Re: [PATCHv3 0/6] integrity: few EVM patches

From: Mimi Zohar
Date: Thu Nov 05 2015 - 13:36:12 EST

Next message: David Miller: "Re: [PATCH net] net: dsa: mv88e6xxx: isolate unbridged ports"
Previous message: Pavel Labath: "Re: ptrace and pseudoterminals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote:
> Hi,
>
> IMA module provides functionality to load x509 certificates into the
> trusted '.ima' keyring. This is patchset adds the same functionality
> to the EVM as well. Also it provides functionality to set EVM key from
> the kernel crypto HW driver. This is an update for the patchset which was
> previously sent for review few months ago. Please refer to the patch
> descriptions for details.

Other than patch "evm: define EVM key max and min sizes", which prevents
existing EVM keys from being loaded, the patches are queued
http://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git/next-for-4.5.

Thanks!

Mimi

> BR,
>
> Dmitry
>
> Dmitry Kasatkin (6):
> integrity: define '.evm' as a builtin 'trusted' keyring
> evm: load x509 certificate from the kernel
> evm: enable EVM when X509 certificate is loaded
> evm: provide a function to set EVM key from the kernel
> evm: define EVM key max and min sizes
> evm: reset EVM status when file attributes changes
>
> include/linux/evm.h | 10 +++++++
> security/integrity/Kconfig | 11 ++++++++
> security/integrity/digsig.c | 14 ++++++++--
> security/integrity/evm/Kconfig | 17 ++++++++++++
> security/integrity/evm/evm.h | 3 +++
> security/integrity/evm/evm_crypto.c | 54 ++++++++++++++++++++++++++++++-------
> security/integrity/evm/evm_main.c | 32 +++++++++++++++++++---
> security/integrity/evm/evm_secfs.c | 12 +++------
> security/integrity/iint.c | 1 +
> security/integrity/ima/Kconfig | 5 +++-
> security/integrity/ima/ima.h | 12 ---------
> security/integrity/ima/ima_init.c | 2 +-
> security/integrity/integrity.h | 13 ++++++---
> 13 files changed, 146 insertions(+), 40 deletions(-)
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: [PATCH net] net: dsa: mv88e6xxx: isolate unbridged ports"
Previous message: Pavel Labath: "Re: ptrace and pseudoterminals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]