aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2026-05-13evm: terminate and bound the evm_xattrs read bufferPengpeng Hou1-5/+11
2026-05-13integrity: Add support for sigv3 verification using ML-DSA keysStefan Berger1-5/+84
2026-05-13integrity: Refactor asymmetric_verify for reusabilityStefan Berger1-19/+43
2026-05-13integrity: Check that algo parameter is within valid rangeStefan Berger1-1/+4
2026-05-13integrity: Check for NULL returned by asymmetric_key_public_keyStefan Berger1-0/+4
2026-04-27ima: return error early if file xattr cannot be changedGoldwyn Rodrigues1-0/+5
2026-04-27ima: Fix sigv3 signature handling for EVM_IMA_XATTR_DIGSIGKamlesh Kumar2-3/+5
2026-04-17Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds16-533/+337
2026-04-14Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-3/+3
2026-04-13Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2026-04-01evm: Enforce signatures version 3 with new EVM policy 'bit 3'Stefan Berger2-1/+16
2026-04-01integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIGStefan Berger1-1/+2
2026-04-01ima: add support to require IMA sigv3 signaturesMimi Zohar3-12/+18
2026-04-01ima: add regular file data hash signature version 3 supportMimi Zohar2-2/+2
2026-04-01ima: Define asymmetric_verify_v3() to verify IMA sigv3 signaturesMimi Zohar5-56/+90
2026-03-24module: Give MODULE_SIG_STRING a more descriptive nameThomas Weißschuh1-3/+3
2026-03-23crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3Eric Biggers1-1/+1
2026-03-17ima: remove buggy support for asynchronous hashesEric Biggers1-373/+9
2026-03-17EVM: add comment describing why ino field is still unsigned longJeff Layton1-0/+6
2026-03-13integrity: Eliminate weak definition of arch_get_secureboot()Nathan Chancellor2-17/+1
2026-03-11ima: Add code comments to explain IMA iint cache atomic_flagsCoiby Xu1-1/+26
2026-03-11ima_fs: Correctly create securityfs files for unsupported hash algosDmitry Safonov1-4/+12
2026-03-09ima: check return value of crypto_shash_final() in boot aggregateDaniel Hodges1-1/+1
2026-03-08ima: Define and use a digest_size field in the ima_algo_desc structureRoberto Sassu3-12/+13
2026-03-08ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIGThomas Weißschuh1-4/+2
2026-03-08ima: fallback to using i_version to detect file changeMimi Zohar2-12/+35
2026-03-06treewide: change inode->i_ino from unsigned long to u64Jeff Layton1-1/+1
2026-03-05evm: fix security.evm for a file with IMA signatureCoiby Xu2-0/+33
2026-03-05evm: Don't enable fix mode when secure boot is enabledCoiby Xu1-7/+17
2026-03-05integrity: Make arch_ima_get_secureboot integrity-wideCoiby Xu8-50/+80
2026-02-22Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL usesKees Cook1-2/+1
2026-02-21Convert more 'alloc_obj' cases to default GFP_KERNEL argumentsLinus Torvalds1-2/+1
2026-02-21Convert 'alloc_flex' family to use the new default GFP_KERNEL argumentLinus Torvalds2-2/+2
2026-02-21Convert 'alloc_obj' family to use the new default GFP_KERNEL argumentLinus Torvalds7-8/+8
2026-02-21treewide: Replace kmalloc with kmalloc_obj for non-scalar typesKees Cook11-25/+28
2026-02-12Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/...Linus Torvalds3-0/+37
2026-02-11Merge tag 'integrity-v7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds4-28/+30
2026-01-30pkcs7, x509: Rename ->digest to ->mDavid Howells1-2/+2
2026-01-26ima: verify the previous kernel's IMA buffer lies in addressable RAMHarshit Mogalapalli1-0/+35
2026-01-23evm: Use ordered xattrs list to calculate HMAC in evm_init_hmac()Roberto Sassu1-4/+10
2026-01-20kernel.h: drop hex.h and update all hex.h usersRandy Dunlap2-0/+2
2025-12-29ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()Chris J Arges3-24/+20
2025-12-23kernel/kexec: change the prototype of kimage_map_segment()Pingfan Liu1-3/+1
2025-12-03Merge tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-21/+101
2025-11-21ima: Handle error code returned by ima_filter_rule_match()Zhao Yipeng1-1/+1
2025-11-19ima: Access decompressed kernel module to verify appended signatureCoiby Xu2-9/+18
2025-10-22ima,evm: move initcalls to the LSM frameworkRoberto Sassu6-10/+35
2025-10-22lsm: replace the name field with a pointer to the lsm_id structPaul Moore2-2/+2
