aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/evm
AgeCommit message (Expand)AuthorFilesLines
2026-05-13evm: terminate and bound the evm_xattrs read bufferPengpeng Hou1-5/+11
2026-04-17Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-9/+63
2026-04-01evm: Enforce signatures version 3 with new EVM policy 'bit 3'Stefan Berger2-1/+16
2026-04-01ima: Define asymmetric_verify_v3() to verify IMA sigv3 signaturesMimi Zohar1-1/+2
2026-03-17EVM: add comment describing why ino field is still unsigned longJeff Layton1-0/+6
2026-03-05evm: fix security.evm for a file with IMA signatureCoiby Xu1-0/+28
2026-03-05evm: Don't enable fix mode when secure boot is enabledCoiby Xu1-7/+17
2026-02-21Convert 'alloc_obj' family to use the new default GFP_KERNEL argumentLinus Torvalds1-1/+1
2026-02-21treewide: Replace kmalloc with kmalloc_obj for non-scalar typesKees Cook2-2/+2
2026-02-12Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/...Linus Torvalds1-0/+1
2026-01-23evm: Use ordered xattrs list to calculate HMAC in evm_init_hmac()Roberto Sassu1-4/+10
2026-01-20kernel.h: drop hex.h and update all hex.h usersRandy Dunlap1-0/+1
2025-10-22ima,evm: move initcalls to the LSM frameworkRoberto Sassu2-4/+10
2025-10-22lsm: replace the name field with a pointer to the lsm_id structPaul Moore1-1/+1
2025-06-17evm_secfs: clear securityfs interactionsAl Viro1-8/+7
2025-02-04integrity: fix typos and spelling errorsTanya Agarwal2-2/+2
2024-10-09evm: stop avoidably reading i_writecount in evm_file_releaseMateusz Guzik1-1/+2
2024-07-31lsm: Refactor return value of LSM hook inode_copy_up_xattrXu Kuohai1-1/+1
2024-04-09evm: Rename is_unsupported_fs to is_unsupported_hmac_fsStefan Berger1-9/+10
2024-04-09fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTEDStefan Berger1-1/+1
2024-04-09evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509Stefan Berger1-5/+7
2024-04-09evm: Store and detect metadata inode attributes changesStefan Berger3-10/+49
2024-04-09evm: Use the metadata inode to calculate metadata hashStefan Berger1-1/+1
2024-04-09evm: Implement per signature type decision in security_inode_copy_up_xattrStefan Berger1-3/+28
2024-04-09security: allow finer granularity in permitting copy-up of security xattrsStefan Berger1-1/+1
2024-04-08integrity: Avoid -Wflex-array-member-not-at-end warningsGustavo A. R. Silva1-1/+1
2024-02-15evm: Make it independent from 'integrity' LSMRoberto Sassu4-22/+78
2024-02-15evm: Move to LSM infrastructureRoberto Sassu1-16/+102
2024-02-15evm: Align evm_inode_post_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15evm: Align evm_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15evm: Align evm_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2023-12-20evm: add support to disable EVM on unsupported filesystemsMimi Zohar1-1/+34
2023-12-20evm: don't copy up 'security.evm' xattrMimi Zohar1-0/+7
2023-09-15evm: Do not include crypto/algapi.hHerbert Xu1-2/+1
2023-08-30Merge tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-10/+44
2023-08-17integrity: Enforce digitalSignature usage in the ima and evm keyringsEric Snowberg1-1/+2
2023-07-10evm: Support multiple LSMs providing an xattrRoberto Sassu3-7/+37
2023-07-10evm: Align evm_inode_init_security() definition with LSM infrastructureRoberto Sassu1-6/+10
2023-06-06evm: Fix build warningsRoberto Sassu2-2/+2
2023-06-05evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-02-22Merge tag 'integrity-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-17/+16
2023-01-31evm: call dump_security_xattr() in all cases to remove code duplicationXiu Jianfeng1-17/+16
2023-01-19fs: port i_{g,u}id_{needs_}update() to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port acl to mnt_idmapChristian Brauner1-6/+6
2023-01-19fs: port xattr to mnt_idmapChristian Brauner2-12/+12
2023-01-19fs: port ->permission() to pass mnt_idmapChristian Brauner2-5/+5
