23 lines
1.2 KiB
Text
23 lines
1.2 KiB
Text
What: security/evm
|
|
Date: March 2011
|
|
Contact: Mimi Zohar <zohar@us.ibm.com>
|
|
Description:
|
|
EVM protects a file's security extended attributes(xattrs)
|
|
against integrity attacks. The initial method maintains an
|
|
HMAC-sha1 value across the extended attributes, storing the
|
|
value as the extended attribute 'security.evm'.
|
|
|
|
EVM depends on the Kernel Key Retention System to provide it
|
|
with a trusted/encrypted key for the HMAC-sha1 operation.
|
|
The key is loaded onto the root's keyring using keyctl. Until
|
|
EVM receives notification that the key has been successfully
|
|
loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
|
|
can not create or validate the 'security.evm' xattr, but
|
|
returns INTEGRITY_UNKNOWN. Loading the key and signaling EVM
|
|
should be done as early as possible. Normally this is done
|
|
in the initramfs, which has already been measured as part
|
|
of the trusted boot. For more information on creating and
|
|
loading existing trusted/encrypted keys, refer to:
|
|
Documentation/keys-trusted-encrypted.txt. (A sample dracut
|
|
patch, which loads the trusted/encrypted key and enables
|
|
EVM, is available from http://linux-ima.sourceforge.net/#EVM.)
|