evm: prohibit userspace writing 'security.evm' HMAC value (2fb1c9a4) · Commits · Clea OS / bsp / nxp / linux-seco-imx

Commit 2fb1c9a4 authored 10 years ago by Mimi Zohar

evm: prohibit userspace writing 'security.evm' HMAC value


Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>

parent 14503eb9

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 10 additions and 2 deletions

Please register or to comment