- 19 2月, 2016 3 次提交
-
-
由 Mimi Zohar 提交于
Cleanup the function arguments by using "ima_hooks" enumerator as needed. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPetko Manolov <petkan@mip-labs.com> Acked-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com>
-
由 Mimi Zohar 提交于
Define and call a function to display the "ima_hooks" rules. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPetko Manolov <petkan@mip-labs.com> Acked-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com>
-
由 Dmitry Kasatkin 提交于
Instead of passing pointers to pointers to ima_collect_measurent() to read and return the 'security.ima' xattr value, this patch moves the functionality to the calling process_measurement() to directly read the xattr and pass only the hash algo to the ima_collect_measurement(). Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 09 2月, 2016 1 次提交
-
-
由 Colin Ian King 提交于
ima_check_policy() has no parameters, so use the normal void parameter convention to make it match the prototype in the header file security/integrity/ima/ima.h Signed-off-by: NColin Ian King <colin.king@canonical.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 28 1月, 2016 1 次提交
-
-
由 David Howells 提交于
KEY_FLAG_KEEP should only be applied to a key if the keyring it is being linked into has KEY_FLAG_KEEP set. To this end, partially revert the following patch: commit 1d6d167c Author: Mimi Zohar <zohar@linux.vnet.ibm.com> Date: Thu Jan 7 07:46:36 2016 -0500 KEYS: refcount bug fix to undo the change that made it unconditional (Mimi got it right the first time). Without undoing this change, it becomes impossible to delete, revoke or invalidate keys added to keyrings through __key_instantiate_and_link() where the keyring has itself been linked to. To test this, run the following command sequence: keyctl newring foo @s keyctl add user a a %:foo keyctl unlink %user:a %:foo keyctl clear %:foo With the commit mentioned above the third and fourth commands fail with EPERM when they should succeed. Reported-by: NStephen Gallager <sgallagh@redhat.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NMimi Zohar <zohar@linux.vnet.ibm.com> cc: Mimi Zohar <zohar@linux.vnet.ibm.com> cc: keyrings@vger.kernel.org cc: stable@vger.kernel.org Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 23 1月, 2016 1 次提交
-
-
由 Al Viro 提交于
parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested}, inode_foo(inode) being mutex_foo(&inode->i_mutex). Please, use those for access to ->i_mutex; over the coming cycle ->i_mutex will become rwsem, with ->lookup() done with it held only shared. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 21 1月, 2016 2 次提交
-
-
由 Jann Horn 提交于
By checking the effective credentials instead of the real UID / permitted capabilities, ensure that the calling process actually intended to use its credentials. To ensure that all ptrace checks use the correct caller credentials (e.g. in case out-of-tree code or newly added code omits the PTRACE_MODE_*CREDS flag), use two new flags and require one of them to be set. The problem was that when a privileged task had temporarily dropped its privileges, e.g. by calling setreuid(0, user_uid), with the intent to perform following syscalls with the credentials of a user, it still passed ptrace access checks that the user would not be able to pass. While an attacker should not be able to convince the privileged task to perform a ptrace() syscall, this is a problem because the ptrace access check is reused for things in procfs. In particular, the following somewhat interesting procfs entries only rely on ptrace access checks: /proc/$pid/stat - uses the check for determining whether pointers should be visible, useful for bypassing ASLR /proc/$pid/maps - also useful for bypassing ASLR /proc/$pid/cwd - useful for gaining access to restricted directories that contain files with lax permissions, e.g. in this scenario: lrwxrwxrwx root root /proc/13020/cwd -> /root/foobar drwx------ root root /root drwxr-xr-x root root /root/foobar -rw-r--r-- root root /root/foobar/secret Therefore, on a system where a root-owned mode 6755 binary changes its effective credentials as described and then dumps a user-specified file, this could be used by an attacker to reveal the memory layout of root's processes or reveal the contents of files he is not allowed to access (through /proc/$pid/cwd). [akpm@linux-foundation.org: fix warning] Signed-off-by: NJann Horn <jann@thejh.net> Acked-by: NKees Cook <keescook@chromium.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Morris <james.l.morris@oracle.com> Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Jann Horn 提交于
It looks like smack and yama weren't aware that the ptrace mode can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch, all modes have flags ORed into them. Signed-off-by: NJann Horn <jann@thejh.net> Acked-by: NKees Cook <keescook@chromium.org> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Morris <james.l.morris@oracle.com> Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 20 1月, 2016 1 次提交
-
-
由 Yevgeny Pats 提交于
