Skip to content
Commit 2fb1c9a4 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

evm: prohibit userspace writing 'security.evm' HMAC value



Calculating the 'security.evm' HMAC value requires access to the
EVM encrypted key.  Only the kernel should have access to it.  This
patch prevents userspace tools(eg. setfattr, cp --preserve=xattr)
from setting/modifying the 'security.evm' HMAC value directly.

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
parent 14503eb9
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment