aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2025-05-14ima: do not copy measurement list to kdump kernelSteven Chen1-0/+3
2025-04-29ima: measure kexec load and exec events as critical dataSteven Chen3-0/+32
2025-04-29ima: make the kexec extra memory configurableSteven Chen2-5/+22
2025-04-29ima: verify if the segment size has changedSteven Chen1-0/+10
2025-04-29ima: kexec: move IMA log copy from kexec load to executeSteven Chen1-14/+29
2025-04-29ima: kexec: define functions to copy IMA log at soft bootSteven Chen1-0/+47
2025-04-29ima: kexec: skip IMA segment validation after kexec soft rebootSteven Chen1-0/+3
2025-04-29ima: define and call ima_alloc_kexec_file_buf()Steven Chen1-11/+35
2025-04-29ima: rename variable the seq_file "file" to "ima_kexec_file"Steven Chen1-15/+16
2025-04-22ima: process_measurement() needlessly takes inode_lock() on MAY_READFrederick Lawler1-1/+3
2025-03-27ima: limit the number of ToMToU integrity violationsMimi Zohar2-4/+5
2025-03-27ima: limit the number of open-writers integrity violationsMimi Zohar2-2/+10
2025-02-04ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattrRoberto Sassu2-2/+8
2025-02-04integrity: fix typos and spelling errorsTanya Agarwal3-5/+5
2025-01-22Merge tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-2/+54
2025-01-03ima: ignore suffixed policy rule commentsMimi Zohar1-1/+1
2025-01-03ima: limit the builtin 'tcb' dont_measure tmpfs policy ruleMimi Zohar1-1/+2
2024-12-24ima: kexec: silence RCU list traversal warningBreno Leitao1-1/+2
2024-12-18ima: instantiate the bprm_creds_for_exec() hookMimi Zohar2-2/+54
2024-12-11ima: Suspend PCR extends and log appends when rebootingStefan Berger3-0/+47
2024-11-30Merge tag 'lsm-pr-20241129' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-4/+5
2024-11-26ima: uncover hidden variable in ima_match_rules()Casey Schaufler1-4/+5
2024-11-19Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+3
2024-11-18Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-50/+50
2024-11-18Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds1-5/+2
2024-11-03fdget(), more trivial conversionsAl Viro1-5/+2
2024-10-11lsm: create new security_cred_getlsmprop LSM hookCasey Schaufler1-5/+2
2024-10-11lsm: use lsm_prop in security_inode_getsecidCasey Schaufler1-2/+1
2024-10-11lsm: use lsm_prop in security_current_getsecidCasey Schaufler5-45/+46
2024-10-11lsm: use lsm_prop in security_audit_rule_matchCasey Schaufler2-5/+8
2024-10-09integrity: Use static_assert() to check struct sizesGustavo A. R. Silva1-0/+4
2024-10-09evm: stop avoidably reading i_writecount in evm_file_releaseMateusz Guzik1-1/+2
2024-10-09ima: fix buffer overrun in ima_eventdigest_init_commonSamasth Norway Ananda1-4/+10
2024-10-05crypto: rsassa-pkcs1 - Migrate to sig_alg backendLukas Wunner1-3/+3
2024-09-23Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-2/+2
2024-08-12introduce fd_file(), convert all accessors to it.Al Viro1-2/+2
2024-08-12lsm: add the inode_free_security_rcu() LSM implementation hookPaul Moore3-14/+10
2024-07-31lsm: Refactor return value of LSM hook inode_copy_up_xattrXu Kuohai1-1/+1
2024-07-19Merge tag 'v6.11-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2024-07-05Merge tag 'integrity-v6.10-fix' of ssh://ra.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-2/+1
2024-06-13ima: Avoid blocking in RCU read-side critical sectionGUO Zihua2-7/+10
2024-06-07crypto: sm2 - Remove sm2 algorithmHerbert Xu1-2/+1
2024-06-03ima: fix wrong zero-assignment during securityfs dentry removeEnrico Bravi1-2/+1
2024-04-12ima: add crypto agility support for template-hash algorithmEnrico Bravi4-18/+132
2024-04-09evm: Rename is_unsupported_fs to is_unsupported_hmac_fsStefan Berger1-9/+10
2024-04-09fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTEDStefan Berger1-1/+1
2024-04-09evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509Stefan Berger1-5/+7
2024-04-09ima: re-evaluate file integrity on file metadata changeStefan Berger1-1/+13
2024-04-09evm: Store and detect metadata inode attributes changesStefan Berger3-10/+49
2024-04-09ima: Move file-change detection variables into new structureStefan Berger4-13/+10
2024-04-09evm: Use the metadata inode to calculate metadata hashStefan Berger1-1/+1
2024-04-09evm: Implement per signature type decision in security_inode_copy_up_xattrStefan Berger1-3/+28
2024-04-09security: allow finer granularity in permitting copy-up of security xattrsStefan Berger1-1/+1
2024-04-09ima: Rename backing_inode to real_inodeStefan Berger1-8/+10
2024-04-08integrity: Avoid -Wflex-array-member-not-at-end warningsGustavo A. R. Silva7-15/+31
2024-04-08ima: define an init_module critical data recordMimi Zohar1-0/+7
2024-04-08ima: Fix use-after-free on a dentry's dname.nameStefan Berger2-7/+26
2024-03-12Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds17-424/+630
2024-02-16integrity: eliminate unnecessary "Problem loading X.509 certificate" msgCoiby Xu1-1/+2
2024-02-15integrity: Remove LSMRoberto Sassu2-220/+2
2024-02-15ima: Make it independent from 'integrity' LSMRoberto Sassu9-116/+308
2024-02-15evm: Make it independent from 'integrity' LSMRoberto Sassu6-24/+79
2024-02-15evm: Move to LSM infrastructureRoberto Sassu1-16/+102
2024-02-15ima: Move IMA-Appraisal to LSM infrastructureRoberto Sassu3-9/+35
2024-02-15ima: Move to LSM infrastructureRoberto Sassu5-21/+66
2024-02-15integrity: Move integrity_kernel_module_request() to IMARoberto Sassu2-23/+33
2024-02-15evm: Align evm_inode_post_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15evm: Align evm_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15evm: Align evm_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15ima: Align ima_post_read_file() definition with LSM infrastructureRoberto Sassu1-1/+1
2024-02-15ima: Align ima_inode_removexattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15ima: Align ima_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-2/+3
2024-02-15ima: Align ima_file_mprotect() definition with LSM infrastructureRoberto Sassu1-2/+4
2024-02-15ima: Align ima_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-01-09Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-6/+46
2024-01-09Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+2
2024-01-08mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDERKirill A. Shutemov1-1/+1
2023-12-20kexec_file: print out debugging message if requiredBaoquan He1-2/+2
2023-12-20evm: add support to disable EVM on unsupported filesystemsMimi Zohar1-1/+34
2023-12-20evm: don't copy up 'security.evm' xattrMimi Zohar1-0/+7
2023-11-27ima: Remove EXPERIMENTAL from KconfigEric Snowberg1-1/+1
2023-11-27ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARYEric Snowberg1-5/+5
2023-11-02Merge tag 'mm-nonmm-stable-2023-11-02-14-08' of git://git.kernel.org/pub/scm/...Linus Torvalds1-1/+1
2023-11-02Merge tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/...Linus Torvalds1-2/+1
2023-11-02Merge tag 'integrity-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-34/+81
2023-10-31ima: detect changes to the backing overlay fileMimi Zohar3-1/+22
2023-10-31integrity: fix indentation of config attributesPrasad Pandit1-22/+22
2023-10-31ima: annotate iint mutex to avoid lockdep false positive warningsAmir Goldstein1-11/+37
2023-10-30Merge tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds1-2/+0
2023-10-30Merge tag 'hardening-v6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-3/+3
2023-10-24integrity: powerpc: Do not select CA_MACHINE_KEYRINGMichal Suchanek1-2/+0
2023-10-20ima: Add __counted_by for struct modsig and use struct_size()Gustavo A. R. Silva1-3/+3
2023-10-18treewide: mark stuff as __ro_after_initAlexey Dobriyan1-1/+1
2023-09-27ima: rework CONFIG_IMA dependency blockArnd Bergmann1-12/+6
2023-09-26ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigOleksandr Tymoshenko1-2/+2
2023-09-15evm: Do not include crypto/algapi.hHerbert Xu1-2/+1
