From: Zheng Zengkai <zhengzengkai@huawei.com> hulk inclusion category: feature feature: IMA Digest Lists extension bugzilla: 46797 --------------------------- This reverts commit 9b772f4948fa513c501ae37c7afc89aa8613314c. backport patch from LTS 5.10.50 instead. Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: Zhou Shuiqing<zhoushuiqing2@huawei.com> --- Documentation/ABI/testing/evm | 4 ++-- security/integrity/evm/evm_secfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index 44750a933db4..2828e720d91e 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -69,8 +69,8 @@ Description: and the resulting value will be 3. - Note that once an HMAC key has been loaded, it will no longer - be possible to enable metadata modification. Signaling that an + Note that once a key has been loaded, it will no longer be + possible to enable metadata modification. Signaling that an HMAC key has been loaded will clear the corresponding flag. For example, if the current value is 6 (2 and 4 set):: diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index 9b907c2fee60..5a762ac6411d 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -86,7 +86,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, * an HMAC key is loaded. */ if ((i & EVM_ALLOW_METADATA_WRITES) && - (evm_initialized & EVM_INIT_HMAC) != 0) + ((evm_initialized & EVM_KEY_MASK) != 0)) return -EPERM; if (i & EVM_INIT_HMAC) { -- 2.33.0