linux/security/integrity/evm
Matthew Garrett 50b977481f EVM: Add support for portable signature format
The EVM signature includes the inode number and (optionally) the
filesystem UUID, making it impractical to ship EVM signatures in
packages. This patch adds a new portable format intended to allow
distributions to include EVM signatures. It is identical to the existing
format but hardcodes the inode and generation numbers to 0 and does not
include the filesystem UUID even if the kernel is configured to do so.

Removing the inode means that the metadata and signature from one file
could be copied to another file without invalidating it. This is avoided
by ensuring that an IMA xattr is present during EVM validation.

Portable signatures are intended to be immutable - ie, they will never
be transformed into HMACs.

Based on earlier work by Dmitry Kasatkin and Mikhail Kurinnoi.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Cc: Mikhail Kurinnoi <viewizard@viewizard.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2017-12-11 17:20:39 -05:00
..
evm_crypto.c EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
evm_main.c EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c EVM: Allow userland to permit modification of EVM-protected metadata 2017-12-11 14:27:31 -05:00
evm.h EVM: Add support for portable signature format 2017-12-11 17:20:39 -05:00
Kconfig evm: EVM_LOAD_X509 depends on EVM 2015-12-15 09:57:21 -05:00
Makefile evm: posix acls modify i_mode 2011-09-14 15:24:51 -04:00