Lines Matching full:evm

19 #include <linux/evm.h>
25 #include "evm.h"
67 __setup("evm=", evm_set_fixmode);
75 	pr_info("Initialising EVM extended attributes:\n");  in evm_init_config()
117  * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
120  * and compare it against the stored security.evm xattr.
265  * security.evm xattr. For performance, use the xattr value and length
296  * before EVM is initialized or in 'fix' mode.
308  * evm_protect_xattr - protect the EVM extended attribute
310  * Prevent security.evm from being modified or removed without the
314  * affect security.evm.  An interesting side affect of writing posix xattr
315  * acls is their modifying of the i_mode, which is included in security.evm.
316  * For posix xattr acls only, permit security.evm, even if it currently
317  * doesn't exist, to be updated unless the EVM signature is immutable.
366  * evm_inode_setxattr - protect the EVM extended attribute
372  * Before allowing the 'security.evm' protected xattr to be updated,
374  * access to the EVM encrypted key needed to calculate the HMAC, prevent
375  * userspace from writing HMAC value.  Writing 'security.evm' requires
401  * evm_inode_removexattr - protect the EVM extended attribute
405  * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that
429  * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
435  * Update the HMAC stored in 'security.evm' to reflect the change.
454  * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
458  * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
474  * evm_inode_setattr - prevent updating an invalid EVM extended attribute
479  * Permit update of file attributes when files have a valid EVM signature,
506  * evm_inode_post_setattr - update 'security.evm' after modifying metadata
510  * For now, update the HMAC stored in 'security.evm' to reflect UID/GID
526  * evm_inode_init_security - initializes security.evm HMAC value