| Mimi Zohar | 66dbc325 | 2011-03-15 16:12:09 -0400 | [diff] [blame] | 1 | What: security/evm |
| 2 | Date: March 2011 |
| 3 | Contact: Mimi Zohar <zohar@us.ibm.com> |
| 4 | Description: |
| 5 | EVM protects a file's security extended attributes(xattrs) |
| 6 | against integrity attacks. The initial method maintains an |
| 7 | HMAC-sha1 value across the extended attributes, storing the |
| 8 | value as the extended attribute 'security.evm'. |
| 9 | |
| 10 | EVM depends on the Kernel Key Retention System to provide it |
| 11 | with a trusted/encrypted key for the HMAC-sha1 operation. |
| 12 | The key is loaded onto the root's keyring using keyctl. Until |
| 13 | EVM receives notification that the key has been successfully |
| 14 | loaded onto the keyring (echo 1 > <securityfs>/evm), EVM |
| 15 | can not create or validate the 'security.evm' xattr, but |
| 16 | returns INTEGRITY_UNKNOWN. Loading the key and signaling EVM |
| 17 | should be done as early as possible. Normally this is done |
| 18 | in the initramfs, which has already been measured as part |
| 19 | of the trusted boot. For more information on creating and |
| 20 | loading existing trusted/encrypted keys, refer to: |
| 21 | Documentation/keys-trusted-encrypted.txt. (A sample dracut |
| 22 | patch, which loads the trusted/encrypted key and enables |
| 23 | EVM, is available from http://linux-ima.sourceforge.net/#EVM.) |