2023-01-19fs: port ->setattr() to pass mnt_idmapChristian Brauner2-4/+5
2022-12-13Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-4/+8
2022-11-18lsm,fs: fix vfs_getxattr_alloc() return type and caller error pathsPaul Moore2-4/+8
2022-10-28evm: remove dead code in evm_inode_set_acl()Christian Brauner1-3/+2
2022-10-20evm: remove evm_xattr_acl_change()Christian Brauner1-64/+0
2022-10-20integrity: implement get and set acl hookChristian Brauner1-1/+82
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-5/+7
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner1-3/+5
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-05-16evm: Clean up some variablesStefan Berger2-4/+1
2022-05-16evm: Return INTEGRITY_PASS for enum integrity_status value '0'Stefan Berger1-1/+1
2022-02-22EVM: fix the evm= __setup handler return valueRandy Dunlap1-1/+1
2021-10-28evm: mark evm_fixmode as __ro_after_initAustin Kim1-1/+1
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-08ima/evm: Fix type mismatchRoberto Sassu1-1/+1
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-02ima: Define new template fields xattrnames, xattrlengths and xattrvaluesRoberto Sassu1-0/+69
2021-06-01evm: Verify portable signatures against all protected xattrsRoberto Sassu4-12/+68
2021-06-01evm: Allow setxattr() and setattr() for unmodified metadataRoberto Sassu1-1/+112
2021-05-21evm: Pass user namespace to set/remove xattr hooksRoberto Sassu1-6/+11
2021-05-21evm: Allow xattr/attr operations for portable signaturesRoberto Sassu1-6/+27
2021-05-21evm: Introduce evm_hmac_disabled() to safely ignore verification errorsRoberto Sassu1-1/+38
2021-05-21evm: Introduce evm_revalidate_status()Roberto Sassu1-4/+36
2021-05-21evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loadedRoberto Sassu1-4/+4
2021-05-21evm: Execute evm_inode_init_security() only when an HMAC key is loadedRoberto Sassu1-2/+3
2021-05-20evm: fix writing <securityfs>/evm overflowMimi Zohar1-2/+3
2021-02-23Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds3-8/+9
2021-01-24fs: make helpers idmap mount awareChristian Brauner1-1/+1
2021-01-24xattr: handle idmapped mountsTycho Andersen2-7/+8
2021-01-13evm: Fix memleak in init_descDinghao Liu1-2/+5
2020-09-15evm: Check size of security.evm before using itRoberto Sassu1-0/+6
2020-09-08integrity: invalid kernel parameters feedbackBruno Meneguele1-0/+3
2020-06-06Merge tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-1/+1
2020-05-14evm: Fix a small race in init_desc()Dan Carpenter1-22/+22
2020-05-07evm: Fix possible memory leak in evm_calc_hmac_or_hash()Roberto Sassu1-1/+1
2020-05-07evm: Fix RCU list related warningsMadhuparna Bhowmik3-4/+11
2020-05-07evm: Check also if *tfm is an error pointer in init_desc()Roberto Sassu1-1/+1
2020-02-28integrity: Remove duplicate pr_fmt definitionsTushar Sugandhi3-6/+0
2019-07-10Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-1/+1
2019-07-08Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-4/+4
2019-07-08Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2019-06-30integrity: Introduce struct evm_xattrThiago Jung Bauermann1-4/+4
2019-06-27keys: Replace uid/gid/perm permissions checking with an ACLDavid Howells1-1/+1
2019-06-05treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441Thomas Gleixner5-21/+5
2019-05-31Merge branch 'next-fixes-for-5.2-rc' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-0/+3
2019-05-29evm: check hash algorithm passed to init_desc()Roberto Sassu1-0/+3
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner2-0/+2
2019-05-07Merge tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-5/+5
2019-04-25crypto: shash - remove shash_desc::flagsEric Biggers1-1/+0
2019-03-27audit: link integrity evm_write_xattrs record to syscall eventRichard Guy Briggs1-5/+5
2019-02-04evm: Use defined constant for UUID representationAndy Shevchenko1-2/+1