This fixes CVE-2016-0728. If a thread is asked to join as a session keyring the keyring that's already set as its session, we leak a keyring reference. This can be tested with the following program: #include <stddef.h> #include <stdio.h> #include <sys/types.h> #include <keyutils.h> int main(int argc, const char *argv[]) { int i = 0; key_serial_t serial; serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring"); if (serial < 0) { perror("keyctl"); return -1; } if (keyctl(KEYCTL_SETPERM, serial, KEY_POS_ALL | KEY_USR_ALL) < 0) { perror("keyctl"); return -1; } for (i = 0; i < 100; i++) { serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring"); if (serial < 0) { perror("keyctl"); return -1; } } return 0; } If, after the program has run, there something like the following line in /proc/keys: 3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty with a usage count of 100 * the number of times the program has been run, then the kernel is malfunctioning. If leaked-keyring has zero usages or has been garbage collected, then the problem is fixed. Reported-by: NYevgeny Pats <yevgeny@perception-point.io> Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NDon Zickus <dzickus@redhat.com> Acked-by: NPrarit Bhargava <prarit@redhat.com> Acked-by: NJarod Wilson <jarod@redhat.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 09 1月, 2016 1 次提交
-
-
由 Andreas Gruenbacher 提交于
Commit 5d226df4 has introduced a performance regression of about 10% in the UnixBench pipe benchmark. It turns out that the call to inode_security in selinux_file_permission can be moved below the zero-mask test and that inode_security_revalidate can be removed entirely, which brings us back to roughly the original performance. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 08 1月, 2016 1 次提交
-
-
由 Mimi Zohar 提交于
This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP test before setting the flag, and cleans up the if/then brackets style introduced in commit: d3600bcf KEYS: prevent keys from being removed from specified keyrings Reported-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NDavid Howells <dhowells@redhat.com>
-
- 04 1月, 2016 4 次提交
-
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Nothing in there gives a damn about the buffer alignment - it just parses its contents. So the use of get_zeroed_page() doesn't buy us anything - might as well had been kmalloc(), which makes that code equivalent to open-coded memdup_user_nul() Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
A _lot_ of ->write() instances were open-coding it; some are converted to memdup_user_nul(), a lot more remain... Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Petko Manolov 提交于
There is no need to hold the ima_write_mutex for so long. We only need it around ima_parse_add_rule(). Changelog: - The return path now takes into account failed kmalloc() call. Reported-by: NAl Viro <viro@ZenIV.linux.org.uk> Signed-off-by: NPetko Manolov <petkan@mip-labs.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
- 25 12月, 2015 9 次提交
-
-
由 Sasha Levin 提交于
Commit "IMA: policy can now be updated multiple times" assumed that the policy would be updated at least once. If there are zero updates, the temporary list head object will get added to the policy list, and later dereferenced as an IMA policy object, which means that invalid memory will be accessed. Changelog: - Move list_empty() test to ima_release_policy(), before audit msg - Mimi Signed-off-by: NSasha Levin <sasha.levin@oracle.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Vladis Dronov 提交于
Any process is able to send netlink messages with invalid types. Make the warning rate-limited to prevent too much log spam. The warning is supposed to help to find misbehaving programs, so print the triggering command name and pid. Reported-by: NFlorian Weimer <fweimer@redhat.com> Signed-off-by: NVladis Dronov <vdronov@redhat.com> [PM: subject line tweak to make checkpatch.pl happy] Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andrew Perepechko 提交于
Make validatetrans decisions available through selinuxfs. "/validatetrans" is added to selinuxfs for this purpose. This functionality is needed by file system servers implemented in userspace or kernelspace without the VFS layer. Writing "$oldcontext $newcontext $tclass $taskcontext" to /validatetrans is expected to return 0 if the transition is allowed and -EPERM otherwise. Signed-off-by: NAndrew Perepechko <anserper@ya.ru> CC: andrew.perepechko@seagate.com Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
When fetching an inode's security label, check if it is still valid, and try reloading it if it is not. Reloading will fail when we are in RCU context which doesn't allow sleeping, or when we can't find a dentry for the inode. (Reloading happens via iop->getxattr which takes a dentry parameter.) When reloading fails, continue using the old, invalid label. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
Add a hook to invalidate an inode's security label when the cached information becomes invalid. Add the new hook in selinux: set a flag when a security label becomes invalid. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Reviewed-by: NJames Morris <james.l.morris@oracle.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
Add functions dentry_security and inode_security for accessing inode->i_security. These functions initially don't do much, but they will later be used to revalidate the security labels when necessary. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
