From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1162371AbbKESgJ (ORCPT ); Thu, 5 Nov 2015 13:36:09 -0500 Received: from e23smtp06.au.ibm.com ([202.81.31.148]:49677 "EHLO e23smtp06.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1162282AbbKESgG (ORCPT ); Thu, 5 Nov 2015 13:36:06 -0500 X-Helo: d23dlp03.au.ibm.com X-MailFrom: zohar@linux.vnet.ibm.com X-RcptTo: linux-security-module@vger.kernel.org Message-ID: <1446748509.2570.143.camel@linux.vnet.ibm.com> Subject: Re: [PATCHv3 0/6] integrity: few EVM patches From: Mimi Zohar To: Dmitry Kasatkin Cc: linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Dmitry Kasatkin Date: Thu, 05 Nov 2015 13:35:09 -0500 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15110518-0021-0000-0000-0000021B1CBF Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote: > Hi, > > IMA module provides functionality to load x509 certificates into the > trusted '.ima' keyring. This is patchset adds the same functionality > to the EVM as well. Also it provides functionality to set EVM key from > the kernel crypto HW driver. This is an update for the patchset which was > previously sent for review few months ago. Please refer to the patch > descriptions for details. Other than patch "evm: define EVM key max and min sizes", which prevents existing EVM keys from being loaded, the patches are queued http://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git/next-for-4.5. Thanks! Mimi > BR, > > Dmitry > > Dmitry Kasatkin (6): > integrity: define '.evm' as a builtin 'trusted' keyring > evm: load x509 certificate from the kernel > evm: enable EVM when X509 certificate is loaded > evm: provide a function to set EVM key from the kernel > evm: define EVM key max and min sizes > evm: reset EVM status when file attributes changes > > include/linux/evm.h | 10 +++++++ > security/integrity/Kconfig | 11 ++++++++ > security/integrity/digsig.c | 14 ++++++++-- > security/integrity/evm/Kconfig | 17 ++++++++++++ > security/integrity/evm/evm.h | 3 +++ > security/integrity/evm/evm_crypto.c | 54 ++++++++++++++++++++++++++++++------- > security/integrity/evm/evm_main.c | 32 +++++++++++++++++++--- > security/integrity/evm/evm_secfs.c | 12 +++------ > security/integrity/iint.c | 1 + > security/integrity/ima/Kconfig | 5 +++- > security/integrity/ima/ima.h | 12 --------- > security/integrity/ima/ima_init.c | 2 +- > security/integrity/integrity.h | 13 ++++++--- > 13 files changed, 146 insertions(+), 40 deletions(-) >