aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2024-03-12Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds17-424/+630
2024-02-16integrity: eliminate unnecessary "Problem loading X.509 certificate" msgCoiby Xu1-1/+2
2024-02-15integrity: Remove LSMRoberto Sassu2-220/+2
2024-02-15ima: Make it independent from 'integrity' LSMRoberto Sassu9-116/+308
2024-02-15evm: Make it independent from 'integrity' LSMRoberto Sassu6-24/+79
2024-02-15evm: Move to LSM infrastructureRoberto Sassu1-16/+102
2024-02-15ima: Move IMA-Appraisal to LSM infrastructureRoberto Sassu3-9/+35
2024-02-15ima: Move to LSM infrastructureRoberto Sassu5-21/+66
2024-02-15integrity: Move integrity_kernel_module_request() to IMARoberto Sassu2-23/+33
2024-02-15evm: Align evm_inode_post_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15evm: Align evm_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15evm: Align evm_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15ima: Align ima_post_read_file() definition with LSM infrastructureRoberto Sassu1-1/+1
2024-02-15ima: Align ima_inode_removexattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-15ima: Align ima_inode_setxattr() definition with LSM infrastructureRoberto Sassu1-2/+3
2024-02-15ima: Align ima_file_mprotect() definition with LSM infrastructureRoberto Sassu1-2/+4
2024-02-15ima: Align ima_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-01-09Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-6/+46
2024-01-09Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+2
2024-01-08mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDERKirill A. Shutemov1-1/+1
2023-12-20kexec_file: print out debugging message if requiredBaoquan He1-2/+2
2023-12-20evm: add support to disable EVM on unsupported filesystemsMimi Zohar1-1/+34
2023-12-20evm: don't copy up 'security.evm' xattrMimi Zohar1-0/+7
2023-11-27ima: Remove EXPERIMENTAL from KconfigEric Snowberg1-1/+1
2023-11-27ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARYEric Snowberg1-5/+5
2023-11-02Merge tag 'mm-nonmm-stable-2023-11-02-14-08' of git://git.kernel.org/pub/scm/...Linus Torvalds1-1/+1
2023-11-02Merge tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/...Linus Torvalds1-2/+1
2023-11-02Merge tag 'integrity-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-34/+81
2023-10-31ima: detect changes to the backing overlay fileMimi Zohar3-1/+22
2023-10-31integrity: fix indentation of config attributesPrasad Pandit1-22/+22
2023-10-31ima: annotate iint mutex to avoid lockdep false positive warningsAmir Goldstein1-11/+37
2023-10-30Merge tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds1-2/+0
2023-10-30Merge tag 'hardening-v6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-3/+3
2023-10-24integrity: powerpc: Do not select CA_MACHINE_KEYRINGMichal Suchanek1-2/+0
2023-10-20ima: Add __counted_by for struct modsig and use struct_size()Gustavo A. R. Silva1-3/+3
2023-10-18treewide: mark stuff as __ro_after_initAlexey Dobriyan1-1/+1
2023-09-27ima: rework CONFIG_IMA dependency blockArnd Bergmann1-12/+6
2023-09-26ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigOleksandr Tymoshenko1-2/+2
2023-09-15evm: Do not include crypto/algapi.hHerbert Xu1-2/+1
2023-08-30Merge tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds5-30/+16
2023-08-30Merge tag 'lsm-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-10/+44
2023-08-29Merge tag 'tpmdd-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkk...Linus Torvalds9-13/+93
2023-08-28Merge tag 's390-6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/...Linus Torvalds1-2/+2
2023-08-18integrity: Annotate struct ima_rule_opt_list with __counted_byKees Cook1-2/+2
2023-08-18s390/ipl: fix virtual vs physical address confusionAlexander Gordeev1-2/+2
2023-08-17integrity: PowerVM support for loading third party code signing keysNayna Jain3-0/+30
2023-08-17integrity: PowerVM machine keyring enablementNayna Jain1-1/+3
