linux/security/integrity/evm/Kconfig
<<
>>
Prefs
   1config EVM
   2        boolean "EVM support"
   3        select KEYS
   4        select ENCRYPTED_KEYS
   5        select CRYPTO_HMAC
   6        select CRYPTO_SHA1
   7        default n
   8        help
   9          EVM protects a file's security extended attributes against
  10          integrity attacks.
  11
  12          If you are unsure how to answer this question, answer N.
  13
  14config EVM_ATTR_FSUUID
  15        bool "FSUUID (version 2)"
  16        default y
  17        depends on EVM
  18        help
  19          Include filesystem UUID for HMAC calculation.
  20
  21          Default value is 'selected', which is former version 2.
  22          if 'not selected', it is former version 1
  23
  24          WARNING: changing the HMAC calculation method or adding
  25          additional info to the calculation, requires existing EVM
  26          labeled file systems to be relabeled.
  27
  28config EVM_EXTRA_SMACK_XATTRS
  29        bool "Additional SMACK xattrs"
  30        depends on EVM && SECURITY_SMACK
  31        default n
  32        help
  33          Include additional SMACK xattrs for HMAC calculation.
  34
  35          In addition to the original security xattrs (eg. security.selinux,
  36          security.SMACK64, security.capability, and security.ima) included
  37          in the HMAC calculation, enabling this option includes newly defined
  38          Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
  39          security.SMACK64MMAP.
  40
  41          WARNING: changing the HMAC calculation method or adding
  42          additional info to the calculation, requires existing EVM
  43          labeled file systems to be relabeled.
  44
  45
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.