aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2022-12-21Merge tag 'fs.vfsuid.ima.v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+24
2022-12-13Merge tag 'integrity-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds6-22/+54
2022-12-13Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-17/+23
2022-12-13mnt_idmapping: move ima-only helpers to imaChristian Brauner1-0/+24
2022-12-12Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-16/+18
2022-11-28ima: Fix hash dependency to correct algorithmTianjia Zhang1-1/+1
2022-11-18lsm,fs: fix vfs_getxattr_alloc() return type and caller error pathsPaul Moore6-17/+23
2022-11-16ima: Fix misuse of dereference of pointer in template_desc_init_fields()Xiu Jianfeng1-2/+2
2022-11-16integrity: Fix memory leakage in keyring allocation error pathGUO Zihua1-1/+5
2022-11-03ima: Fix memory leak in __ima_inode_hash()Roberto Sassu1-1/+6
2022-11-02ima: Handle -ESTALE returned by ima_filter_rule_match()GUO Zihua1-9/+32
2022-11-02ima: Simplify ima_lsm_copy_ruleGUO Zihua1-7/+3
2022-11-02ima: Fix a potential NULL pointer access in ima_restore_measurement_listHuaxin Lu1-1/+4
2022-11-01efi: Add iMac Pro 2017 to uefi skip cert quirkAditya Garg1-0/+1
2022-10-28evm: remove dead code in evm_inode_set_acl()Christian Brauner1-3/+2
2022-10-26ima: use type safe idmapping helpersChristian Brauner1-16/+18
2022-10-20evm: remove evm_xattr_acl_change()Christian Brauner1-64/+0
2022-10-20integrity: implement get and set acl hookChristian Brauner2-1/+91
2022-10-03Merge tag 'fs.acl.rework.prep.v6.1' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-3/+14
2022-09-30efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-23ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-01Merge tag 'x86_kdump_for_v6.0_rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-5/+7
2022-07-20lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-07-13ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-13ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-07ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-06ima: fix violation measurement list recordMimi Zohar1-3/+3
2022-07-01x86/kexec: Carry forward IMA measurement log on kexecJonathan McDowell1-1/+1
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner1-3/+5
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-05-24Merge tag 'integrity-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+395
2022-05-23certs: Factor out the blacklist hash creationMickaël Salaün1-24/+2
2022-05-16integrity: Fix sparse warnings in keyring_handlerStefan Berger1-3/+3
2022-05-16evm: Clean up some variablesStefan Berger2-4/+1
2022-05-16evm: Return INTEGRITY_PASS for enum integrity_status value '0'Stefan Berger1-1/+1
2022-05-15efi: Do not import certificates from UEFI Secure Boot for T2 MacsAditya Garg2-0/+41
2022-05-05ima: support fs-verity file digest based version 3 signaturesMimi Zohar5-16/+177
2022-05-05ima: permit fsverity's file digests in the IMA measurement listMimi Zohar5-8/+90
2022-05-05ima: define a new template field named 'd-ngv2' and templatesMimi Zohar3-11/+73
2022-05-01ima: use IMA default hash algorithm for integrity violationsMimi Zohar1-1/+1
2022-05-01ima: fix 'd-ng' comments and documentationMimi Zohar1-3/+5
2022-04-07ima: remove the IMA_TEMPLATE Kconfig optionGUO Zihua1-8/+6
2022-04-04ima: remove redundant initialization of pointer 'file'.Colin Ian King1-1/+1
2022-03-24Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-18/+39
2022-03-21Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-35/+49
2022-03-21Merge tag 'for-5.18/block-2022-03-18' of git://git.kernel.dk/linux-blockLinus Torvalds1-1/+0
2022-03-10ima: Always return a file measurement in ima_file_hash()Roberto Sassu1-13/+33
2022-03-10ima: Fix documentation-related warnings in ima_main.cRoberto Sassu1-5/+6
2022-03-08integrity: Only use machine keyring when uefi_check_trust_mok_keys is trueEric Snowberg4-2/+23
