Google Git
Sign in
kernel / pub / scm / linux / kernel / git / snitzer / linux / 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4
commit2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Sun May 11 00:05:23 2014 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>Thu Jun 12 17:58:07 2014 -0400
treee4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6
parent14503eb99414ceffe348b82982d5770b745f6626 [diff]
evm: prohibit userspace writing 'security.evm' HMAC value

Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
1 file changed
tree: e4a1c5fd8871eaba1b2bb0b65405d9cb0d4bd6f6
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS