hulk inclusion category: feature feature: IMA Digest Lists extension bugzilla: 46797
---------------------------
This reverts commit 9b772f4948fa513c501ae37c7afc89aa8613314c. backport patch from LTS 5.10.50 instead.
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- Documentation/ABI/testing/evm | 5 ++--- security/integrity/evm/evm_secfs.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index eb6d70fd6fa2..3c477ba48a31 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -49,9 +49,8 @@ Description: modification of EVM-protected metadata and disable all further modification of policy
- Note that once an HMAC key has been loaded, it will no longer - be possible to enable metadata modification and, if it is - already enabled, it will be disabled. + Note that once a key has been loaded, it will no longer be + possible to enable metadata modification.
Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index 92fe26ace797..cfc3075769bb 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, * keys are loaded. */ if ((i & EVM_ALLOW_METADATA_WRITES) && - ((evm_initialized & EVM_INIT_HMAC) != 0) && + ((evm_initialized & EVM_KEY_MASK) != 0) && !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) return -EPERM;