> From: linux-integrity-owner@xxxxxxxxxxxxxxx [mailto:linux-integrity- > owner@xxxxxxxxxxxxxxx] On Behalf Of Denis Efremov > Sent: Tuesday, July 28, 2020 12:32 PM > Hi, > > I've started to add integrity interfaces descriptions to syzkaller > (https://github.com/google/syzkaller/pull/1970). > > I've got a question, if you don't mind: > > If I write 2 to /sys/kernel/security/integrity/evm/evm before loading keys, > subsequent fs operations will fail with -ENOKEY. > > $ echo 2 > /sys/kernel/security/integrity/evm/evm > $ touch test.txt > [ 526.976855][ T5771] evm: HMAC key is not set > [ 526.977892][ T5771] evm: init_desc failed > touch: cannot touch 'test.txt': Required key not available > > Is this a desired behavior? Should there be a check in evm_write_key() > for loaded keys (encrypted evm-key, keys in _evm, _ima keyrings) before > changing the evm_initialized bit? Is it correct to set second bit without > first bit? Hi Denis can you please try this patch? https://lore.kernel.org/linux-integrity/20200618160133.937-1-roberto.sassu@xxxxxxxxxx/ Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli