diff options
| author | Matthew Garrett <mjg59@google.com> | 2017-10-11 21:10:14 +0200 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-11-08 21:16:36 +0100 |
| commit | f00d79750712511d0a83c108eea0d44b680a915f (patch) | |
| tree | f0bdb9499c9e6b7bb7c37ace6b70d25bc5035ac5 /certs | |
| parent | EVM: Include security.apparmor in EVM measurements (diff) | |
| download | linux-f00d79750712511d0a83c108eea0d44b680a915f.tar.xz linux-f00d79750712511d0a83c108eea0d44b680a915f.zip | |
EVM: Allow userspace to signal an RSA key has been loaded
EVM will only perform validation once a key has been loaded. This key
may either be a symmetric trusted key (for HMAC validation and creation)
or the public half of an asymmetric key (for digital signature
validation). The /sys/kernel/security/evm interface allows userland to
signal that a symmetric key has been loaded, but does not allow userland
to signal that an asymmetric public key has been loaded.
This patch extends the interface to permit userspace to pass a bitmask
of loaded key types. It also allows userspace to block loading of a
symmetric key in order to avoid a compromised system from being able to
load an additional key type later.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'certs')
0 files changed, 0 insertions, 0 deletions