diff options
author | Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com> | 2021-07-20 15:04:13 +0000 |
---|---|---|
committer | Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com> | 2021-07-20 15:04:13 +0000 |
commit | e9646ca70100b35fd85b597c3af7534c075e0e3a (patch) | |
tree | 626c744c696fe142faa6599e1f99d3c433581cc1 /Documentation/ABI | |
parent | d27b76752782fcf058f548e4ecb7d9f31eefe612 (diff) | |
parent | 7c76bd6c36ed84c0e613ba0f3a1408a515b9f12d (diff) |
Merge tag 'v5.4.132' into 5.4-2.3.x-imx
This is the 5.4.132 stable release
Conflicts (manual resolve):
- drivers/gpu/drm/rockchip/cdn-dp-core.c:
Fix merge hiccup when integrating upstream commit 450c25b8a4c9c
("drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on
error in cdn_dp_grf_write()")
- drivers/perf/fsl_imx8_ddr_perf.c:
Port upstream commit 3fea9b708ae37 ("drivers/perf: fix the missed
ida_simple_remove() in ddr_perf_probe()") manually to NXP version.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Diffstat (limited to 'Documentation/ABI')
-rw-r--r-- | Documentation/ABI/testing/evm | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index 201d10319fa1..1df1177df68a 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -42,8 +42,30 @@ Description: modification of EVM-protected metadata and disable all further modification of policy - Note that once a key has been loaded, it will no longer be - possible to enable metadata modification. + Echoing a value is additive, the new value is added to the + existing initialization flags. + + For example, after:: + + echo 2 ><securityfs>/evm + + another echo can be performed:: + + echo 1 ><securityfs>/evm + + and the resulting value will be 3. + + Note that once an HMAC key has been loaded, it will no longer + be possible to enable metadata modification. Signaling that an + HMAC key has been loaded will clear the corresponding flag. + For example, if the current value is 6 (2 and 4 set):: + + echo 1 ><securityfs>/evm + + will set the new value to 3 (4 cleared). + + Loading an HMAC key is the only way to disable metadata + modification. Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns |