1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */ 266dbc325SMimi Zohar /* 366dbc325SMimi Zohar * Copyright (C) 2005-2010 IBM Corporation 466dbc325SMimi Zohar * 566dbc325SMimi Zohar * Authors: 666dbc325SMimi Zohar * Mimi Zohar <zohar@us.ibm.com> 766dbc325SMimi Zohar * Kylene Hall <kjhall@us.ibm.com> 866dbc325SMimi Zohar * 966dbc325SMimi Zohar * File: evm.h 1066dbc325SMimi Zohar */ 1115647eb3SDmitry Kasatkin 1215647eb3SDmitry Kasatkin #ifndef __INTEGRITY_EVM_H 1315647eb3SDmitry Kasatkin #define __INTEGRITY_EVM_H 1415647eb3SDmitry Kasatkin 15cb723180SMimi Zohar #include <linux/xattr.h> 1666dbc325SMimi Zohar #include <linux/security.h> 1715647eb3SDmitry Kasatkin 1866dbc325SMimi Zohar #include "../integrity.h" 1966dbc325SMimi Zohar 2026ddabfeSDmitry Kasatkin #define EVM_INIT_HMAC 0x0001 2126ddabfeSDmitry Kasatkin #define EVM_INIT_X509 0x0002 22ae1ba167SMatthew Garrett #define EVM_ALLOW_METADATA_WRITES 0x0004 23ae1ba167SMatthew Garrett #define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ 24f00d7975SMatthew Garrett 25ae1ba167SMatthew Garrett #define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) 26ae1ba167SMatthew Garrett #define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ 27ae1ba167SMatthew Garrett EVM_ALLOW_METADATA_WRITES) 2826ddabfeSDmitry Kasatkin 2921af7663SMatthew Garrett struct xattr_list { 3021af7663SMatthew Garrett struct list_head list; 3121af7663SMatthew Garrett char *name; 328c7a703eSRoberto Sassu bool enabled; 3321af7663SMatthew Garrett }; 3421af7663SMatthew Garrett 3566dbc325SMimi Zohar extern int evm_initialized; 36d3b33679SDmitry Kasatkin 37d3b33679SDmitry Kasatkin #define EVM_ATTR_FSUUID 0x0001 38d3b33679SDmitry Kasatkin 39d3b33679SDmitry Kasatkin extern int evm_hmac_attrs; 4066dbc325SMimi Zohar 4166dbc325SMimi Zohar /* List of EVM protected security xattrs */ 4221af7663SMatthew Garrett extern struct list_head evm_config_xattrnames; 4366dbc325SMimi Zohar 445feeb611SMatthew Garrett struct evm_digest { 455feeb611SMatthew Garrett struct ima_digest_data hdr; 465feeb611SMatthew Garrett char digest[IMA_MAX_DIGEST_SIZE]; 475feeb611SMatthew Garrett } __packed; 485feeb611SMatthew Garrett 49*c31288e5SRoberto Sassu int evm_protected_xattr(const char *req_xattr_name); 50*c31288e5SRoberto Sassu 512bb930abSDmitry Kasatkin int evm_init_key(void); 522bb930abSDmitry Kasatkin int evm_update_evmxattr(struct dentry *dentry, 5366dbc325SMimi Zohar const char *req_xattr_name, 5466dbc325SMimi Zohar const char *req_xattr_value, 5566dbc325SMimi Zohar size_t req_xattr_value_len); 562bb930abSDmitry Kasatkin int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, 5766dbc325SMimi Zohar const char *req_xattr_value, 585feeb611SMatthew Garrett size_t req_xattr_value_len, struct evm_digest *data); 592bb930abSDmitry Kasatkin int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, 6015647eb3SDmitry Kasatkin const char *req_xattr_value, 615feeb611SMatthew Garrett size_t req_xattr_value_len, char type, 625feeb611SMatthew Garrett struct evm_digest *data); 63*c31288e5SRoberto Sassu int evm_init_hmac(struct inode *inode, const struct xattr *xattrs, 64cb723180SMimi Zohar char *hmac_val); 652bb930abSDmitry Kasatkin int evm_init_secfs(void); 6615647eb3SDmitry Kasatkin 6715647eb3SDmitry Kasatkin #endif 68