2019-02-04evm: remove set but not used variable 'xattr'YueHaibing1-5/+1
2018-12-27Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2018-12-12security: audit and remove any unnecessary uses of module.hPaul Gortmaker3-3/+2
2018-12-12security: integrity: make evm_main explicitly non-modularPaul Gortmaker1-4/+1
2018-11-20crypto: drop mask=CRYPTO_ALG_ASYNC from 'shash' tfm allocationsEric Biggers1-2/+1
2018-10-10security/integrity: constify some read-only dataEric Biggers1-2/+2
2018-07-22EVM: fix return value check in evm_write_xattrs()Wei Yongjun1-2/+2
2018-07-18evm: Allow non-SHA1 digital signaturesMatthew Garrett4-31/+46
2018-07-18evm: Don't deadlock if a crypto algorithm is unavailableMatthew Garrett1-1/+2
2018-06-07Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds5-42/+271
2018-06-01EVM: unlock on error path in evm_read_xattrs()Dan Carpenter1-1/+3
2018-05-31EVM: prevent array underflow in evm_write_xattrs()Dan Carpenter1-1/+1
2018-05-31EVM: Fix null dereference on xattr when xattr fails to allocateColin Ian King1-2/+4
2018-05-31EVM: fix memory leak of temporary buffer 'temp'Colin Ian King1-0/+2
2018-05-18EVM: Allow runtime modification of the set of verified xattrsMatthew Garrett4-4/+188
2018-05-18EVM: turn evm_config_xattrnames into a listMatthew Garrett3-39/+57
2018-05-17integrity: Add an integrity directory in securityfsMatthew Garrett1-3/+24
2018-05-03evm: Don't update hmacs in user ns mountsSeth Forshee1-1/+2
2018-03-25evm: check for remount ro in progress before writingSascha Hauer1-2/+6
2018-03-23evm: Constify *integrity_status_msg[]Hernán Gonzalez1-1/+1
2018-03-23evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.cHernán Gonzalez3-4/+3
2017-12-11EVM: Add support for portable signature formatMatthew Garrett3-20/+86
2017-12-11EVM: Allow userland to permit modification of EVM-protected metadataMatthew Garrett3-12/+53
2017-11-08EVM: Only complain about a missing HMAC key onceMatthew Garrett1-1/+1
2017-11-08EVM: Allow userspace to signal an RSA key has been loadedMatthew Garrett2-12/+20
2017-11-08EVM: Include security.apparmor in EVM measurementsMatthew Garrett1-0/+3
2017-06-05fs: switch ->s_uuid to uuid_tChristoph Hellwig1-1/+1
2017-03-02sched/headers: Prepare to remove the <linux/magic.h> include from <linux/sche...Ingo Molnar1-0/+2
2016-12-14Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-2/+10
2016-12-02Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"Eric W. Biederman1-2/+10
2016-11-13security/integrity: Harden against malformed xattrsSeth Forshee1-0/+4
2016-10-07xattr: Add __vfs_{get,set,remove}xattr helpersAndreas Gruenbacher2-5/+6
2016-07-05evm: Translate user/group ids relative to s_user_ns when computing HMACSeth Forshee1-2/+2
2016-04-11->getxattr(): pass dentry and inode as separate argumentsAl Viro1-1/+1
2016-04-10don't bother with ->d_inode->i_sb - it's always equal to ->d_sbAl Viro1-2/+2
2016-02-12EVM: Use crypto_memneq() for digest comparisonsRyan Ware1-1/+2
2015-12-15evm: EVM_LOAD_X509 depends on EVMArnd Bergmann1-1/+1
2015-12-15evm: reset EVM status when file attributes changeDmitry Kasatkin1-0/+13
2015-12-15evm: provide a function to set the EVM key from the kernelDmitry Kasatkin2-14/+46
2015-12-15evm: enable EVM when X509 certificate is loadedDmitry Kasatkin4-3/+14
2015-12-15evm: load an x509 certificate from the kernelDmitry Kasatkin2-0/+24
2015-11-23integrity: define '.evm' as a builtin 'trusted' keyringDmitry Kasatkin1-3/+5
2015-10-21KEYS: Merge the type-specific data with the payload dataDavid Howells1-1/+1
2015-05-21evm: fix potential race when removing xattrsDmitry Kasatkin1-4/+3
2015-05-21evm: labeling pseudo filesystems exceptionMimi Zohar1-0/+11
2015-04-15VFS: security/: d_backing_inode() annotationsDavid Howells2-11/+11
2015-01-07kconfig: use bool instead of boolean for type definition attributesChristoph Jaeger1-1/+1
