Commit | Line | Data |
---|---|---|
66dbc325 MZ |
1 | config EVM |
2 | boolean "EVM support" | |
a3aef94b DK |
3 | select KEYS |
4 | select ENCRYPTED_KEYS | |
66dbc325 | 5 | select CRYPTO_HMAC |
66dbc325 MZ |
6 | select CRYPTO_SHA1 |
7 | default n | |
8 | help | |
9 | EVM protects a file's security extended attributes against | |
10 | integrity attacks. | |
11 | ||
12 | If you are unsure how to answer this question, answer N. | |
74de6684 | 13 | |
d3b33679 DK |
14 | config EVM_ATTR_FSUUID |
15 | bool "FSUUID (version 2)" | |
16 | default y | |
74de6684 | 17 | depends on EVM |
74de6684 | 18 | help |
d3b33679 DK |
19 | Include filesystem UUID for HMAC calculation. |
20 | ||
21 | Default value is 'selected', which is former version 2. | |
22 | if 'not selected', it is former version 1 | |
74de6684 | 23 | |
d3b33679 | 24 | WARNING: changing the HMAC calculation method or adding |
74de6684 | 25 | additional info to the calculation, requires existing EVM |
d3b33679 DK |
26 | labeled file systems to be relabeled. |
27 | ||
3e38df56 DK |
28 | config EVM_EXTRA_SMACK_XATTRS |
29 | bool "Additional SMACK xattrs" | |
30 | depends on EVM && SECURITY_SMACK | |
31 | default n | |
32 | help | |
33 | Include additional SMACK xattrs for HMAC calculation. | |
34 | ||
35 | In addition to the original security xattrs (eg. security.selinux, | |
36 | security.SMACK64, security.capability, and security.ima) included | |
37 | in the HMAC calculation, enabling this option includes newly defined | |
38 | Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and | |
39 | security.SMACK64MMAP. | |
40 | ||
41 | WARNING: changing the HMAC calculation method or adding | |
42 | additional info to the calculation, requires existing EVM | |
43 | labeled file systems to be relabeled. | |
44 |