git.baikalelectronics.ru Git - kernel.git/commit

author	Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
	Thu, 22 Oct 2015 18:26:26 +0000 (21:26 +0300)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Tue, 15 Dec 2015 13:50:48 +0000 (08:50 -0500)
commit	48bda3d1a31e5fae5c51cf0ba9da569c944a7df3
tree	1b97563509dec74394acdb7351bf15d130284909	tree \| snapshot
parent	fbf26bb8ee6baf761978f250ef11243fd8ee4663	commit \| diff

evm: enable EVM when X509 certificate is loaded

In order to enable EVM before starting the 'init' process,
evm_initialized needs to be non-zero. Previously non-zero indicated
that the HMAC key was loaded. When EVM loads the X509 before calling
'init', with this patch it is now possible to enable EVM to start
signature based verification.

This patch defines bits to enable EVM if a key of any type is loaded.

Changes in v3:
* print error message if key is not set

Changes in v2:
* EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC
* EVM_STATE_X509_SET replaced by EVM_INIT_X509

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

security/integrity/evm/evm.h		diff \| blob \| history
security/integrity/evm/evm_crypto.c		diff \| blob \| history
security/integrity/evm/evm_main.c		diff \| blob \| history
security/integrity/evm/evm_secfs.c		diff \| blob \| history