f00d797507
EVM will only perform validation once a key has been loaded. This key may either be a symmetric trusted key (for HMAC validation and creation) or the public half of an asymmetric key (for digital signature validation). The /sys/kernel/security/evm interface allows userland to signal that a symmetric key has been loaded, but does not allow userland to signal that an asymmetric public key has been loaded. This patch extends the interface to permit userspace to pass a bitmask of loaded key types. It also allows userspace to block loading of a symmetric key in order to avoid a compromised system from being able to load an additional key type later. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
|---|---|---|
| .. | ||
| evm | ||
| ima | ||
| digsig_asymmetric.c | ||
| digsig.c | ||
| iint.c | ||
| integrity_audit.c | ||
| integrity.h | ||
| Kconfig | ||
| Makefile | ||