Make the inode argument of the inode_getsecid hook non-const so that we can use it to revalidate invalid security labels. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
Make the inode argument of the inode_getsecurity hook non-const so that we can use it to revalidate invalid security labels. Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
由 Andreas Gruenbacher 提交于
Signed-off-by: NAndreas Gruenbacher <agruenba@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NPaul Moore <pmoore@redhat.com>
-
- 20 12月, 2015 3 次提交
-
-
由 Jarkko Sakkinen 提交于
TPM2 supports authorization policies, which are essentially combinational logic statements repsenting the conditions where the data can be unsealed based on the TPM state. This patch enables to use authorization policies to seal trusted keys. Two following new options have been added for trusted keys: * 'policydigest=': provide an auth policy digest for sealing. * 'policyhandle=': provide a policy session handle for unsealing. If 'hash=' option is supplied after 'policydigest=' option, this will result an error because the state of the option would become mixed. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NColin Ian King <colin.king@canonical.com> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jarkko Sakkinen 提交于
Added 'hash=' option for selecting the hash algorithm for add_key() syscall and documentation for it. Added entry for sm3-256 to the following tables in order to support TPM_ALG_SM3_256: * hash_algo_name * hash_digest_size Includes support for the following hash algorithms: * sha1 * sha256 * sha384 * sha512 * sm3-256 Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: NColin Ian King <colin.king@canonical.com> Reviewed-by: NJames Morris <james.l.morris@oracle.com> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPeter Huewe <peterhuewe@gmx.de>
-
由 Jarkko Sakkinen 提交于
The trusted keys option parsing allows specifying the same option multiple times. The last option value specified is used. This is problematic because: * No gain. * This makes complicated to specify options that are dependent on other options. This patch changes the behavior in a way that option can be specified only once. Reported-by: NJames Morris James Morris <jmorris@namei.org> Reviewed-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: NPeter Huewe <peterhuewe@gmx.de>
-
- 19 12月, 2015 1 次提交
-
-
由 David Howells 提交于
This fixes CVE-2015-7550. There's a race between keyctl_read() and keyctl_revoke(). If the revoke happens between keyctl_read() checking the validity of a key and the key's semaphore being taken, then the key type read method will see a revoked key. This causes a problem for the user-defined key type because it assumes in its read method that there will always be a payload in a non-revoked key and doesn't check for a NULL pointer. Fix this by making keyctl_read() check the validity of a key after taking semaphore instead of before. I think the bug was introduced with the original keyrings code. This was discovered by a multithreaded test program generated by syzkaller (http://github.com/google/syzkaller). Here's a cleaned up version: #include <sys/types.h> #include <keyutils.h> #include <pthread.h> void *thr0(void *arg) { key_serial_t key = (unsigned long)arg; keyctl_revoke(key); return 0; } void *thr1(void *arg) { key_serial_t key = (unsigned long)arg; char buffer[16]; keyctl_read(key, buffer, 16); return 0; } int main() { key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING); pthread_t th[5]; pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key); pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key); pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key); pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key); pthread_join(th[0], 0); pthread_join(th[1], 0); pthread_join(th[2], 0); pthread_join(th[3], 0); return 0; } Build as: cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread Run as: while keyctl-race; do :; done as it may need several iterations to crash the kernel. The crash can be summarised as: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: [<ffffffff81279b08>] user_read+0x56/0xa3 ... Call Trace: [<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7 [<ffffffff81277815>] SyS_keyctl+0x83/0xe0 [<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f Reported-by: NDmitry Vyukov <dvyukov@google.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: stable@vger.kernel.org Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
- 18 12月, 2015 1 次提交
-
-
由 Roman Kubiak 提交于
Smack security handler for sendmsg() syscall is vulnerable to type confusion issue what can allow to privilege escalation into root or cause denial of service. A malicious attacker can create socket of one type for example AF_UNIX and pass is into sendmsg() function ensuring that this is AF_INET socket. Remedy Do not trust user supplied data. Proposed fix below. Signed-off-by: NRoman Kubiak <r.kubiak@samsung.com> Signed-off-by: NMateusz Fruba <m.fruba@samsung.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 15 12月, 2015 11 次提交
-
-
由 Paul Gortmaker 提交于
