About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / ABI / testing / evm




Custom Search

Based on kernel version 3.16. Page generated on 2014-08-06 21:35 EST.

1	What:		security/evm
2	Date:		March 2011
3	Contact:	Mimi Zohar <zohar@us.ibm.com>
4	Description:
5			EVM protects a file's security extended attributes(xattrs)
6			against integrity attacks. The initial method maintains an
7			HMAC-sha1 value across the extended attributes, storing the
8			value as the extended attribute 'security.evm'.
9	
10			EVM depends on the Kernel Key Retention System to provide it
11			with a trusted/encrypted key for the HMAC-sha1 operation.
12			The key is loaded onto the root's keyring using keyctl.  Until
13			EVM receives notification that the key has been successfully
14			loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
15			can not create or validate the 'security.evm' xattr, but
16			returns INTEGRITY_UNKNOWN.  Loading the key and signaling EVM
17			should be done as early as possible.  Normally this is done
18			in the initramfs, which has already been measured as part
19			of the trusted boot.  For more information on creating and
20			loading existing trusted/encrypted keys, refer to:
21			Documentation/keys-trusted-encrypted.txt.  (A sample dracut
22			patch, which loads the trusted/encrypted key and enables
23			EVM, is available from http://linux-ima.sourceforge.net/#EVM.)
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.