AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-25 03:30:53 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
523b74b16b
linux_dsm_epyc7002/security/integrity
History
Dmitry Kasatkin 523b74b16b evm: reset EVM status when file attributes change 
The EVM verification status is cached in iint->evm_status and if it
was successful, never re-verified again when IMA passes the 'iint' to
evm_verifyxattr().

When file attributes or extended attributes change, we may wish to
re-verify EVM integrity as well.  For example, after setting a digital
signature we may need to re-verify the signature and update the
iint->flags that there is an EVM signature.

This patch enables that by resetting evm_status to INTEGRITY_UKNOWN
state.

Changes in v2:
* Flag setting moved to EVM layer

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-12-15 09:56:57 -05:00
..
evm evm: reset EVM status when file attributes change 2015-12-15 09:56:57 -05:00
ima integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
digsig.c integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
iint.c evm: load an x509 certificate from the kernel 2015-12-15 08:31:19 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h evm: load an x509 certificate from the kernel 2015-12-15 08:31:19 -05:00
Kconfig integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00