The Kconfig currently controlling compilation of this code is: ima/Kconfig:config IMA_MOK_KEYRING ima/Kconfig: bool "Create IMA machine owner keys (MOK) and blacklist keyrings" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple of traces of modularity so that when reading the driver there is no doubt it really is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: James Morris <james.l.morris@oracle.com> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: linux-ima-devel@lists.sourceforge.net Cc: linux-ima-user@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Mimi Zohar 提交于
While creating a temporary list of new rules, the ima_appraise flag is updated, but not reverted on failure to append the new rules to the existing policy. This patch defines temp_ima_appraise flag. Only when the new rules are appended to the policy is the flag updated. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NPetko Manolov <petkan@mip-labs.com>
-
由 Mimi Zohar 提交于
Set the KEY_FLAGS_KEEP on the .ima_blacklist to prevent userspace from removing keys from the keyring. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Mimi Zohar 提交于
Userspace should not be allowed to remove keys from certain keyrings (eg. blacklist), though the keys themselves can expire. This patch defines a new key flag named KEY_FLAG_KEEP to prevent userspace from being able to unlink, revoke, invalidate or timed out a key on a keyring. When this flag is set on the keyring, all keys subsequently added are flagged. In addition, when this flag is set, the keyring itself can not be cleared. Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Howells <dhowells@redhat.com>
-
由 Petko Manolov 提交于
It is often useful to be able to read back the IMA policy. It is even more important after introducing CONFIG_IMA_WRITE_POLICY. This option allows the root user to see the current policy rules. Signed-off-by: NZbigniew Jasinski <z.jasinski@samsung.com> Signed-off-by: NPetko Manolov <petkan@mip-labs.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Petko Manolov 提交于
This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively forming a simple CA hierarchy. To successfully import a key into .ima_mok it must be signed by a key which CA is in .system keyring. On turn any key that needs to go in .ima keyring must be signed by CA in either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot. IMA blacklist keyring contains all revoked IMA keys. It is consulted before any other keyring. If the search is successful the requested operation is rejected and error is returned to the caller. Signed-off-by: NPetko Manolov <petkan@mip-labs.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Petko Manolov 提交于
The new rules get appended to the original policy, forming a queue. The new rules are first added to a temporary list, which on error get released without disturbing the normal IMA operations. On success both lists (the current policy and the new rules) are spliced. IMA policy reads are many orders of magnitude more numerous compared to writes, the match code is RCU protected. The updater side also does list splice in RCU manner. Signed-off-by: NPetko Manolov <petkan@mip-labs.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Arnd Bergmann 提交于
The newly added EVM_LOAD_X509 code can be configured even if CONFIG_EVM is disabled, but that causes a link error: security/built-in.o: In function `integrity_load_keys': digsig_asymmetric.c:(.init.text+0x400): undefined reference to `evm_load_x509' This adds a Kconfig dependency to ensure it is only enabled when CONFIG_EVM is set as well. Signed-off-by: NArnd Bergmann <arnd@arndb.de> Fixes: 2ce523eb ("evm: load x509 certificate from the kernel") Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
The EVM verification status is cached in iint->evm_status and if it was successful, never re-verified again when IMA passes the 'iint' to evm_verifyxattr(). When file attributes or extended attributes change, we may wish to re-verify EVM integrity as well. For example, after setting a digital signature we may need to re-verify the signature and update the iint->flags that there is an EVM signature. This patch enables that by resetting evm_status to INTEGRITY_UKNOWN state. Changes in v2: * Flag setting moved to EVM layer Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
A crypto HW kernel module can possibly initialize the EVM key from the kernel __init code to enable EVM before calling the 'init' process. This patch provides a function evm_set_key() to set the EVM key directly without using the KEY subsystem. Changes in v4: * kernel-doc style for evm_set_key Changes in v3: * error reporting moved to evm_set_key * EVM_INIT_HMAC moved to evm_set_key * added bitop to prevent key setting race Changes in v2: * use size_t for key size instead of signed int * provide EVM_MAX_KEY_SIZE macro in <linux/evm.h> * provide EVM_MIN_KEY_SIZE macro in <linux/evm.h> Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-
由 Dmitry Kasatkin 提交于
In order to enable EVM before starting the 'init' process, evm_initialized needs to be non-zero. Previously non-zero indicated that the HMAC key was loaded. When EVM loads the X509 before calling 'init', with this patch it is now possible to enable EVM to start signature based verification. This patch defines bits to enable EVM if a key of any type is loaded. Changes in v3: * print error message if key is not set Changes in v2: * EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC * EVM_STATE_X509_SET replaced by EVM_INIT_X509 Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
-