I just sunsribed toi list , and this is my first message.
it says
your messge looks spammy
???
-------- Beginning of forwarded message --------
24.04.2025, 11:28, Lev Olshvang (levon...@yandex.com):
To: linux-integr...@vger.kernel.org (linux-integr...@vger.kernel.org);
Subject: evmctl hmac fails in setxattr in version 1.6.2;
Hi List,
I work on a ARM64 ubuntu 22 system, with
ima-evm-utils 1.1-0ubuntu2
I succeded in implementing IMA and now I want to add EMV hmac functionality
I booted kernel command line ima=on ima_appraise=log
Then I made _evm keyring and added kmk and emv keys:
EVM_KR=`keyctl newring _evm @u`
keyctl add user kmk "$(dd if=/dev/urandom bs=1 count=32 2> /dev/null)" @u
keyctl add encrypted evm-key "new user:kmk 64" $EVM_KR
keyctl shows
711205770 ----s-rv 0 0 \_ keyring: _ima
1066122475 --als--v 0 0 | \_ asymmetric: mra: adm_signing key: 9375cf2445606beba28208741540ad1897d59051
315058417 --alswrv 0 0 \_ keyring: _evm
685369470 --alswrv 0 0 | \_ encrypted: evm-key
35009219 --alswrv 0 0 \_ user: kmk
But evmctl hmac command returns error:
evmctl hmac /etc/init.d/netconsole
setxattr failed: /etc/init.d/netconsole
errno: Operation not permitted (1)
I cloned ima-evmctl and compiled version 1.6.2 for x86_64, same ubuntu ,
I got same result
sudo /usr/local/bin/evmctl -d hmac --hmackey /etc/keys/plain.txt ../IMA_EVM/DEMO
hash(sha256): 0404a6cffb233ebd759555c7070d9985961bbd1d3007e7c8d9cba5e9c5c28496c51f
Reading to /etc/keys/plain.txt
generation: 3093355876
no xattr: security.selinux
no xattr: security.SMACK64
no xattr: security.apparmor
name: security.ima, size: 34
no xattr: security.capability
uuid: 069df3798ff14641a6e0f1db2b852380
hmac: 9df5db81cf089c22c4c128070c36827d7983284f
Setting EVM hmac xattr failed: ../IMA_EVM/DEMO (errno: Operation not permitted)
It must be something trivial, please help
Thanks,
Lev
-------- End of forwarded message --------
_______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-le...@cs.huji.ac.il
