diff options
author | Denys Drozdov <denys.drozdov@toradex.com> | 2021-11-08 14:49:52 +0200 |
---|---|---|
committer | Denys Drozdov <denys.drozdov@toradex.com> | 2021-11-08 14:49:52 +0200 |
commit | 4128a6606c71fd177b71e2037f9da101cf967e50 (patch) | |
tree | 0788ec5e6e39d47f8971c818d966df07cc8c6952 /Documentation/ABI | |
parent | f28f1c4529ddede4f033e4d55fad00c9df3afe10 (diff) | |
parent | e99f775ed2f46b225106f0a156116a0080d16740 (diff) |
Merge remote-tracking branch 'fscl/5.4-2.3.x-imx' into toradex_5.4-2.3.x-imx
Diffstat (limited to 'Documentation/ABI')
-rw-r--r-- | Documentation/ABI/testing/evm | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index 201d10319fa1..1df1177df68a 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -42,8 +42,30 @@ Description: modification of EVM-protected metadata and disable all further modification of policy - Note that once a key has been loaded, it will no longer be - possible to enable metadata modification. + Echoing a value is additive, the new value is added to the + existing initialization flags. + + For example, after:: + + echo 2 ><securityfs>/evm + + another echo can be performed:: + + echo 1 ><securityfs>/evm + + and the resulting value will be 3. + + Note that once an HMAC key has been loaded, it will no longer + be possible to enable metadata modification. Signaling that an + HMAC key has been loaded will clear the corresponding flag. + For example, if the current value is 6 (2 and 4 set):: + + echo 1 ><securityfs>/evm + + will set the new value to 3 (4 cleared). + + Loading an HMAC key is the only way to disable metadata + modification. Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns |