Re: [PATCH] evm: Enforce signatures version 3 with new EVM policy 'bit 3'

Next message: Andrew Morton: "Re: [LSF/MM/BPF TOPIC] Towards Unified and Extensible Memory Reclaim (reclaim_ext)"
Previous message: Nathan Chancellor: "Re: [PATCH] lib: typecheck: initialize const variable to avoid Clang warning"
In reply to: Stefan Berger: "[PATCH] evm: Enforce signatures version 3 with new EVM policy 'bit 3'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mimi Zohar

Date: Wed Mar 25 2026 - 22:08:11 EST

On Wed, 2026-03-25 at 17:33 -0400, Stefan Berger wrote:
> Enable the configuration of EVM so that it requires that asymmetric
> signatures it accepts are of version 3 (sigv3). To enable this, introduce
> bit 3 (value 0x0008) that the user may write to EVM's securityfs policy
> configuration file 'evm' for sigv3 enforcement.
>
> Mention bit 3 in the documentation.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Thanks, Stefan. This patch is now queued in next-integrity-testing with the
other sigv3 patches.

Mimi