2025-10-16ima: add fs_subtype condition for distinguishing FUSE instancesJann Horn1-4/+39
2025-10-16ima: add dont_audit action to suppress audit actionsJann Horn1-1/+13
2025-10-13ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hookRoberto Sassu1-8/+32
2025-10-03ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattrCoiby Xu1-5/+18
2025-10-03integrity: Select CRYPTO from INTEGRITY_ASYMMETRIC_KEYSEric Biggers1-0/+1
2025-07-31Merge tag 'integrity-v6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+26
2025-07-29Merge tag 'powerpc-6.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/p...Linus Torvalds1-2/+3
2025-07-09integrity/platform_certs: Allow loading of keys in the static key management ...Srish Srinivasan1-2/+3
2025-06-17evm_secfs: clear securityfs interactionsAl Viro1-8/+7
2025-06-17ima_fs: get rid of lookup-by-dentry stuffAl Viro1-66/+16
2025-06-17ima_fs: don't bother with removal of files in directory we'll be removingAl Viro1-39/+18
2025-06-16ima: add a knob ima= to allow disabling IMA in kdump kernelBaoquan He1-0/+26
2025-05-14ima: do not copy measurement list to kdump kernelSteven Chen1-0/+3
2025-04-29ima: measure kexec load and exec events as critical dataSteven Chen3-0/+32
2025-04-29ima: make the kexec extra memory configurableSteven Chen2-5/+22
2025-04-29ima: verify if the segment size has changedSteven Chen1-0/+10
2025-04-29ima: kexec: move IMA log copy from kexec load to executeSteven Chen1-14/+29
2025-04-29ima: kexec: define functions to copy IMA log at soft bootSteven Chen1-0/+47
2025-04-29ima: kexec: skip IMA segment validation after kexec soft rebootSteven Chen1-0/+3
2025-04-29ima: define and call ima_alloc_kexec_file_buf()Steven Chen1-11/+35
2025-04-29ima: rename variable the seq_file "file" to "ima_kexec_file"Steven Chen1-15/+16
2025-04-22ima: process_measurement() needlessly takes inode_lock() on MAY_READFrederick Lawler1-1/+3
2025-03-27ima: limit the number of ToMToU integrity violationsMimi Zohar2-4/+5
2025-03-27ima: limit the number of open-writers integrity violationsMimi Zohar2-2/+10
2025-02-04ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattrRoberto Sassu2-2/+8
2025-02-04integrity: fix typos and spelling errorsTanya Agarwal3-5/+5
2025-01-22Merge tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-2/+54
2025-01-03ima: ignore suffixed policy rule commentsMimi Zohar1-1/+1
2025-01-03ima: limit the builtin 'tcb' dont_measure tmpfs policy ruleMimi Zohar1-1/+2
2024-12-24ima: kexec: silence RCU list traversal warningBreno Leitao1-1/+2
2024-12-18ima: instantiate the bprm_creds_for_exec() hookMimi Zohar2-2/+54
2024-12-11ima: Suspend PCR extends and log appends when rebootingStefan Berger3-0/+47
2024-11-30Merge tag 'lsm-pr-20241129' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-4/+5
2024-11-26ima: uncover hidden variable in ima_match_rules()Casey Schaufler1-4/+5
2024-11-19Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+3
2024-11-18Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-50/+50
2024-11-18Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds1-5/+2
2024-11-03fdget(), more trivial conversionsAl Viro1-5/+2
2024-10-11lsm: create new security_cred_getlsmprop LSM hookCasey Schaufler1-5/+2
2024-10-11lsm: use lsm_prop in security_inode_getsecidCasey Schaufler1-2/+1
2024-10-11lsm: use lsm_prop in security_current_getsecidCasey Schaufler5-45/+46
2024-10-11lsm: use lsm_prop in security_audit_rule_matchCasey Schaufler2-5/+8
2024-10-09integrity: Use static_assert() to check struct sizesGustavo A. R. Silva1-0/+4
2024-10-09evm: stop avoidably reading i_writecount in evm_file_releaseMateusz Guzik1-1/+2
2024-10-09ima: fix buffer overrun in ima_eventdigest_init_commonSamasth Norway Ananda1-4/+10
2024-10-05crypto: rsassa-pkcs1 - Migrate to sig_alg backendLukas Wunner1-3/+3
2024-09-23Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-2/+2
2024-08-12introduce fd_file(), convert all accessors to it.Al Viro1-2/+2
2024-08-12lsm: add the inode_free_security_rcu() LSM implementation hookPaul Moore3-14/+10
2024-07-31lsm: Refactor return value of LSM hook inode_copy_up_xattrXu Kuohai1-1/+1
2024-07-19Merge tag 'v6.11-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2024-07-05Merge tag 'integrity-v6.10-fix' of ssh://ra.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-2/+1
