-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEEjSMCCC7+cjo3nszSa3kkZrA+cVoFAmDY+ykUHHpvaGFyQGxp
bnV4LmlibS5jb20ACgkQa3kkZrA+cVoEpg/+LalOM88YDTFNSpAlzEr31pyDU30p
xB9xMyN7lgJcsuGeKWyt+gjEoTR53+JQeaGHgTo8uG4pCto7wBIAOttwkHV5O0Re
QUQC++nc6jqgn2tRi/V+UV0plgJMV0Xt4ucGS+gH8hujvih4vQ+X3RFJasAy1ZWS
1aWOev8wLkwfwU5YsOX+7OZE0qgH4QCh+i6SF402dpMUV1n/2hbFjcV1qOtvgDfS
7KHJYZfTV5yPfk0i5nSpwsfctthQJ5+ADdGBIwp03iH6amBZ3pvAwvbPGxE9TM4M
teVIOU0BwMj5LiVvlXApbpA0k8N3e0TU+Rqgyr7hQHOYBBOxye+eZlV5SjHhfeuf
n9jCuHGEIzeQNicR+R2PHqnAC/1HEeyb4V/2+vGfIXM593CzqoMD5ITL+PLi5bA3
5ONeLW1n2Tsi85xbUO9dH5wvgAd9HaHGRcxCOr3nT6qbwiCiKiEpkiArGNgTrsR3
22OGji9d6WR6maMpRdCIlFZCAoOmMjNMftV3CaAIHCkysHmV7hYh3/hNbk9Syg5+
7y6fFxiyTjhKA3WOAcnTXlOIuVGYmFknmla66Z80XzZ3dHUlElOt4sXJfKekRmZz
i/jECFcCuCOgfZTxzZ1FUIRJ+lumlq5J8mu0kWtbEyamjgXWl4Ustx6ae86tg6al
uhQULzRTISHQG3M=
=M7c5
-----END PGP SIGNATURE-----
Merge tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
"The large majority of the changes are EVM portable & immutable
signature related: removing a dependency on loading an HMAC key,
safely allowing file metadata included in the EVM portable & immutable
signatures to be modified, allowing EVM signatures to fulfill IMA file
signature policy requirements, including the EVM file metadata
signature in lieu of an IMA file data signature in the measurement
list, and adding dynamic debugging of EVM file metadata.
In addition, in order to detect critical data or file change
reversions, duplicate measurement records are permitted in the IMA
measurement list.
The remaining patches address compiler, sparse, and doc warnings"
* tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: (31 commits)
evm: Check xattr size discrepancy between kernel and user
evm: output EVM digest calculation info
IMA: support for duplicate measurement records
ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'
ima: differentiate between EVM failures in the audit log
ima: Fix fall-through warning for Clang
ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()
ima: Include header defining ima_post_key_create_or_update()
ima/evm: Fix type mismatch
ima: Set correct casting types
doc: Fix warning in Documentation/security/IMA-templates.rst
evm: Don't return an error in evm_write_xattrs() if audit is not enabled
ima: Define new template evm-sig
ima: Define new template fields xattrnames, xattrlengths and xattrvalues
evm: Verify portable signatures against all protected xattrs
ima: Define new template field imode
ima: Define new template fields iuid and igid
ima: Add ima_show_template_uint() template library function
ima: Don't remove security.ima if file must not be appraised
ima: Introduce template field evmsig and write to field sig as fallback
...
a60c538ed2