MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-25 07:30:12 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/master
linux-imx/security/integrity/evm/Kconfig
Thomas Gleixner ec8f24b7fa treewide: Add SPDX license identifier - Makefile/Kconfig 
Add SPDX license identifiers to all Make/Kconfig files which:

 - Have no license information of any form

These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:

  GPL-2.0-only

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-21 10:50:46 +02:00

2.2 KiB
Raw Permalink Blame History

SPDX-License-Identifier: GPL-2.0-only

config EVM bool "EVM support" select KEYS select ENCRYPTED_KEYS select CRYPTO_HMAC select CRYPTO_SHA1 select CRYPTO_HASH_INFO default n help EVM protects a file's security extended attributes against integrity attacks.

  If you are unsure how to answer this question, answer N.

config EVM_ATTR_FSUUID bool "FSUUID (version 2)" default y depends on EVM help Include filesystem UUID for HMAC calculation.

  Default value is 'selected', which is former version 2.
  if 'not selected', it is former version 1

  WARNING: changing the HMAC calculation method or adding
  additional info to the calculation, requires existing EVM
  labeled file systems to be relabeled.

config EVM_EXTRA_SMACK_XATTRS bool "Additional SMACK xattrs" depends on EVM && SECURITY_SMACK default n help Include additional SMACK xattrs for HMAC calculation.

  In addition to the original security xattrs (eg. security.selinux,
  security.SMACK64, security.capability, and security.ima) included
  in the HMAC calculation, enabling this option includes newly defined
  Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
  security.SMACK64MMAP.

  WARNING: changing the HMAC calculation method or adding
  additional info to the calculation, requires existing EVM
  labeled file systems to be relabeled.

config EVM_ADD_XATTRS bool "Add additional EVM extended attributes at runtime" depends on EVM default n help Allow userland to provide additional xattrs for HMAC calculation.

  When this option is enabled, root can add additional xattrs to the
  list used by EVM by writing them into
  /sys/kernel/security/integrity/evm/evm_xattrs.

config EVM_LOAD_X509 bool "Load an X509 certificate onto the '.evm' trusted keyring" depends on EVM && INTEGRITY_TRUSTED_KEYRING default n help Load an X509 certificate onto the '.evm' trusted keyring.

   This option enables X509 certificate loading from the kernel
   onto the '.evm' trusted keyring.  A public key can be used to
   verify EVM integrity starting from the 'init' process.

config EVM_X509_PATH string "EVM X509 certificate path" depends on EVM_LOAD_X509 default "/etc/keys/x509_evm.der" help This option defines X509 certificate path.