Merge branch 'next' of git://selinuxproject.org/~jmorris/linux-security

What:		security/evm

Date:		March 2011

Contact:	Mimi Zohar <zohar@us.ibm.com>

Description:

		EVM protects a file's security extended attributes(xattrs)

		against integrity attacks. The initial method maintains an

		HMAC-sha1 value across the extended attributes, storing the

		value as the extended attribute 'security.evm'.

		EVM depends on the Kernel Key Retention System to provide it

		with a trusted/encrypted key for the HMAC-sha1 operation.

		The key is loaded onto the root's keyring using keyctl.  Until

		EVM receives notification that the key has been successfully

		loaded onto the keyring (echo 1 > <securityfs>/evm), EVM

		can not create or validate the 'security.evm' xattr, but

		returns INTEGRITY_UNKNOWN.  Loading the key and signaling EVM

		should be done as early as possible.  Normally this is done

		in the initramfs, which has already been measured as part

		of the trusted boot.  For more information on creating and

		loading existing trusted/encrypted keys, refer to:

		Documentation/keys-trusted-encrypted.txt.  (A sample dracut

		patch, which loads the trusted/encrypted key and enables

		EVM, is available from http://linux-ima.sourceforge.net/#EVM.)

	EDD	BIOS Enhanced Disk Drive Services (EDD) is enabled

	EFI	EFI Partitioning (GPT) is enabled

	EIDE	EIDE/ATAPI support is enabled.

	EVM	Extended Verification Module

	FB	The frame buffer device is enabled.

	FTRACE	Function tracing enabled.

	GCOV	GCOV profiling is enabled.

			This option is obsoleted by the "netdev=" option, which

			has equivalent usage. See its documentation for details.

	evm=		[EVM]

			Format: { "fix" }

			Permit 'security.evm' to be updated regardless of

			current integrity status.

	failslab=

	fail_page_alloc=

	fail_make_request=[KNL]

F:	Documentation/filesystems/ext4.txt

F:	fs/ext4/

Extended Verification Module (EVM)

M:	Mimi Zohar <zohar@us.ibm.com>

S:	Supported

F:	security/integrity/evm/

F71805F HARDWARE MONITORING DRIVER

M:	Jean Delvare <khali@linux-fr.org>

L:	lm-sensors@lm-sensors.org

L:	tomoyo-dev@lists.sourceforge.jp (subscribers-only, for developers in Japanese)

L:	tomoyo-users@lists.sourceforge.jp (subscribers-only, for users in Japanese)

W:	http://tomoyo.sourceforge.jp/

T:	quilt http://svn.sourceforge.jp/svnroot/tomoyo/trunk/2.4.x/tomoyo-lsm/patches/

T:	quilt http://svn.sourceforge.jp/svnroot/tomoyo/trunk/2.5.x/tomoyo-lsm/patches/

S:	Maintained

F:	security/tomoyo/

{

	struct tpm_chip *chip = dev_get_drvdata(dev);

	if (chip->vendor.duration[TPM_LONG] == 0)

		return 0;

	return sprintf(buf, "%d %d %d [%s]\n",

		       jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]),

		       jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]),

	unsigned char *buf)

{

	unsigned char *ptr;

	int ret;

	/*

	 * Set PROTOCOL IDENTIFIER to 6h for SAS

	 */

	ptr = &se_nacl->initiatorname[4]; /* Skip over 'naa. prefix */

	hex2bin(&buf[4], ptr, 8);

	ret = hex2bin(&buf[4], ptr, 8);

	if (ret < 0)

		pr_debug("sas transport_id: invalid hex string\n");

	/*

	 * The SAS Transport ID is a hardcoded 24-byte length

	unsigned char *buf)

{

	unsigned char *ptr;

	int i;

	int i, ret;

	u32 off = 8;

	/*

	 * PROTOCOL IDENTIFIER is 0h for FCP-2

	 *

			i++;

			continue;

		}

		hex2bin(&buf[off++], &ptr[i], 1);

		ret = hex2bin(&buf[off++], &ptr[i], 1);

		if (ret < 0)

			pr_debug("fc transport_id: invalid hex string\n");

		i += 2;

	}

	/*