| 1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- config EVM
- bool "EVM support"
- select KEYS
- select ENCRYPTED_KEYS
- select CRYPTO_HMAC
- select CRYPTO_SHA1
- default n
- help
- EVM protects a file's security extended attributes against
- integrity attacks.
- If you are unsure how to answer this question, answer N.
- config EVM_ATTR_FSUUID
- bool "FSUUID (version 2)"
- default y
- depends on EVM
- help
- Include filesystem UUID for HMAC calculation.
- Default value is 'selected', which is former version 2.
- if 'not selected', it is former version 1
- WARNING: changing the HMAC calculation method or adding
- additional info to the calculation, requires existing EVM
- labeled file systems to be relabeled.
- config EVM_EXTRA_SMACK_XATTRS
- bool "Additional SMACK xattrs"
- depends on EVM && SECURITY_SMACK
- default n
- help
- Include additional SMACK xattrs for HMAC calculation.
- In addition to the original security xattrs (eg. security.selinux,
- security.SMACK64, security.capability, and security.ima) included
- in the HMAC calculation, enabling this option includes newly defined
- Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
- security.SMACK64MMAP.
- WARNING: changing the HMAC calculation method or adding
- additional info to the calculation, requires existing EVM
- labeled file systems to be relabeled.
|
