| What: security/evm |
| Date: March 2011 |
| Contact: Mimi Zohar <zohar@us.ibm.com> |
| Description: |
| EVM protects a file's security extended attributes(xattrs) |
| against integrity attacks. The initial method maintains an |
| HMAC-sha1 value across the extended attributes, storing the |
| value as the extended attribute 'security.evm'. |
| |
| EVM depends on the Kernel Key Retention System to provide it |
| with a trusted/encrypted key for the HMAC-sha1 operation. |
| The key is loaded onto the root's keyring using keyctl. Until |
| EVM receives notification that the key has been successfully |
| loaded onto the keyring (echo 1 > <securityfs>/evm), EVM |
| can not create or validate the 'security.evm' xattr, but |
| returns INTEGRITY_UNKNOWN. Loading the key and signaling EVM |
| should be done as early as possible. Normally this is done |
| in the initramfs, which has already been measured as part |
| of the trusted boot. For more information on creating and |
| loading existing trusted/encrypted keys, refer to: |
| Documentation/keys-trusted-encrypted.txt. (A sample dracut |
| patch, which loads the trusted/encrypted key and enables |
| EVM, is available from http://linux-ima.sourceforge.net/#EVM.) |
