[PATCH v2 00/12] IMA/EVM fixes

Mimi Zohar zohar at linux.ibm.com
Thu Sep 17 14:33:06 UTC 2020


Hi Roberto,

On Wed, 2020-09-16 at 12:14 -0400, Mimi Zohar wrote:
> On Fri, 2020-09-04 at 11:23 +0200, Roberto Sassu wrote:
> > This patch set includes various fixes for IMA and EVM.
> > 
> > Patches 1-3 are trivial fixes. 
> 
> I've queued these patches in the next-integrity-testing branch for now.
> When reposting this patch set please replace the cover letter subject
> line with a more appropriate one.
> 
> > The remaining improve support and usability
> > of EVM portable signatures. In particular patch 4 allows EVM to be used
> > without an HMAC key.
> 
> EVM already supports using EVM portable and immutable sigatures without
> an HMAC key.   
> 
> I was able to apply this patch set, but patch 10/12 does not apply
> cleanly due to the "fallthrough" line.  Please hold off on reposting,
> until I've finished reviewing the entire patch set.

Done.  Other than the one issue of clearing the EVM_RESET_STATUS in
evm_verifyxattr(), the remaining changes are straight forward.

thanks,

Mimi



More information about the Linux-security-module-archive mailing list