm calls evm_inode_setxattr(), evm_inode_post_setxattr(),
evm_inode_removexattr() in the security hooks. evm_inode_setxattr()
protects security.evm xattr. evm_inode_post_setxattr() and
evm_inode_removexattr() updates the hmac associated with an inode.(Assumes an LSM module protects the setting/removing of xattr.)
Changelog:
- Don't define evm_verifyxattr(), unless CONFIG_INTEGRITY is enabled.
- xattr_name is a 'const', value is 'void *'Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn
