kernel/linux.git/security/integrity/evm/evm_main.c, branch linux-7.1.y

evm: Enforce signatures version 3 with new EVM policy 'bit 3'

2026-04-01T14:16:53+00:00

Enable the configuration of EVM so that it requires that asymmetric signatures it accepts are of version 3 (sigv3). To enable this, introduce bit 3 (value 0x0008) that the user may write to EVM's securityfs policy configuration file 'evm' for sigv3 enforcement. Mention bit 3 in the documentation. Signed-off-by: Stefan Berger Signed-off-by: Mimi Zohar

ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures

2026-04-01T14:14:30+00:00

Define asymmetric_verify_v3() to calculate the hash of the struct ima_file_id, before calling asymmetric_verify() to verify the signature. Move and update the existing calc_file_id_hash() function with a simpler, self contained version. In addition to the existing hash data and hash data length arguments, also pass the hash algorithm. Suggested-by: Stefan Berger Tested-by: Stefan Berger Acked-by: Eric Biggers Signed-off-by: Mimi Zohar

evm: fix security.evm for a file with IMA signature

2026-03-05T16:39:39+00:00

When both IMA and EVM fix modes are enabled, accessing a file with IMA signature but missing EVM HMAC won't cause security.evm to be fixed. Add a function evm_fix_hmac which will be explicitly called to fix EVM HMAC for this case. Suggested-by: Mimi Zohar Signed-off-by: Coiby Xu Signed-off-by: Mimi Zohar

evm: Don't enable fix mode when secure boot is enabled

2026-03-05T16:10:08+00:00

Similar to IMA fix mode, forbid EVM fix mode when secure boot is enabled. Reported-and-suggested-by: Mimi Zohar Suggested-by: Roberto Sassu Signed-off-by: Coiby Xu Signed-off-by: Mimi Zohar

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21T09:02:28+00:00

This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook

ima,evm: move initcalls to the LSM framework

2025-10-22T23:24:27+00:00

This patch converts IMA and EVM to use the LSM frameworks's initcall mechanism. It moved the integrity_fs_init() call to ima_fs_init() and evm_init_secfs(), to work around the fact that there is no "integrity" LSM, and introduced integrity_fs_fini() to remove the integrity directory, if empty. Both integrity_fs_init() and integrity_fs_fini() support the scenario of being called by both the IMA and EVM LSMs. This patch does not touch any of the platform certificate code that lives under the security/integrity/platform_certs directory as the IMA/EVM developers would prefer to address that in a future patchset. Signed-off-by: Roberto Sassu Acked-by: Mimi Zohar [PM: adjust description as discussed over email] Signed-off-by: Paul Moore

lsm: replace the name field with a pointer to the lsm_id struct

2025-10-22T23:24:18+00:00

Reduce the duplication between the lsm_id struct and the DEFINE_LSM() definition by linking the lsm_id struct directly into the individual LSM's DEFINE_LSM() instance. Linking the lsm_id into the LSM definition also allows us to simplify the security_add_hooks() function by removing the code which populates the lsm_idlist[] array and moving it into the normal LSM startup code where the LSM list is parsed and the individual LSMs are enabled, making for a cleaner implementation with less overhead at boot. Reviewed-by: Kees Cook Reviewed-by: John Johansen Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar Signed-off-by: Paul Moore

integrity: fix typos and spelling errors

2025-02-05T02:36:43+00:00

Fix typos and spelling errors in integrity module comments that were identified using the codespell tool. No functional changes - documentation only. Signed-off-by: Tanya Agarwal Reviewed-by: Mimi Zohar Signed-off-by: Mimi Zohar

evm: stop avoidably reading i_writecount in evm_file_release

2024-10-10T02:49:40+00:00

The EVM_NEW_FILE flag is unset if the file already existed at the time of open and this can be checked without looking at i_writecount. Not accessing it reduces traffic on the cacheline during parallel open of the same file and drop the evm_file_release routine from second place to bottom of the profile. Fixes: 75a323e604fc ("evm: Make it independent from 'integrity' LSM") Signed-off-by: Mateusz Guzik Reviewed-by: Roberto Sassu Cc: stable@vger.kernel.org # 6.9+ Signed-off-by: Mimi Zohar

lsm: Refactor return value of LSM hook inode_copy_up_xattr

2024-07-31T18:47:09+00:00

To be consistent with most LSM hooks, convert the return value of hook inode_copy_up_xattr to 0 or a negative error code. Before: - Hook inode_copy_up_xattr returns 0 when accepting xattr, 1 when discarding xattr, -EOPNOTSUPP if it does not know xattr, or any other negative error code otherwise. After: - Hook inode_copy_up_xattr returns 0 when accepting xattr, *-ECANCELED* when discarding xattr, -EOPNOTSUPP if it does not know xattr, or any other negative error code otherwise. Signed-off-by: Xu Kuohai Reviewed-by: Casey Schaufler Signed-off-by: Paul Moore