]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
evm: fix security.evm for a file with IMA signature
authorCoiby Xu <coxu@redhat.com>
Tue, 30 Sep 2025 02:26:56 +0000 (10:26 +0800)
committerMimi Zohar <zohar@linux.ibm.com>
Thu, 5 Mar 2026 16:39:39 +0000 (11:39 -0500)
commit0ec959cf4b5a609d7f27bf84064ef5372e30ab80
treea748f2f6a7f99bf1ae9519bad42f30025df3d2fb
parenta2e507afd9a25e333b7a58082f5db8c4de2bd12d
evm: fix security.evm for a file with IMA signature

When both IMA and EVM fix modes are enabled, accessing a file with IMA
signature but missing EVM HMAC won't cause security.evm to be fixed.

Add a function evm_fix_hmac which will be explicitly called to fix EVM
HMAC for this case.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
include/linux/evm.h
security/integrity/evm/evm_main.c
security/integrity/ima/ima_appraise.c