2024-06-13ima: Avoid blocking in RCU read-side critical sectionGUO Zihua2-7/+10
2024-06-07crypto: sm2 - Remove sm2 algorithmHerbert Xu1-2/+1
2024-06-03ima: fix wrong zero-assignment during securityfs dentry removeEnrico Bravi1-2/+1
2024-04-12ima: add crypto agility support for template-hash algorithmEnrico Bravi4-18/+132
2024-04-09evm: Rename is_unsupported_fs to is_unsupported_hmac_fsStefan Berger1-9/+10
2024-04-09fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTEDStefan Berger1-1/+1
2024-04-09evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509Stefan Berger1-5/+7
2024-04-09ima: re-evaluate file integrity on file metadata changeStefan Berger1-1/+13
2024-04-09evm: Store and detect metadata inode attributes changesStefan Berger3-10/+49
2024-04-09ima: Move file-change detection variables into new structureStefan Berger4-13/+10
2024-04-09evm: Use the metadata inode to calculate metadata hashStefan Berger1-1/+1
2024-04-09evm: Implement per signature type decision in security_inode_copy_up_xattrStefan Berger1-3/+28
2024-04-09security: allow finer granularity in permitting copy-up of security xattrsStefan Berger1-1/+1
2024-04-09ima: Rename backing_inode to real_inodeStefan Berger1-8/+10
2024-04-08integrity: Avoid -Wflex-array-member-not-at-end warningsGustavo A. R. Silva7-15/+31
2024-04-08ima: define an init_module critical data recordMimi Zohar1-0/+7
2024-04-08ima: Fix use-after-free on a dentry's dname.nameStefan Berger2-7/+26
2024-03-12Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds17-424/+630
2024-02-16integrity: eliminate unnecessary "Problem loading X.509 certificate" msgCoiby Xu1-1/+2
2024-02-15integrity: Remove LSMRoberto Sassu2-220/+2
2024-02-15ima: Make it independent from 'integrity' LSMRoberto Sassu9-116/+308
2024-02-15evm: Make it independent from 'integrity' LSMRoberto Sassu6-24/+79
2024-02-15evm: Move to LSM infrastructureRoberto Sassu1-16/+102
2024-02-15ima: Move IMA-Appraisal to LSM infrastructureRoberto Sassu3-9/+35
2024-02-15ima: Move to LSM infrastructureRoberto Sassu5-21/+66
2024-02-15integrity: Move integrity_kernel_module_request() to IMARoberto Sassu2-23/+33
2024-02-15evm: Align evm_inode_post_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15evm: Align evm_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15evm: Align evm_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15ima: Align ima_post_read_file() definition with LSM infrastructureRoberto Sassu1-1/+1
2024-02-15ima: Align ima_inode_removexattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15ima: Align ima_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-2/+3
2024-02-15ima: Align ima_file_mprotect() definition with LSM infrastructureRoberto Sassu1-2/+4
2024-02-15ima: Align ima_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-01-09Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-6/+46
2024-01-09Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+2
2024-01-08mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDERKirill A. Shutemov1-1/+1
2023-12-20kexec_file: print out debugging message if requiredBaoquan He1-2/+2
2023-12-20evm: add support to disable EVM on unsupported filesystemsMimi Zohar1-1/+34
2023-12-20evm: don't copy up 'security.evm' xattrMimi Zohar1-0/+7
2023-11-27ima: Remove EXPERIMENTAL from KconfigEric Snowberg1-1/+1
2023-11-27ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARYEric Snowberg1-5/+5
2023-11-02Merge tag 'mm-nonmm-stable-2023-11-02-14-08' of git://git.kernel.org/pub/scm/...Linus Torvalds1-1/+1
2023-11-02Merge tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/...Linus Torvalds1-2/+1
2023-11-02Merge tag 'integrity-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-34/+81
2023-10-31ima: detect changes to the backing overlay fileMimi Zohar3-1/+22
2023-10-31integrity: fix indentation of config attributesPrasad Pandit1-22/+22
2023-10-31ima: annotate iint mutex to avoid lockdep false positive warningsAmir Goldstein1-11/+37
2023-10-30Merge tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds1-2/+0
2023-10-30Merge tag 'hardening-v6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-3/+3
2023-10-24integrity: powerpc: Do not select CA_MACHINE_KEYRINGMichal Suchanek1-2/+0
