On Wed, 2020-11-11 at 10:22 +0100, Roberto Sassu wrote: > evm_inode_init_security() requires an HMAC key to calculate the HMAC on > initial xattrs provided by LSMs. However, it checks generically whether a > key has been loaded, including also public keys, which is not correct as > public keys are not suitable to calculate the HMAC. > > Originally, support for signature verification was introduced to verify a > possibly immutable initial ram disk, when no new files are created, and to > switch to HMAC for the root filesystem. By that time, an HMAC key should > have been loaded and usable to calculate HMACs for new files. > > More recently support for requiring an HMAC key was removed from the > kernel, so that signature verification can be used alone. Since this is a > legitimate use case, evm_inode_init_security() should not return an error > when no HMAC key has been loaded. > > This patch fixes this problem by replacing the evm_key_loaded() check with > a check of the EVM_INIT_HMAC flag in evm_initialized. > > Cc: stable@xxxxxxxxxxxxxxx # 4.5.x > Fixes: 26ddabfe96b ("evm: enable EVM when X509 certificate is loaded") > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > --- > security/integrity/evm/evm_main.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index 76d19146d74b..001e001eae01 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -530,7 +530,8 @@ int evm_inode_init_security(struct inode *inode, > struct evm_xattr *xattr_data; > int rc; > > - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) > + if (!(evm_initialized & EVM_INIT_HMAC) || > + !evm_protected_xattr(lsm_xattr->name)) > return 0; > > xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); Let's update the function description to make it explicit. Something like: "evm_inode_init_security - initializes security.evm HMAC value" Mimi