2022-03-08integrity: Trust MOK keys if MokListTrustedRT foundEric Snowberg1-0/+19
2022-03-08KEYS: store reference to machine keyringEric Snowberg1-0/+2
2022-03-08integrity: add new keyring handler for mok keysEric Snowberg3-3/+23
2022-03-08integrity: Introduce a Linux keyring called machineEric Snowberg5-3/+78
2022-03-08integrity: Fix warning about missing prototypesEric Snowberg1-0/+1
2022-02-22EVM: fix the evm= __setup handler return valueRandy Dunlap1-1/+1
2022-02-15ima: define ima_max_digest_data struct without a flexible array variableMimi Zohar5-18/+17
2022-02-15ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGSMimi Zohar3-4/+4
2022-02-15ima: Return error code obtained from securityfs functionsStefan Berger1-8/+23
2022-02-15ima: Fix trivial typos in the commentsAustin Kim4-4/+4
2022-02-02ima: Do not print policy rule with inactive LSM labelsStefan Berger1-0/+8
2022-02-02ima: Allow template selection with ima_template[_fmt]= after ima_hash=Roberto Sassu1-3/+7
2022-02-02ima: Remove ima_policy file before directoryStefan Berger1-1/+1
2022-02-02integrity: check the return value of audit_log_start()Xiaoke Wang1-0/+2
2022-02-02block: remove genhd.hChristoph Hellwig1-1/+0
2022-01-24ima: fix reference leak in asymmetric_verify()Eric Biggers1-6/+9
2022-01-11Merge tag 'integrity-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-3/+8
2022-01-05ima: silence measurement list hexdump during kexecBruno Meneguele1-3/+3
2021-12-24integrity: Do not load MOK and MOKx when secure boot be disabledLee, Chun-Yi1-0/+5
2021-11-22lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()Paul Moore2-8/+8
2021-10-28evm: mark evm_fixmode as __ro_after_initAustin Kim1-1/+1
2021-10-09ima: Use strscpy instead of strlcpyPetr Vorel2-2/+2
2021-10-09ima_policy: Remove duplicate 'the' in docs commentPetr Vorel1-2/+1
2021-10-09ima: add gid supportCurtis Veit1-27/+174
2021-10-09ima: fix uid code style problemsAlex Henrie1-4/+6
2021-10-09ima: fix deadlock when traversing "ima_default_rules".liqiong1-9/+18
2021-09-02Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds10-65/+316
2021-08-31Merge tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2021-08-27efi: Don't use knowledge about efi_guid_t internalsAndy Shevchenko1-1/+1
2021-08-23IMA: reject unknown hash algorithms in ima_get_hash_algoTHOBY Simon1-1/+2
2021-08-16IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithmsTHOBY Simon1-0/+6
2021-08-16IMA: introduce a new policy option func=SETXATTR_CHECKTHOBY Simon4-17/+96
2021-08-16IMA: add a policy option to restrict xattr hash algorithms on appraisalTHOBY Simon1-4/+70
2021-08-16IMA: add support to restrict the hash algorithms used for file appraisalTHOBY Simon5-12/+41
2021-08-16IMA: block writes of the security.ima xattr with unsupported algorithmsTHOBY Simon2-4/+47
2021-08-16IMA: remove the dependency on CRYPTO_MD5THOBY Simon1-1/+0
2021-08-10dm ima: measure data on table loadTushar Sugandhi1-0/+1
2021-07-23ima: Add digest and digest_len params to the functions to measure a bufferRoberto Sassu6-15/+32
2021-07-23ima: Return int in the functions to measure a bufferRoberto Sassu2-22/+28
2021-07-23ima: Introduce ima_get_current_hash_algo()Roberto Sassu1-1/+6
2021-07-23IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-11IMA: support for duplicate measurement recordsTushar Sugandhi2-2/+10
2021-06-11ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'Lakshmi Ramasubramanian1-0/+1
2021-06-10ima: differentiate between EVM failures in the audit logMimi Zohar1-1/+2
2021-06-08ima: Fix fall-through warning for ClangGustavo A. R. Silva1-0/+1
2021-06-08ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()Roberto Sassu1-1/+1
2021-06-08ima: Include header defining ima_post_key_create_or_update()Roberto Sassu1-0/+1
2021-06-08ima/evm: Fix type mismatchRoberto Sassu4-11/+12
