linux/Documentation/ABI/testing/evm
<<
>>
Prefs 
   1What:           security/evm
   2Date:           March 2011
   3Contact:        Mimi Zohar <zohar@us.ibm.com>
   4Description:
   5                EVM protects a file's security extended attributes(xattrs)
   6                against integrity attacks. The initial method maintains an
   7                HMAC-sha1 value across the extended attributes, storing the
   8                value as the extended attribute 'security.evm'.
   9
  10                EVM depends on the Kernel Key Retention System to provide it
  11                with a trusted/encrypted key for the HMAC-sha1 operation.
  12                The key is loaded onto the root's keyring using keyctl.  Until
  13                EVM receives notification that the key has been successfully
  14                loaded onto the keyring (echo 1 > <securityfs>/evm), EVM
  15                can not create or validate the 'security.evm' xattr, but
  16                returns INTEGRITY_UNKNOWN.  Loading the key and signaling EVM
  17                should be done as early as possible.  Normally this is done
  18                in the initramfs, which has already been measured as part
  19                of the trusted boot.  For more information on creating and
  20                loading existing trusted/encrypted keys, refer to:
  21                Documentation/keys-trusted-encrypted.txt.  (A sample dracut
  22                patch, which loads the trusted/encrypted key and enables
  23                EVM, is available from http://linux-ima.sourceforge.net/#EVM.)
  24
The original LXR software by the LXR community, this experimental version by lxr@linux.no.
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.