2023-08-17integrity: check whether imputed trust is enabledNayna Jain4-6/+22
2023-08-17integrity: remove global variable from machine_keyring.cNayna Jain1-2/+2
2023-08-17integrity: ignore keys failing CA restrictions on non-UEFI platformNayna Jain1-1/+1
2023-08-17integrity: PowerVM support for loading CA keys on machine keyringNayna Jain3-0/+30
2023-08-17integrity: Enforce digitalSignature usage in the ima and evm keyringsEric Snowberg3-4/+6
2023-08-07kexec_lock: Replace kexec_mutex() by kexec_lock() in two commentsWenyu Liu1-1/+1
2023-08-01ima: require signed IMA policy when UEFI secure boot is enabledCoiby Xu1-0/+3
2023-08-01integrity: Always reference the blacklist keyring with appraisalEric Snowberg2-17/+12
2023-08-01ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigNayna Jain1-12/+0
2023-07-10evm: Support multiple LSMs providing an xattrRoberto Sassu3-7/+37
2023-07-10evm: Align evm_inode_init_security() definition with LSM infrastructureRoberto Sassu1-6/+10
2023-06-30Merge tag 'powerpc-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-14/+26
2023-06-27Merge tag 'integrity-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds7-16/+32
2023-06-21security/integrity: fix pointer to ESL data and its size on pseriesNayna Jain1-14/+26
2023-06-14fsverity: rework fsverity_get_digest() againEric Biggers1-19/+12
2023-06-06ima: Fix build warningsRoberto Sassu2-1/+5
2023-06-06evm: Fix build warningsRoberto Sassu2-2/+2
2023-06-05evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-06-01integrity: Fix possible multiple allocation in integrity_inode_get()Tianjia Zhang1-6/+9
2023-05-23IMA: use vfs_getattr_nosec to get the i_versionJeff Layton2-7/+14
2023-04-29Merge tag 'integrity-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-1/+1
2023-04-27Merge tag 'mm-stable-2023-04-27-15-30' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2023-04-24Merge tag 'tpmdd-v6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j...Linus Torvalds2-3/+28
2023-04-24integrity: machine keyring CA configurationEric Snowberg2-3/+28
2023-04-05mm, treewide: redefine MAX_ORDER sanelyKirill A. Shutemov1-1/+1
2023-03-15IMA: allow/fix UML buildsRandy Dunlap1-1/+1
2023-03-10Revert "integrity: double check iint_cache was initialized"Roberto Sassu1-8/+0
2023-03-10security: Introduce LSM_ORDER_LAST and set it for the integrity LSMRoberto Sassu1-0/+1
2023-02-25Merge tag 'powerpc-6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-15/+32
2023-02-22Merge tag 'integrity-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-29/+58
2023-02-13integrity/powerpc: Support loading keys from PLPKSRussell Currey1-7/+10
2023-02-13integrity/powerpc: Improve error handling & reporting when loading certsRussell Currey1-6/+20
2023-02-12powerpc/secvar: Use u64 in secvar_operationsMichael Ellerman1-2/+2
2023-01-31ima: Introduce MMAP_CHECK_REQPROT hookRoberto Sassu5-6/+32
2023-01-31ima: Align ima_file_mmap() parameters with mmap_file LSM hookRoberto Sassu1-2/+5
2023-01-31evm: call dump_security_xattr() in all cases to remove code duplicationXiu Jianfeng1-17/+16
2023-01-19fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port i_{g,u}id_{needs_}update() to mnt_idmapChristian Brauner1-3/+2
2023-01-19fs: port acl to mnt_idmapChristian Brauner2-7/+7
2023-01-19fs: port xattr to mnt_idmapChristian Brauner9-47/+48
2023-01-19fs: port ->permission() to pass mnt_idmapChristian Brauner4-7/+7
2023-01-19fs: port ->setattr() to pass mnt_idmapChristian Brauner2-4/+5
2023-01-18ima: fix ima_delete_rules() kernel-doc warningRandy Dunlap1-1/+2
2023-01-18ima: return IMA digest value only when IMA_COLLECTED flag is setMatt Bobrowski1-1/+1
2023-01-18ima: fix error handling logic when file measurement failedMatt Bobrowski2-2/+2
2022-12-21Merge tag 'fs.vfsuid.ima.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+24
