)]}' { "commit": "f461aa5846003a5bf9898a98ece627b243816646", "tree": "f0a5e93a6b58a3671a0ee595dd869bc13602fcf7", "parents": [ "3e4ff83140e48289a182cbfd36c15fa84f1084ec" ], "author": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@huawei.com", "time": "Wed Oct 18 22:20:18 2017 +0300" }, "committer": { "name": "Dmitry Kasatkin", "email": "dmitry.kasatkin@huawei.com", "time": "Wed Oct 18 22:21:49 2017 +0300" }, "message": "evm: load EVM key from the kernel\n\nCurrently EVM key needs to be added from the user space and it has to be\ndone before mounting filesystems. It requires initramfs. Many systems\noften does not want to use initramfs.\n\nThis patch provides support for loading EVM key from the kernel.\n\nIt supports both \u0027trusted\u0027 and \u0027user\u0027 master keys. However, it is\nrecommended to use \u0027trusted\u0027 master key, because \u0027user\u0027 master key\nis in non-encrypted form.\n\nUntil key is loaded, EVM stays disabled. To keep default behavior, this\npatch adds the kernel parameter \u0027evm_load\u0027 to enabled loading of the key.\n\nIt also moves EVM initialization before IMA to prevent appraisal failure\nwhen kernel will try to access file system without initial ramfs.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@huawei.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "e825e0ae78e72fdd548a0f10de2f865d84e41543", "old_mode": 33188, "old_path": "security/integrity/evm/Kconfig", "new_id": "e88c62ab863482f11a268e8f10b3729fad224c99", "new_mode": 33188, "new_path": "security/integrity/evm/Kconfig" }, { "type": "modify", "old_id": "430070b6c33de3c8d235f647ad29cb5b53c6d50d", "old_mode": 33188, "old_path": "security/integrity/evm/evm.h", "new_id": "ac6d383e5dc480fd172bde9e81a32b826c8b30d9", "new_mode": 33188, "new_path": "security/integrity/evm/evm.h" }, { "type": "modify", "old_id": "8a1474e290549b40689c50ee97d55b8ee21aace5", "old_mode": 33188, "old_path": "security/integrity/evm/evm_crypto.c", "new_id": "642cad9704706b0b7d73250d7913107e60473ecf", "new_mode": 33188, "new_path": "security/integrity/evm/evm_crypto.c" }, { "type": "modify", "old_id": "051609e49a8758a3c5ae85c70bbea4ed2494f3a3", "old_mode": 33188, "old_path": "security/integrity/evm/evm_main.c", "new_id": "f4d6af03a15b00dca1ef7ce50786aac692e8dff5", "new_mode": 33188, "new_path": "security/integrity/evm/evm_main.c" }, { "type": "modify", "old_id": "d726ba23a17881dea99acc0ad0e0dc93144c8ec5", "old_mode": 33188, "old_path": "security/integrity/iint.c", "new_id": "919eaefa3181733faa1f4fc73523b8aef93e7991", "new_mode": 33188, "new_path": "security/integrity/iint.c" }, { "type": "modify", "old_id": "8c1d8ede13e8a2fef7cac5b702c0e0628c0ad62f", "old_mode": 33188, "old_path": "security/integrity/integrity.h", "new_id": "05ab4a969fbc6894aac57c10b383f6993447edc5", "new_mode": 33188, "new_path": "security/integrity/integrity.h" } ] }