iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
523b74b16b
linux/security/integrity/evm
History
Dmitry Kasatkin 523b74b16b evm: reset EVM status when file attributes change 
The EVM verification status is cached in iint->evm_status and if it
was successful, never re-verified again when IMA passes the 'iint' to
evm_verifyxattr().

When file attributes or extended attributes change, we may wish to
re-verify EVM integrity as well.  For example, after setting a digital
signature we may need to re-verify the signature and update the
iint->flags that there is an EVM signature.

This patch enables that by resetting evm_status to INTEGRITY_UKNOWN
state.

Changes in v2:
* Flag setting moved to EVM layer

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-12-15 09:56:57 -05:00
..
evm_crypto.c evm: provide a function to set the EVM key from the kernel 2015-12-15 08:53:36 -05:00
evm_main.c evm: reset EVM status when file attributes change 2015-12-15 09:56:57 -05:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c evm: provide a function to set the EVM key from the kernel 2015-12-15 08:53:36 -05:00
evm.h evm: enable EVM when X509 certificate is loaded 2015-12-15 08:50:48 -05:00
Kconfig evm: load an x509 certificate from the kernel 2015-12-15 08:31:19 -05:00
Makefile