~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/evm/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/integrity/evm/Kconfig (Architecture sparc64) and /security/integrity/evm/Kconfig (Architecture alpha)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 config EVM                                          2 config EVM
  3         bool "EVM support"                          3         bool "EVM support"
  4         select KEYS                                 4         select KEYS
  5         select ENCRYPTED_KEYS                       5         select ENCRYPTED_KEYS
  6         select CRYPTO_HMAC                          6         select CRYPTO_HMAC
  7         select CRYPTO_SHA1                          7         select CRYPTO_SHA1
  8         select CRYPTO_HASH_INFO                     8         select CRYPTO_HASH_INFO
  9         select SECURITY_PATH                        9         select SECURITY_PATH
 10         default n                                  10         default n
 11         help                                       11         help
 12           EVM protects a file's security exten     12           EVM protects a file's security extended attributes against
 13           integrity attacks.                       13           integrity attacks.
 14                                                    14 
 15           If you are unsure how to answer this     15           If you are unsure how to answer this question, answer N.
 16                                                    16 
 17 config EVM_ATTR_FSUUID                             17 config EVM_ATTR_FSUUID
 18         bool "FSUUID (version 2)"                  18         bool "FSUUID (version 2)"
 19         default y                                  19         default y
 20         depends on EVM                             20         depends on EVM
 21         help                                       21         help
 22           Include filesystem UUID for HMAC cal     22           Include filesystem UUID for HMAC calculation.
 23                                                    23 
 24           Default value is 'selected', which i     24           Default value is 'selected', which is former version 2.
 25           if 'not selected', it is former vers     25           if 'not selected', it is former version 1
 26                                                    26 
 27           WARNING: changing the HMAC calculati     27           WARNING: changing the HMAC calculation method or adding
 28           additional info to the calculation,      28           additional info to the calculation, requires existing EVM
 29           labeled file systems to be relabeled     29           labeled file systems to be relabeled.
 30                                                    30 
 31 config EVM_EXTRA_SMACK_XATTRS                      31 config EVM_EXTRA_SMACK_XATTRS
 32         bool "Additional SMACK xattrs"             32         bool "Additional SMACK xattrs"
 33         depends on EVM && SECURITY_SMACK           33         depends on EVM && SECURITY_SMACK
 34         default n                                  34         default n
 35         help                                       35         help
 36           Include additional SMACK xattrs for      36           Include additional SMACK xattrs for HMAC calculation.
 37                                                    37 
 38           In addition to the original security     38           In addition to the original security xattrs (eg. security.selinux,
 39           security.SMACK64, security.capabilit     39           security.SMACK64, security.capability, and security.ima) included
 40           in the HMAC calculation, enabling th     40           in the HMAC calculation, enabling this option includes newly defined
 41           Smack xattrs: security.SMACK64EXEC,      41           Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
 42           security.SMACK64MMAP.                    42           security.SMACK64MMAP.
 43                                                    43 
 44           WARNING: changing the HMAC calculati     44           WARNING: changing the HMAC calculation method or adding
 45           additional info to the calculation,      45           additional info to the calculation, requires existing EVM
 46           labeled file systems to be relabeled     46           labeled file systems to be relabeled.
 47                                                    47 
 48 config EVM_ADD_XATTRS                              48 config EVM_ADD_XATTRS
 49         bool "Add additional EVM extended attr     49         bool "Add additional EVM extended attributes at runtime"
 50         depends on EVM                             50         depends on EVM
 51         default n                                  51         default n
 52         help                                       52         help
 53           Allow userland to provide additional     53           Allow userland to provide additional xattrs for HMAC calculation.
 54                                                    54 
 55           When this option is enabled, root ca     55           When this option is enabled, root can add additional xattrs to the
 56           list used by EVM by writing them int     56           list used by EVM by writing them into
 57           /sys/kernel/security/integrity/evm/e     57           /sys/kernel/security/integrity/evm/evm_xattrs.
 58                                                    58 
 59 config EVM_LOAD_X509                               59 config EVM_LOAD_X509
 60         bool "Load an X509 certificate onto th     60         bool "Load an X509 certificate onto the '.evm' trusted keyring"
 61         depends on EVM && INTEGRITY_TRUSTED_KE     61         depends on EVM && INTEGRITY_TRUSTED_KEYRING
 62         default n                                  62         default n
 63         help                                       63         help
 64            Load an X509 certificate onto the '     64            Load an X509 certificate onto the '.evm' trusted keyring.
 65                                                    65 
 66            This option enables X509 certificat     66            This option enables X509 certificate loading from the kernel
 67            onto the '.evm' trusted keyring.  A     67            onto the '.evm' trusted keyring.  A public key can be used to
 68            verify EVM integrity starting from      68            verify EVM integrity starting from the 'init' process. The
 69            key must have digitalSignature usag     69            key must have digitalSignature usage set.
 70                                                    70 
 71 config EVM_X509_PATH                               71 config EVM_X509_PATH
 72         string "EVM X509 certificate path"         72         string "EVM X509 certificate path"
 73         depends on EVM_LOAD_X509                   73         depends on EVM_LOAD_X509
 74         default "/etc/keys/x509_evm.der"           74         default "/etc/keys/x509_evm.der"
 75         help                                       75         help
 76            This option defines X509 certificat     76            This option defines X509 certificate path.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php