)]}'
{
  "log": [
    {
      "commit": "f1be242c95257b199d8b679bc952ca33487c9af6",
      "tree": "fa3a1057bbd9caedca959c1fa3811413bf101d7d",
      "parents": [
        "2e5f094b9dbf9463ab93f86351cd1a8dc88942cc"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Tue Jan 17 17:12:07 2012 +0200"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Jan 18 10:46:27 2012 +1100"
      },
      "message": "integrity: digital signature config option name change\n\nSimilar to SIGNATURE, rename INTEGRITY_DIGSIG to INTEGRITY_SIGNATURE.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "5e8898e97a5db4125d944070922164d1d09a2689",
      "tree": "a5319fcc60499e63fecc7a08d923a1de8f9c7622",
      "parents": [
        "6ac6172a935d1faf7ef259802267657bc0007a62"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Tue Jan 17 17:12:03 2012 +0200"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Jan 18 10:46:21 2012 +1100"
      },
      "message": "lib: digital signature config option name change\n\nIt was reported that DIGSIG is confusing name for digital signature\nmodule. It was suggested to rename DIGSIG to SIGNATURE.\n\nRequested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSuggested-by: Pavel Machek \u003cpavel@ucw.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "de353533753e048b5c4658f0a42365937527ac45",
      "tree": "376ea9cb73de3691d4f907ad98f13f838742395e",
      "parents": [
        "4e2c5b28f8086cd2f678ade0ea21d8c3cc058c53"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Mon Nov 21 17:31:15 2011 +0200"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Tue Nov 22 10:02:32 2011 +1100"
      },
      "message": "digsig: build dependency fix\n\nFix build errors by adding Kconfig dependency on KEYS.\nCRYPTO dependency removed.\n\n  CC      security/integrity/digsig.o\nsecurity/integrity/digsig.c: In function ?integrity_digsig_verify?:\nsecurity/integrity/digsig.c:38:4: error: implicit declaration of function ?request_key?\nsecurity/integrity/digsig.c:38:17: error: ?key_type_keyring? undeclared (first use in this function)\nsecurity/integrity/digsig.c:38:17: note: each undeclared identifier is reported only once for each function it appears in\nmake[2]: *** [security/integrity/digsig.o] Error 1\n\nReported-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "8607c501478432b23654739c7321bc7456053cb6",
      "tree": "598ef1649a261954cb1cafc05189ddedb3bd3ff8",
      "parents": [
        "051dbb918c7fb7da8e64a2cd0d804ba73399709f"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Wed Oct 05 11:54:46 2011 +0300"
      },
      "committer": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Wed Nov 09 16:51:09 2011 +0200"
      },
      "message": "integrity: digital signature verification using multiple keyrings\n\nDefine separate keyrings for each of the different use cases - evm, ima,\nand modules. Using different keyrings improves search performance, and also\nallows \"locking\" specific keyring to prevent adding new keys.\nThis is useful for evm and module keyrings, when keys are usually only\nadded from initramfs.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\n"
    },
    {
      "commit": "66dbc325afcef909043c30e90930a36823fc734c",
      "tree": "5c8a7fe063a058f4266c6db5e48229e8c04dd00e",
      "parents": [
        "1601fbad2b14e0b8d4dbb55e749bfe31e972818a"
      ],
      "author": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Tue Mar 15 16:12:09 2011 -0400"
      },
      "committer": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Mon Jul 18 12:29:40 2011 -0400"
      },