2023-08-30Merge tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-30/+16
2023-08-30Merge tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-10/+44
2023-08-29Merge tag 'tpmdd-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds9-13/+93
2023-08-28Merge tag 's390-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/...Linus Torvalds1-2/+2
2023-08-18integrity: Annotate struct ima_rule_opt_list with __counted_byKees Cook1-2/+2
2023-08-18s390/ipl: fix virtual vs physical address confusionAlexander Gordeev1-2/+2
2023-08-17integrity: PowerVM support for loading third party code signing keysNayna Jain3-0/+30
2023-08-17integrity: PowerVM machine keyring enablementNayna Jain1-1/+3
2023-08-17integrity: check whether imputed trust is enabledNayna Jain4-6/+22
2023-08-17integrity: remove global variable from machine_keyring.cNayna Jain1-2/+2
2023-08-17integrity: ignore keys failing CA restrictions on non-UEFI platformNayna Jain1-1/+1
2023-08-17integrity: PowerVM support for loading CA keys on machine keyringNayna Jain3-0/+30
2023-08-17integrity: Enforce digitalSignature usage in the ima and evm keyringsEric Snowberg3-4/+6
2023-08-07kexec_lock: Replace kexec_mutex() by kexec_lock() in two commentsWenyu Liu1-1/+1
2023-08-01ima: require signed IMA policy when UEFI secure boot is enabledCoiby Xu1-0/+3
2023-08-01integrity: Always reference the blacklist keyring with appraisalEric Snowberg2-17/+12
2023-08-01ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigNayna Jain1-12/+0
2023-07-10evm: Support multiple LSMs providing an xattrRoberto Sassu3-7/+37
2023-07-10evm: Align evm_inode_init_security() definition with LSM infrastructureRoberto Sassu1-6/+10
2023-06-30Merge tag 'powerpc-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-14/+26
2023-06-27Merge tag 'integrity-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds7-16/+32
2023-06-21security/integrity: fix pointer to ESL data and its size on pseriesNayna Jain1-14/+26
2023-06-14fsverity: rework fsverity_get_digest() againEric Biggers1-19/+12
2023-06-06ima: Fix build warningsRoberto Sassu2-1/+5
2023-06-06evm: Fix build warningsRoberto Sassu2-2/+2
2023-06-05evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-06-01integrity: Fix possible multiple allocation in integrity_inode_get()Tianjia Zhang1-6/+9
2023-05-23IMA: use vfs_getattr_nosec to get the i_versionJeff Layton2-7/+14
2023-04-29Merge tag 'integrity-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-1/+1
2023-04-27Merge tag 'mm-stable-2023-04-27-15-30' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2023-04-24Merge tag 'tpmdd-v6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j...Linus Torvalds2-3/+28
2023-04-24integrity: machine keyring CA configurationEric Snowberg2-3/+28
2023-04-05mm, treewide: redefine MAX_ORDER sanelyKirill A. Shutemov1-1/+1
2023-03-15IMA: allow/fix UML buildsRandy Dunlap1-1/+1
2023-03-10Revert "integrity: double check iint_cache was initialized"Roberto Sassu1-8/+0
2023-03-10security: Introduce LSM_ORDER_LAST and set it for the integrity LSMRoberto Sassu1-0/+1
2023-02-25Merge tag 'powerpc-6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-15/+32
2023-02-22Merge tag 'integrity-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-29/+58
2023-02-13integrity/powerpc: Support loading keys from PLPKSRussell Currey1-7/+10
2023-02-13integrity/powerpc: Improve error handling & reporting when loading certsRussell Currey1-6/+20
2023-02-12powerpc/secvar: Use u64 in secvar_operationsMichael Ellerman1-2/+2
2023-01-31ima: Introduce MMAP_CHECK_REQPROT hookRoberto Sassu5-6/+32
2023-01-31ima: Align ima_file_mmap() parameters with mmap_file LSM hookRoberto Sassu1-2/+5
2023-01-31evm: call dump_security_xattr() in all cases to remove code duplicationXiu Jianfeng1-17/+16
2023-01-19fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port i_{g,u}id_{needs_}update() to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port acl to mnt_idmapChristian Brauner2-7/+7
2023-01-19fs: port xattr to mnt_idmapChristian Brauner9-47/+48
