On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote: > Hi, > > IMA module provides functionality to load x509 certificates into the > trusted '.ima' keyring. This is patchset adds the same functionality > to the EVM as well. Also it provides functionality to set EVM key from > the kernel crypto HW driver. This is an update for the patchset which was > previously sent for review few months ago. Please refer to the patch > descriptions for details.
Other than patch "evm: define EVM key max and min sizes", which prevents existing EVM keys from being loaded, the patches are queued http://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git/next-for-4.5. Thanks! Mimi > BR, > > Dmitry > > Dmitry Kasatkin (6): > integrity: define '.evm' as a builtin 'trusted' keyring > evm: load x509 certificate from the kernel > evm: enable EVM when X509 certificate is loaded > evm: provide a function to set EVM key from the kernel > evm: define EVM key max and min sizes > evm: reset EVM status when file attributes changes > > include/linux/evm.h | 10 +++++++ > security/integrity/Kconfig | 11 ++++++++ > security/integrity/digsig.c | 14 ++++++++-- > security/integrity/evm/Kconfig | 17 ++++++++++++ > security/integrity/evm/evm.h | 3 +++ > security/integrity/evm/evm_crypto.c | 54 > ++++++++++++++++++++++++++++++------- > security/integrity/evm/evm_main.c | 32 +++++++++++++++++++--- > security/integrity/evm/evm_secfs.c | 12 +++------ > security/integrity/iint.c | 1 + > security/integrity/ima/Kconfig | 5 +++- > security/integrity/ima/ima.h | 12 --------- > security/integrity/ima/ima_init.c | 2 +- > security/integrity/integrity.h | 13 ++++++--- > 13 files changed, 146 insertions(+), 40 deletions(-) > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
