Commit | Line | Data |
---|---|---|
66dbc325 MZ |
1 | What: security/evm |
2 | Date: March 2011 | |
3 | Contact: Mimi Zohar <zohar@us.ibm.com> | |
4 | Description: | |
5 | EVM protects a file's security extended attributes(xattrs) | |
6 | against integrity attacks. The initial method maintains an | |
7 | HMAC-sha1 value across the extended attributes, storing the | |
8 | value as the extended attribute 'security.evm'. | |
9 | ||
f00d7975 MG |
10 | EVM supports two classes of security.evm. The first is |
11 | an HMAC-sha1 generated locally with a | |
12 | trusted/encrypted key stored in the Kernel Key | |
13 | Retention System. The second is a digital signature | |
14 | generated either locally or remotely using an | |
15 | asymmetric key. These keys are loaded onto root's | |
16 | keyring using keyctl, and EVM is then enabled by | |
17 | echoing a value to <securityfs>/evm: | |
18 | ||
19 | 1: enable HMAC validation and creation | |
20 | 2: enable digital signature validation | |
21 | 3: enable HMAC and digital signature validation and HMAC | |
22 | creation | |
23 | ||
24 | Further writes will be blocked if HMAC support is enabled or | |
25 | if bit 32 is set: | |
26 | ||
27 | echo 0x80000002 ><securityfs>/evm | |
28 | ||
29 | will enable digital signature validation and block | |
30 | further writes to <securityfs>/evm. | |
31 | ||
32 | Until this is done, EVM can not create or validate the | |
33 | 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. | |
34 | Loading keys and signaling EVM should be done as early | |
35 | as possible. Normally this is done in the initramfs, | |
36 | which has already been measured as part of the trusted | |
37 | boot. For more information on creating and loading | |
38 | existing trusted/encrypted keys, refer to: | |
39 | Documentation/keys-trusted-encrypted.txt. Both dracut | |
40 | (via 97masterkey and 98integrity) and systemd (via | |
41 | core/ima-setup) have support for loading keys at boot | |
42 | time. |