summaryrefslogtreecommitdiffstats
path: root/Documentation/ABI/testing/evm
blob: 8374d4557e5dc0c3293775abaf369e92b91893a4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
What:		security/evm
Date:		March 2011
Contact:	Mimi Zohar <zohar@us.ibm.com>
Description:
		EVM protects a file's security extended attributes(xattrs)
		against integrity attacks. The initial method maintains an
		HMAC-sha1 value across the extended attributes, storing the
		value as the extended attribute 'security.evm'.

		EVM depends on the Kernel Key Retention System to provide it
		with a trusted/encrypted key for the HMAC-sha1 operation.
		The key is loaded onto the root's keyring using keyctl.  Until
		EVM receives notification that the key has been successfully
		loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
		can not create or validate the 'security.evm' xattr, but
		returns INTEGRITY_UNKNOWN.  Loading the key and signaling EVM
		should be done as early as possible.  Normally this is done
		in the initramfs, which has already been measured as part
		of the trusted boot.  For more information on creating and
		loading existing trusted/encrypted keys, refer to:
		Documentation/keys-trusted-encrypted.txt.  (A sample dracut
		patch, which loads the trusted/encrypted key and enables
		EVM, is available from http://linux-ima.sourceforge.net/#EVM.)