      "message": "evm: re-release\n\nEVM protects a file\u0027s security extended attributes(xattrs) against integrity\nattacks.  This patchset provides the framework and an initial method.  The\ninitial method maintains an HMAC-sha1 value across the security extended\nattributes, storing the HMAC value as the extended attribute \u0027security.evm\u0027.\nOther methods of validating the integrity of a file\u0027s metadata will be posted\nseparately (eg. EVM-digital-signatures).\n\nWhile this patchset does authenticate the security xattrs, and\ncryptographically binds them to the inode, coming extensions will bind other\ndirectory and inode metadata for more complete protection.  To help simplify\nthe review and upstreaming process, each extension will be posted separately\n(eg. IMA-appraisal, IMA-appraisal-directory).  For a general overview of the\nproposed Linux integrity subsystem, refer to Dave Safford\u0027s whitepaper:\nhttp://downloads.sf.net/project/linux-ima/linux-ima/Integrity_overview.pdf.\n\nEVM depends on the Kernel Key Retention System to provide it with a\ntrusted/encrypted key for the HMAC-sha1 operation. The key is loaded onto the\nroot\u0027s keyring using keyctl.  Until EVM receives notification that the key has\nbeen successfully loaded onto the keyring (echo 1 \u003e \u003csecurityfs\u003e/evm), EVM can\nnot create or validate the \u0027security.evm\u0027 xattr, but returns INTEGRITY_UNKNOWN.\nLoading the key and signaling EVM should be done as early as possible. Normally\nthis is done in the initramfs, which has already been measured as part of the\ntrusted boot.  For more information on creating and loading existing\ntrusted/encrypted keys, refer to Documentation/keys-trusted-encrypted.txt.  A\nsample dracut patch, which loads the trusted/encrypted key and enables EVM, is\navailable from http://linux-ima.sourceforge.net/#EVM.\n\nBased on the LSMs enabled, the set of EVM protected security xattrs is defined\nat compile.  EVM adds the following three calls to the existing security hooks:\nevm_inode_setxattr(), evm_inode_post_setxattr(), and evm_inode_removexattr.  To\ninitialize and update the \u0027security.evm\u0027 extended attribute, EVM defines three\ncalls: evm_inode_post_init(), evm_inode_post_setattr() and\nevm_inode_post_removexattr() hooks.  To verify the integrity of a security\nxattr, EVM exports evm_verifyxattr().\n\nChangelog v7:\n- Fixed URL in EVM ABI documentation\n\nChangelog v6: (based on Serge Hallyn\u0027s review)\n- fix URL in patch description\n- remove evm_hmac_size definition\n- use SHA1_DIGEST_SIZE (removed both MAX_DIGEST_SIZE and evm_hmac_size)\n- moved linux include before other includes\n- test for crypto_hash_setkey failure\n- fail earlier for invalid key\n- clear entire encrypted key, even on failure\n- check xattr name length before comparing xattr names\n\nChangelog:\n- locking based on i_mutex, remove evm_mutex\n- using trusted/encrypted keys for storing the EVM key used in the HMAC-sha1\n  operation.\n- replaced crypto hash with shash (Dmitry Kasatkin)\n- support for additional methods of verifying the security xattrs\n  (Dmitry Kasatkin)\n- iint not allocated for all regular files, but only for those appraised\n- Use cap_sys_admin in lieu of cap_mac_admin\n- Use __vfs_setxattr_noperm(), without permission checks, from EVM\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\n"
    },
    {
      "commit": "f381c272224f5f158f5cff64f8f3481fa0eee8b3",
      "tree": "a003dc4c6635c9d2fa90f31577ba5e7ea7bc71b1",
      "parents": [
        "9d8f13ba3f4833219e50767b022b82cd0da930eb"
      ],
      "author": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Wed Mar 09 14:13:22 2011 -0500"
      },
      "committer": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Mon Jul 18 12:29:38 2011 -0400"
      },
      "message": "integrity: move ima inode integrity data management\n\nMove the inode integrity data(iint) management up to the integrity directory\nin order to share the iint among the different integrity models.\n\nChangelog:\n- don\u0027t define MAX_DIGEST_SIZE\n- rename several globally visible \u0027ima_\u0027 prefixed functions, structs,\n  locks, etc to \u0027integrity_\u0027\n- replace \u002720\u0027 with SHA1_DIGEST_SIZE\n- reflect location change in appropriate Kconfig and Makefiles\n- remove unnecessary initialization of iint_initialized to 0\n- rebased on current ima_iint.c\n- define integrity_iint_store/lock as static\n\nThere should be no other functional changes.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@ubuntu.com\u003e\n"
    }
  ]
}