* [PATCH] EVM: Only complain about a missing HMAC key once
@ 2017-10-10 22:26 Matthew Garrett
0 siblings, 0 replies; only message in thread
From: Matthew Garrett @ 2017-10-10 22:26 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar, Matthew Garrett
A system can validate EVM digital signatures without requiring an HMAC
key, but every EVM validation will generate a kernel error. Change this
so we only generate an error once.
Signed-off-by: Matthew Garrett <mjg59@google.com>
---
security/integrity/evm/evm_crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 6435f12b0067..abe53b28f3e3 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -80,7 +80,7 @@ static struct shash_desc *init_desc(char type)
if (type == EVM_XATTR_HMAC) {
if (!(evm_initialized & EVM_INIT_HMAC)) {
- pr_err("HMAC key is not set\n");
+ pr_err_once("HMAC key is not set\n");
return ERR_PTR(-ENOKEY);
}
tfm = &hmac_tfm;
--
2.14.2.920.gcf0c67979c-goog
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-10 22:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-10 22:26 [PATCH] EVM: Only complain about a missing HMAC key once Matthew Garrett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).