2022-12-13Merge tag 'integrity-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-22/+54
2022-12-13Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-17/+23
2022-12-13mnt_idmapping: move ima-only helpers to imaChristian Brauner1-0/+24
2022-12-12Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-16/+18
2022-11-28ima: Fix hash dependency to correct algorithmTianjia Zhang1-1/+1
2022-11-18lsm,fs: fix vfs_getxattr_alloc() return type and caller error pathsPaul Moore6-17/+23
2022-11-16ima: Fix misuse of dereference of pointer in template_desc_init_fields()Xiu Jianfeng1-2/+2
2022-11-16integrity: Fix memory leakage in keyring allocation error pathGUO Zihua1-1/+5
2022-11-03ima: Fix memory leak in __ima_inode_hash()Roberto Sassu1-1/+6
2022-11-02ima: Handle -ESTALE returned by ima_filter_rule_match()GUO Zihua1-9/+32
2022-11-02ima: Simplify ima_lsm_copy_ruleGUO Zihua1-7/+3
2022-11-02ima: Fix a potential NULL pointer access in ima_restore_measurement_listHuaxin Lu1-1/+4
2022-11-01efi: Add iMac Pro 2017 to uefi skip cert quirkAditya Garg1-0/+1
2022-10-28evm: remove dead code in evm_inode_set_acl()Christian Brauner1-3/+2
2022-10-26ima: use type safe idmapping helpersChristian Brauner1-16/+18
2022-10-20evm: remove evm_xattr_acl_change()Christian Brauner1-64/+0
2022-10-20integrity: implement get and set acl hookChristian Brauner2-1/+91
2022-10-03Merge tag 'fs.acl.rework.prep.v6.1' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-3/+14
2022-09-30efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-23ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-01Merge tag 'x86_kdump_for_v6.0_rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-5/+7
2022-07-20lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-07-13ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-13ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-07ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-06ima: fix violation measurement list recordMimi Zohar1-3/+3
2022-07-01x86/kexec: Carry forward IMA measurement log on kexecJonathan McDowell1-1/+1
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner1-3/+5
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-05-24Merge tag 'integrity-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+395
2022-05-23certs: Factor out the blacklist hash creationMickaël Salaün1-24/+2
2022-05-16integrity: Fix sparse warnings in keyring_handlerStefan Berger1-3/+3
2022-05-16evm: Clean up some variablesStefan Berger2-4/+1
2022-05-16evm: Return INTEGRITY_PASS for enum integrity_status value '0'Stefan Berger1-1/+1
2022-05-15efi: Do not import certificates from UEFI Secure Boot for T2 MacsAditya Garg2-0/+41
2022-05-05ima: support fs-verity file digest based version 3 signaturesMimi Zohar5-16/+177
2022-05-05ima: permit fsverity's file digests in the IMA measurement listMimi Zohar5-8/+90
2022-05-05ima: define a new template field named 'd-ngv2' and templatesMimi Zohar3-11/+73
2022-05-01ima: use IMA default hash algorithm for integrity violationsMimi Zohar1-1/+1
2022-05-01ima: fix 'd-ng' comments and documentationMimi Zohar1-3/+5
2022-04-07ima: remove the IMA_TEMPLATE Kconfig optionGUO Zihua1-8/+6
2022-04-04ima: remove redundant initialization of pointer 'file'.Colin Ian King1-1/+1
2022-03-24Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-18/+39
2022-03-21Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-35/+49
2022-03-21Merge tag 'for-5.18/block-2022-03-18' of git://git.kernel.dk/linux-blockLinus Torvalds1-1/+0
2022-03-10ima: Always return a file measurement in ima_file_hash()Roberto Sassu1-13/+33
2022-03-10ima: Fix documentation-related warnings in ima_main.cRoberto Sassu1-5/+6
2022-03-08integrity: Only use machine keyring when uefi_check_trust_mok_keys is trueEric Snowberg4-2/+23
2022-03-08integrity: Trust MOK keys if MokListTrustedRT foundEric Snowberg1-0/+19
2022-03-08KEYS: store reference to machine keyringEric Snowberg1-0/+2