2023-10-20ima: Add __counted_by for struct modsig and use struct_size()Gustavo A. R. Silva1-3/+3
2023-10-18treewide: mark stuff as __ro_after_initAlexey Dobriyan1-1/+1
2023-09-27ima: rework CONFIG_IMA dependency blockArnd Bergmann1-12/+6
2023-09-26ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigOleksandr Tymoshenko1-2/+2
2023-09-15evm: Do not include crypto/algapi.hHerbert Xu1-2/+1
2023-08-30Merge tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-30/+16
2023-08-30Merge tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-10/+44
2023-08-29Merge tag 'tpmdd-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds9-13/+93
2023-08-28Merge tag 's390-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/...Linus Torvalds1-2/+2
2023-08-18integrity: Annotate struct ima_rule_opt_list with __counted_byKees Cook1-2/+2
2023-08-18s390/ipl: fix virtual vs physical address confusionAlexander Gordeev1-2/+2
2023-08-17integrity: PowerVM support for loading third party code signing keysNayna Jain3-0/+30
2023-08-17integrity: PowerVM machine keyring enablementNayna Jain1-1/+3
2023-08-17integrity: check whether imputed trust is enabledNayna Jain4-6/+22
2023-08-17integrity: remove global variable from machine_keyring.cNayna Jain1-2/+2
2023-08-17integrity: ignore keys failing CA restrictions on non-UEFI platformNayna Jain1-1/+1
2023-08-17integrity: PowerVM support for loading CA keys on machine keyringNayna Jain3-0/+30
2023-08-17integrity: Enforce digitalSignature usage in the ima and evm keyringsEric Snowberg3-4/+6
2023-08-07kexec_lock: Replace kexec_mutex() by kexec_lock() in two commentsWenyu Liu1-1/+1
2023-08-01ima: require signed IMA policy when UEFI secure boot is enabledCoiby Xu1-0/+3
2023-08-01integrity: Always reference the blacklist keyring with appraisalEric Snowberg2-17/+12
2023-08-01ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigNayna Jain1-12/+0
2023-07-10evm: Support multiple LSMs providing an xattrRoberto Sassu3-7/+37
2023-07-10evm: Align evm_inode_init_security() definition with LSM infrastructureRoberto Sassu1-6/+10
2023-06-30Merge tag 'powerpc-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-14/+26
2023-06-27Merge tag 'integrity-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds7-16/+32
2023-06-21security/integrity: fix pointer to ESL data and its size on pseriesNayna Jain1-14/+26
2023-06-14fsverity: rework fsverity_get_digest() againEric Biggers1-19/+12
2023-06-06ima: Fix build warningsRoberto Sassu2-1/+5
2023-06-06evm: Fix build warningsRoberto Sassu2-2/+2
2023-06-05evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-06-01integrity: Fix possible multiple allocation in integrity_inode_get()Tianjia Zhang1-6/+9
2023-05-23IMA: use vfs_getattr_nosec to get the i_versionJeff Layton2-7/+14
2023-04-29Merge tag 'integrity-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-1/+1
2023-04-27Merge tag 'mm-stable-2023-04-27-15-30' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2023-04-24Merge tag 'tpmdd-v6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j...Linus Torvalds2-3/+28
2023-04-24integrity: machine keyring CA configurationEric Snowberg2-3/+28
2023-04-05mm, treewide: redefine MAX_ORDER sanelyKirill A. Shutemov1-1/+1
2023-03-15IMA: allow/fix UML buildsRandy Dunlap1-1/+1
2023-03-10Revert "integrity: double check iint_cache was initialized"Roberto Sassu1-8/+0
2023-03-10security: Introduce LSM_ORDER_LAST and set it for the integrity LSMRoberto Sassu1-0/+1
2023-02-25Merge tag 'powerpc-6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-15/+32
2023-02-22Merge tag 'integrity-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-29/+58
2023-02-13integrity/powerpc: Support loading keys from PLPKSRussell Currey1-7/+10
2023-02-13integrity/powerpc: Improve error handling & reporting when loading certsRussell Currey1-6/+20
2023-02-12powerpc/secvar: Use u64 in secvar_operationsMichael Ellerman1-2/+2
2023-01-31ima: Introduce MMAP_CHECK_REQPROT hookRoberto Sassu5-6/+32
2023-01-31ima: Align ima_file_mmap() parameters with mmap_file LSM hookRoberto Sassu1-2/+5
2023-01-31evm: call dump_security_xattr() in all cases to remove code duplicationXiu Jianfeng1-17/+16
generated by cgit 1.3-korg (git 2.53.0) at 2026-06-01 04:00:54 +0000