2021-06-08ima: Set correct casting typesRoberto Sassu2-9/+10
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-03ima: Define new template evm-sigRoberto Sassu1-1/+4
2021-06-02ima: Define new template fields xattrnames, xattrlengths and xattrvaluesRoberto Sassu4-0/+148
2021-06-01evm: Verify portable signatures against all protected xattrsRoberto Sassu4-12/+68
2021-06-01ima: Define new template field imodeRoberto Sassu3-0/+26
2021-06-01ima: Define new template fields iuid and igidRoberto Sassu3-0/+53
2021-06-01ima: Add ima_show_template_uint() template library functionRoberto Sassu2-1/+39
2021-06-01ima: Don't remove security.ima if file must not be appraisedRoberto Sassu1-2/+0
2021-06-01ima: Introduce template field evmsig and write to field sig as fallbackRoberto Sassu3-1/+36
2021-06-01ima: Allow imasig requirement to be satisfied by EVM portable signaturesRoberto Sassu1-7/+17
2021-06-01evm: Allow setxattr() and setattr() for unmodified metadataRoberto Sassu1-1/+112
2021-05-21evm: Pass user namespace to set/remove xattr hooksRoberto Sassu1-6/+11
2021-05-21evm: Allow xattr/attr operations for portable signaturesRoberto Sassu2-6/+29
2021-05-21evm: Introduce evm_hmac_disabled() to safely ignore verification errorsRoberto Sassu1-1/+38
2021-05-21evm: Introduce evm_revalidate_status()Roberto Sassu2-9/+46
2021-05-21evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loadedRoberto Sassu1-4/+4
2021-05-21evm: Load EVM key in ima_load_x509() to avoid appraisalRoberto Sassu2-1/+7
2021-05-21evm: Execute evm_inode_init_security() only when an HMAC key is loadedRoberto Sassu1-2/+3
2021-05-20evm: fix writing <securityfs>/evm overflowMimi Zohar1-2/+3
2021-05-01Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-4/+15
2021-04-28Merge tag 'devicetree-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-10/+3
2021-04-27Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-8/+8
2021-04-26Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-16/+14
2021-04-26Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds2-2/+29
2021-04-20ima: Fix fall-through warnings for ClangGustavo A. R. Silva2-0/+3
2021-04-09integrity: Add declarations to init_once void arguments.Jiele Zhao1-1/+1
2021-04-09ima: Fix function name error in comment.Jiele Zhao1-1/+1
2021-04-09ima: enable loading of build time generated key on .ima keyringNayna Jain1-0/+2
2021-03-26ima: Support EC keys for signature verificationStefan Berger1-16/+14
2021-03-24ima: Fix the error code for restoring the PCR valueLi Huafei1-2/+2
2021-03-22lsm: separate security_task_getsecid() into subjective and objective variantsPaul Moore2-8/+8
2021-03-22ima: without an IMA policy loaded, return quicklyMimi Zohar1-0/+6
2021-03-22integrity: double check iint_cache was initializedMimi Zohar1-0/+8
2021-03-11integrity: Load mokx variables into the blacklist keyringEric Snowberg1-2/+18
2021-03-11certs: Add EFI_CERT_X509_GUID support for dbx entriesEric Snowberg1-0/+11
2021-03-08powerpc: Move arch independent ima kexec functions to drivers/of/kexec.cLakshmi Ramasubramanian2-4/+1
2021-03-08powerpc: Move ima buffer fields to struct kimageLakshmi Ramasubramanian1-6/+2
2021-02-23Merge tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-3/+2
2021-02-23Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds10-54/+82
2021-02-12integrity: Make function integrity_add_key() staticWei Yongjun1-2/+2
2021-02-10Merge branch 'ima-kexec-fixes' into next-integrityMimi Zohar1-0/+3
2021-02-10ima: Free IMA measurement buffer after kexec syscallLakshmi Ramasubramanian1-0/+2
2021-02-10ima: Free IMA measurement buffer on errorLakshmi Ramasubramanian1-0/+1
2021-01-26IMA: Measure kernel version in early bootRaphael Gianotti1-0/+5
2021-01-24ima: handle idmapped mountsChristian Brauner7-40/+68
2021-01-24fs: make helpers idmap mount awareChristian Brauner1-1/+1
2021-01-24xattr: handle idmapped mountsTycho Andersen3-11/+12
