What: security/evm Date: March 2011 Contact: Mimi Zohar <zohar@us.ibm.com> Description: EVM protects a file's security extended attributes(xattrs) against integrity attacks. The initial method maintains an HMAC-sha1 value across the extended attributes, storing the value as the extended attribute 'security.evm'. EVM depends on the Kernel Key Retention System to provide it with a trusted/encrypted key for the HMAC-sha1 operation. The key is loaded onto the root's keyring using keyctl. Until EVM receives notification that the key has been successfully loaded onto the keyring (echo 1 > <securityfs>/evm), EVM can not create or validate the 'security.evm' xattr, but returns INTEGRITY_UNKNOWN. Loading the key and signaling EVM should be done as early as possible. Normally this is done in the initramfs, which has already been measured as part of the trusted boot. For more information on creating and loading existing trusted/encrypted keys, refer to: Documentation/keys-trusted-encrypted.txt. (A sample dracut patch, which loads the trusted/encrypted key and enables EVM, is available from http://linux-ima.sourceforge.net/#EVM.) |