2014-12-14Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds1-3/+8
2014-10-28evm: check xattr value length and type in evm_inode_setxattr()Dmitry Kasatkin1-3/+6
2014-10-07evm: skip replacing EVM signature with HMAC on read-only filesystemDmitry Kasatkin1-3/+8
2014-09-09integrity: base integrity subsystem kconfig options on integrityDmitry Kasatkin1-8/+0
2014-09-09evm: properly handle INTEGRITY_NOXATTRS EVM statusDmitry Kasatkin1-0/+7
2014-09-08evm: prevent passing integrity check if xattr read failsDmitry Kasatkin1-3/+4
2014-09-02evm: fix checkpatch warningsDmitry Kasatkin1-3/+0
2014-06-12evm: prohibit userspace writing 'security.evm' HMAC valueMimi Zohar1-2/+10
2014-06-12evm: provide option to protect additional SMACK xattrsDmitry Kasatkin2-0/+22
2014-06-12evm: replace HMAC version with attribute maskDmitry Kasatkin4-11/+33
2014-04-12Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds2-2/+2
2014-04-01get rid of pointless checks for NULL ->i_opAl Viro2-2/+2
2014-03-07evm: enable key retention service automaticallyDmitry Kasatkin1-2/+3
2014-03-07evm: EVM does not use MD5Dmitry Kasatkin1-1/+0
2014-03-07integrity: fix checkpatch errorsDmitry Kasatkin2-16/+16
2014-03-07security: integrity: Use a more current logging styleJoe Perches3-5/+11
2013-10-25ima: pass full xattr with the signatureDmitry Kasatkin1-2/+2
2013-10-25ima: fix script messagesDmitry Kasatkin1-1/+2
2013-07-25xattr: Constify ->name member of "struct xattr".Tetsuo Handa1-1/+1
2013-06-20evm: audit integrity metadata failuresMimi Zohar1-1/+14
2013-02-21Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds5-16/+18
2013-02-06evm: add file system uuid to EVM hmacDmitry Kasatkin4-0/+18
2013-01-22evm: checking if removexattr is not a NULLDmitry Kasatkin1-2/+2
2013-01-16evm: remove unused cleanup functionsDmitry Kasatkin3-16/+0
2012-10-02Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds1-0/+3
2012-09-21userns: Convert EVM to deal with kuids and kgids in it's hmac computationEric W. Biederman1-2/+2
2012-09-07ima: integrity appraisal extensionMimi Zohar1-0/+3
2012-01-09Merge branch 'next' into for-linusJames Morris3-36/+146
2011-12-20evm: prevent racing during tfm allocationDmitry Kasatkin1-0/+9
2011-12-20evm: key must be set once during initializationDmitry Kasatkin1-4/+6
2011-12-08evm: prevent racing during tfm allocationDmitry Kasatkin1-3/+11
2011-12-08evm: key must be set once during initializationDmitry Kasatkin1-7/+8
2011-11-09evm: digital signature verification supportDmitry Kasatkin3-30/+142
2011-09-14evm: permit mode bits to be updatedMimi Zohar1-17/+13
2011-09-14evm: posix acls modify i_modeMimi Zohar3-5/+46
2011-09-14evm: limit verifying current security.evm integrityMimi Zohar1-34/+24
2011-09-14evm: remove TCG_TPM dependencyMimi Zohar1-2/+1
2011-08-18evm: add Kconfig TCG_TPM dependencyMimi Zohar1-1/+1
2011-08-11evm: fix evm_inode_init_security return codeMimi Zohar1-1/+1
2011-08-09EVM: ensure trusted and encypted key symbols are available to EVMJames Morris1-1/+3
2011-07-18evm: add evm_inode_setattr to prevent updating an invalid security.evmMimi Zohar1-0/+15
2011-07-18evm: permit only valid security.evm xattrs to be updatedMimi Zohar1-14/+63
2011-07-18evm: replace hmac_status with evm_statusDmitry Kasatkin1-7/+7
2011-07-18evm: evm_verify_hmac must not return INTEGRITY_UNKNOWNDmitry Kasatkin1-6/+5
2011-07-18evm: additional parameter to pass integrity cache entry 'iint'Dmitry Kasatkin1-10/+8
2011-07-18evm: crypto hash replaced by shashDmitry Kasatkin3-44/+56
2011-07-18evm: add evm_inode_init_security to initialize new filesMimi Zohar3-0/+61
2011-07-18security: imbed evm calls in security hooksMimi Zohar1-0/+1
2011-07-18evm: add support for different security.evm data typesDmitry Kasatkin2-9/+12
2011-07-18evm: re-releaseMimi Zohar6-0/+626
generated by cgit 1.3-korg (git 2.53.0) at 2026-06-01 04:49:50 +0000