Hi List,
I work on a ARM64 ubuntu 22 system, with installed
ima-evm-utils 1.1-0ubuntu2
I succedeed in implementing IMA and now I want to add EMV hmac
functionality.
I booted kernel command line "ima=on ima_appraise=log"
Then I made _evm keyring and added kmk and emv keys:
EVM_KR=`keyctl newring _evm @u`
keyctl add user kmk "$(dd if=/dev/urandom bs=1 count=32 2> /dev/null)" @u
keyctl add encrypted evm-key "new user:kmk 64" $EVM_KR
keyctl shows
711205770 ----s-rv 0 0 \_ keyring: _ima
1066122475 --als--v 0 0 | \_ asymmetric: mra:
adm_signing key: 9375cf2445606beba28208741540ad1897d59051
315058417 --alswrv 0 0 \_ keyring: _evm
685369470 --alswrv 0 0 | \_ encrypted: evm-key
35009219 --alswrv 0 0 \_ user: kmk
But evmctl hmac command returns error:
evmctl hmac /etc/init.d/netconsole
setxattr failed: /etc/init.d/netconsole
errno: Operation not permitted (1)
I cloned ima-evmctl and compiled version 1.6.2 for x86_64, same ubuntu ,
I got same result
sudo /usr/local/bin/evmctl -d hmac --hmackey /etc/keys/plain.txt
../IMA_EVM/DEMO
hash(sha256):
0404a6cffb233ebd759555c7070d9985961bbd1d3007e7c8d9cba5e9c5c28496c51f
Reading to /etc/keys/plain.txt
generation: 3093355876
no xattr: security.selinux
no xattr: security.SMACK64
no xattr: security.apparmor
name: security.ima, size: 34
no xattr: security.capability
uuid: 069df3798ff14641a6e0f1db2b852380
hmac: 9df5db81cf089c22c4c128070c36827d7983284f
Setting EVM hmac xattr failed: ../IMA_EVM/DEMO (errno: Operation not
permitted)
It must be something trivial, please help
BR,
Lev