2021-01-21certs: Fix blacklist flag type confusionDavid Howells1-3/+2
2021-01-14IMA: define a builtin critical data measurement policyLakshmi Ramasubramanian1-0/+12
2021-01-14IMA: extend critical data hook to limit the measurement based on a labelTushar Sugandhi1-3/+5
2021-01-14IMA: limit critical data measurement based on a labelTushar Sugandhi1-3/+34
2021-01-14IMA: add policy rule to measure critical dataTushar Sugandhi1-4/+25
2021-01-14IMA: define a hook to measure kernel integrity critical dataTushar Sugandhi3-1/+26
2021-01-14IMA: add support to measure buffer data hashTushar Sugandhi5-9/+30
2021-01-14IMA: generalize keyring specific measurement constructsTushar Sugandhi4-26/+35
2021-01-13evm: Fix memleak in init_descDinghao Liu1-2/+5
2020-12-24Merge tag 'efi_updates_for_v5.11' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-0/+77
2020-12-16Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-37/+54
2020-12-15Merge tag 'net-next-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-24/+54
2020-12-14Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-1/+1
2020-11-29ima: Don't modify file descriptor mode on the flyRoberto Sassu1-15/+5
2020-11-26ima: Implement ima_inode_hashKP Singh1-24/+54
2020-11-20ima: select ima-buf template for buffer measurementLakshmi Ramasubramanian4-16/+37
2020-11-20crypto: sha - split sha.h into sha1.h and sha2.hEric Biggers1-1/+1
2020-11-06ima: generalize x86/EFI arch glue for other EFI architecturesChester Lin2-0/+77
2020-11-02ima: defer arch_ima_get_secureboot() call to IMA init timeArd Biesheuvel2-6/+12
2020-10-29ima: Replace zero-length array with flexible-array memberGustavo A. R. Silva1-1/+1
2020-10-15Merge tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-67/+161
2020-10-15Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds4-23/+69
2020-10-13Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+11
2020-10-12Merge tag 'efi-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-19/+66
2020-10-05fs/kernel_file_read: Add "offset" arg for partial readsKees Cook2-2/+3
2020-10-05IMA: Add support for file reads without contentsScott Branden1-6/+16
2020-10-05LSM: Add "contents" flag to kernel_read_file hookKees Cook1-1/+9
2020-10-05firmware_loader: Use security_post_load_data()Kees Cook1-10/+10
2020-10-05LSM: Introduce kernel_post_load_data() hookKees Cook1-1/+23
2020-10-05fs/kernel_read_file: Add file_size output argumentKees Cook2-2/+2
2020-10-05fs/kernel_read_file: Switch buffer size arg to size_tKees Cook2-2/+2
2020-10-05fs/kernel_read_file: Remove redundant size argumentKees Cook2-4/+7
2020-10-05fs/kernel_read_file: Split into separate include fileScott Branden4-0/+4
2020-10-05fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enumKees Cook3-6/+4
2020-09-25integrity: Asymmetric digsig supports SM2-with-SM3 algorithmTianjia Zhang1-3/+11
2020-09-16ima: Fix NULL pointer dereference in ima_file_hashKP Singh1-0/+10
2020-09-16integrity: Load certs from the EFI MOK config tableLenny Szubowicz1-0/+22
2020-09-16integrity: Move import of MokListRT certs to a separate routineLenny Szubowicz1-19/+44
2020-09-15evm: Check size of security.evm before using itRoberto Sassu1-0/+6
2020-09-15ima: Remove semicolon at the end of ima_get_binary_runtime_size()Roberto Sassu1-1/+1
2020-09-15ima: Don't ignore errors from crypto_shash_update()Roberto Sassu1-0/+2
2020-09-15ima: Use kmemdup rather than kmalloc+memcpyAlex Dewar1-5/+4
2020-09-09integrity: include keyring name for unknown key requestBruno Meneguele1-2/+8
2020-09-09ima: limit secure boot feedback scope for appraiseBruno Meneguele1-9/+16
2020-09-08integrity: invalid kernel parameters feedbackBruno Meneguele4-4/+16
2020-09-08ima: add check for enforced appraise optionBruno Meneguele1-0/+2
2020-08-31integrity: Use current_uid() in integrity_audit_message()Denis Efremov1-1/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 09:53:24 +0000