2022-03-08integrity: add new keyring handler for mok keysEric Snowberg3-3/+23
2022-03-08integrity: Introduce a Linux keyring called machineEric Snowberg5-3/+78
2022-03-08integrity: Fix warning about missing prototypesEric Snowberg1-0/+1
2022-02-22EVM: fix the evm= __setup handler return valueRandy Dunlap1-1/+1
2022-02-15ima: define ima_max_digest_data struct without a flexible array variableMimi Zohar5-18/+17
2022-02-15ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGSMimi Zohar3-4/+4
2022-02-15ima: Return error code obtained from securityfs functionsStefan Berger1-8/+23
2022-02-15ima: Fix trivial typos in the commentsAustin Kim4-4/+4
2022-02-02ima: Do not print policy rule with inactive LSM labelsStefan Berger1-0/+8
2022-02-02ima: Allow template selection with ima_template[_fmt]= after ima_hash=Roberto Sassu1-3/+7
2022-02-02ima: Remove ima_policy file before directoryStefan Berger1-1/+1
2022-02-02integrity: check the return value of audit_log_start()Xiaoke Wang1-0/+2
2022-02-02block: remove genhd.hChristoph Hellwig1-1/+0
2022-01-24ima: fix reference leak in asymmetric_verify()Eric Biggers1-6/+9
2022-01-11Merge tag 'integrity-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-3/+8
2022-01-05ima: silence measurement list hexdump during kexecBruno Meneguele1-3/+3
2021-12-24integrity: Do not load MOK and MOKx when secure boot be disabledLee, Chun-Yi1-0/+5
2021-11-22lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()Paul Moore2-8/+8
2021-10-28evm: mark evm_fixmode as __ro_after_initAustin Kim1-1/+1
2021-10-09ima: Use strscpy instead of strlcpyPetr Vorel2-2/+2
2021-10-09ima_policy: Remove duplicate 'the' in docs commentPetr Vorel1-2/+1
2021-10-09ima: add gid supportCurtis Veit1-27/+174
2021-10-09ima: fix uid code style problemsAlex Henrie1-4/+6
2021-10-09ima: fix deadlock when traversing "ima_default_rules".liqiong1-9/+18
2021-09-02Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds10-65/+316
2021-08-31Merge tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2021-08-27efi: Don't use knowledge about efi_guid_t internalsAndy Shevchenko1-1/+1
2021-08-23IMA: reject unknown hash algorithms in ima_get_hash_algoTHOBY Simon1-1/+2
2021-08-16IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithmsTHOBY Simon1-0/+6
2021-08-16IMA: introduce a new policy option func=SETXATTR_CHECKTHOBY Simon4-17/+96
2021-08-16IMA: add a policy option to restrict xattr hash algorithms on appraisalTHOBY Simon1-4/+70
2021-08-16IMA: add support to restrict the hash algorithms used for file appraisalTHOBY Simon5-12/+41
2021-08-16IMA: block writes of the security.ima xattr with unsupported algorithmsTHOBY Simon2-4/+47
2021-08-16IMA: remove the dependency on CRYPTO_MD5THOBY Simon1-1/+0
2021-08-10dm ima: measure data on table loadTushar Sugandhi1-0/+1
2021-07-23ima: Add digest and digest_len params to the functions to measure a bufferRoberto Sassu6-15/+32
2021-07-23ima: Return int in the functions to measure a bufferRoberto Sassu2-22/+28
2021-07-23ima: Introduce ima_get_current_hash_algo()Roberto Sassu1-1/+6
2021-07-23IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-11IMA: support for duplicate measurement recordsTushar Sugandhi2-2/+10
2021-06-11ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'Lakshmi Ramasubramanian1-0/+1
2021-06-10ima: differentiate between EVM failures in the audit logMimi Zohar1-1/+2
2021-06-08ima: Fix fall-through warning for ClangGustavo A. R. Silva1-0/+1
2021-06-08ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()Roberto Sassu1-1/+1
2021-06-08ima: Include header defining ima_post_key_create_or_update()Roberto Sassu1-0/+1
2021-06-08ima/evm: Fix type mismatchRoberto Sassu4-11/+12
2021-06-08ima: Set correct casting typesRoberto Sassu2-9/+10
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-03ima: Define new template evm-sigRoberto Sassu1-1/+4
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-09 07:06:23 +0000