linux_dsm_epyc7002/security/integrity/evm
Mimi Zohar 2fb1c9a4f2 evm: prohibit userspace writing 'security.evm' HMAC value
Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
2014-06-12 17:58:07 -04:00
..
evm_crypto.c evm: replace HMAC version with attribute mask 2014-06-12 17:58:06 -04:00
evm_main.c evm: prohibit userspace writing 'security.evm' HMAC value 2014-06-12 17:58:07 -04:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c security: integrity: Use a more current logging style 2014-03-07 12:15:21 -05:00
evm.h evm: replace HMAC version with attribute mask 2014-06-12 17:58:06 -04:00
Kconfig evm: provide option to protect additional SMACK xattrs 2014-06-12 17:58:06 -04:00
Makefile evm: posix acls modify i_mode 2011-09-14 15:24:51 -04:00