2023-01-19fs: port ->permission() to pass mnt_idmapChristian Brauner4-7/+7
2023-01-19fs: port ->setattr() to pass mnt_idmapChristian Brauner2-4/+5
2023-01-18ima: fix ima_delete_rules() kernel-doc warningRandy Dunlap1-1/+2
2023-01-18ima: return IMA digest value only when IMA_COLLECTED flag is setMatt Bobrowski1-1/+1
2023-01-18ima: fix error handling logic when file measurement failedMatt Bobrowski2-2/+2
2022-12-21Merge tag 'fs.vfsuid.ima.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+24
2022-12-13Merge tag 'integrity-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-22/+54
2022-12-13Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-17/+23
2022-12-13mnt_idmapping: move ima-only helpers to imaChristian Brauner1-0/+24
2022-12-12Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-16/+18
2022-11-28ima: Fix hash dependency to correct algorithmTianjia Zhang1-1/+1
2022-11-18lsm,fs: fix vfs_getxattr_alloc() return type and caller error pathsPaul Moore6-17/+23
2022-11-16ima: Fix misuse of dereference of pointer in template_desc_init_fields()Xiu Jianfeng1-2/+2
2022-11-16integrity: Fix memory leakage in keyring allocation error pathGUO Zihua1-1/+5
2022-11-03ima: Fix memory leak in __ima_inode_hash()Roberto Sassu1-1/+6
2022-11-02ima: Handle -ESTALE returned by ima_filter_rule_match()GUO Zihua1-9/+32
2022-11-02ima: Simplify ima_lsm_copy_ruleGUO Zihua1-7/+3
2022-11-02ima: Fix a potential NULL pointer access in ima_restore_measurement_listHuaxin Lu1-1/+4
2022-11-01efi: Add iMac Pro 2017 to uefi skip cert quirkAditya Garg1-0/+1
2022-10-28evm: remove dead code in evm_inode_set_acl()Christian Brauner1-3/+2
2022-10-26ima: use type safe idmapping helpersChristian Brauner1-16/+18
2022-10-20evm: remove evm_xattr_acl_change()Christian Brauner1-64/+0
2022-10-20integrity: implement get and set acl hookChristian Brauner2-1/+91
2022-10-03Merge tag 'fs.acl.rework.prep.v6.1' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-3/+14
2022-09-30efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-23ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-01Merge tag 'x86_kdump_for_v6.0_rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-5/+7
2022-07-20lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-07-13ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-13ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-07ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-06ima: fix violation measurement list recordMimi Zohar1-3/+3
2022-07-01x86/kexec: Carry forward IMA measurement log on kexecJonathan McDowell1-1/+1
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner1-3/+5
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-05-24Merge tag 'integrity-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+395
2022-05-23certs: Factor out the blacklist hash creationMickaël Salaün1-24/+2
2022-05-16integrity: Fix sparse warnings in keyring_handlerStefan Berger1-3/+3
2022-05-16evm: Clean up some variablesStefan Berger2-4/+1
2022-05-16evm: Return INTEGRITY_PASS for enum integrity_status value '0'Stefan Berger1-1/+1
2022-05-15efi: Do not import certificates from UEFI Secure Boot for T2 MacsAditya Garg2-0/+41
2022-05-05ima: support fs-verity file digest based version 3 signaturesMimi Zohar5-16/+177
2022-05-05ima: permit fsverity's file digests in the IMA measurement listMimi Zohar5-8/+90
2022-05-05ima: define a new template field named 'd-ngv2' and templatesMimi Zohar3-11/+73
2022-05-01ima: use IMA default hash algorithm for integrity violationsMimi Zohar1-1/+1
2022-05-01ima: fix 'd-ng' comments and documentationMimi Zohar1-3/+5
2022-04-07ima: remove the IMA_TEMPLATE Kconfig optionGUO Zihua1-8/+6
2022-04-04ima: remove redundant initialization of pointer 'file'.Colin Ian King1-1/+1
2022-03-24Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-18/+39
2022-03-21Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-35/+49
generated by cgit 1.2.3-korg (git 2.43.0) at 2025-07-04 02:03:52 +0000