diff options
| author | Jason Gunthorpe <jgg@nvidia.com> | 2020-11-17 15:20:26 -0400 |
|---|---|---|
| committer | Jason Gunthorpe <jgg@nvidia.com> | 2020-11-17 15:20:26 -0400 |
| commit | bf3b7b7ba9e3db55d164ec7bf05e6947f79637cd (patch) | |
| tree | 7de81ebc8339c2a985b2af0e360368e281564c93 /Documentation/ABI/testing/evm | |
| parent | 8a7904a672a1d33c848e5129f886ee69e0773a2e (diff) | |
| parent | dabbd6abcdbeb1358a53ec28a244429320eb0e3a (diff) | |
| download | lwn-bf3b7b7ba9e3db55d164ec7bf05e6947f79637cd.tar.gz lwn-bf3b7b7ba9e3db55d164ec7bf05e6947f79637cd.zip | |
Merge branch 'for-rc' into rdma.git
From https://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git
The rc RDMA branch is needed due to dependencies on the next patches.
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'Documentation/ABI/testing/evm')
| -rw-r--r-- | Documentation/ABI/testing/evm | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index 201d10319fa1..3c477ba48a31 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -17,26 +17,33 @@ Description: echoing a value to <securityfs>/evm made up of the following bits: + === ================================================== Bit Effect + === ================================================== 0 Enable HMAC validation and creation 1 Enable digital signature validation 2 Permit modification of EVM-protected metadata at runtime. Not supported if HMAC validation and creation is enabled. 31 Disable further runtime modification of EVM policy + === ================================================== - For example: + For example:: - echo 1 ><securityfs>/evm + echo 1 ><securityfs>/evm will enable HMAC validation and creation - echo 0x80000003 ><securityfs>/evm + :: + + echo 0x80000003 ><securityfs>/evm will enable HMAC and digital signature validation and HMAC creation and disable all further modification of policy. - echo 0x80000006 ><securityfs>/evm + :: + + echo 0x80000006 ><securityfs>/evm will enable digital signature validation, permit modification of EVM-protected metadata and @@ -65,7 +72,7 @@ Description: Shows the set of extended attributes used to calculate or validate the EVM signature, and allows additional attributes to be added at runtime. Any signatures generated after - additional attributes are added (and on files posessing those + additional attributes are added (and on files possessing those additional attributes) will only be valid if the same additional attributes are configured on system boot. Writing a single period (.) will lock the xattr list from any further |