~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/evm/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/integrity/evm/Kconfig (Version linux-6.12-rc7) and /security/integrity/evm/Kconfig (Version linux-4.12.14)


  1 # SPDX-License-Identifier: GPL-2.0-only        << 
  2 config EVM                                          1 config EVM
  3         bool "EVM support"                          2         bool "EVM support"
  4         select KEYS                                 3         select KEYS
  5         select ENCRYPTED_KEYS                       4         select ENCRYPTED_KEYS
  6         select CRYPTO_HMAC                          5         select CRYPTO_HMAC
  7         select CRYPTO_SHA1                          6         select CRYPTO_SHA1
  8         select CRYPTO_HASH_INFO                << 
  9         select SECURITY_PATH                   << 
 10         default n                                   7         default n
 11         help                                        8         help
 12           EVM protects a file's security exten      9           EVM protects a file's security extended attributes against
 13           integrity attacks.                       10           integrity attacks.
 14                                                    11 
 15           If you are unsure how to answer this     12           If you are unsure how to answer this question, answer N.
 16                                                    13 
 17 config EVM_ATTR_FSUUID                             14 config EVM_ATTR_FSUUID
 18         bool "FSUUID (version 2)"                  15         bool "FSUUID (version 2)"
 19         default y                                  16         default y
 20         depends on EVM                             17         depends on EVM
 21         help                                       18         help
 22           Include filesystem UUID for HMAC cal     19           Include filesystem UUID for HMAC calculation.
 23                                                    20 
 24           Default value is 'selected', which i     21           Default value is 'selected', which is former version 2.
 25           if 'not selected', it is former vers     22           if 'not selected', it is former version 1
 26                                                    23 
 27           WARNING: changing the HMAC calculati     24           WARNING: changing the HMAC calculation method or adding
 28           additional info to the calculation,      25           additional info to the calculation, requires existing EVM
 29           labeled file systems to be relabeled     26           labeled file systems to be relabeled.
 30                                                    27 
 31 config EVM_EXTRA_SMACK_XATTRS                      28 config EVM_EXTRA_SMACK_XATTRS
 32         bool "Additional SMACK xattrs"             29         bool "Additional SMACK xattrs"
 33         depends on EVM && SECURITY_SMACK           30         depends on EVM && SECURITY_SMACK
 34         default n                                  31         default n
 35         help                                       32         help
 36           Include additional SMACK xattrs for      33           Include additional SMACK xattrs for HMAC calculation.
 37                                                    34 
 38           In addition to the original security     35           In addition to the original security xattrs (eg. security.selinux,
 39           security.SMACK64, security.capabilit     36           security.SMACK64, security.capability, and security.ima) included
 40           in the HMAC calculation, enabling th     37           in the HMAC calculation, enabling this option includes newly defined
 41           Smack xattrs: security.SMACK64EXEC,      38           Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
 42           security.SMACK64MMAP.                    39           security.SMACK64MMAP.
 43                                                    40 
 44           WARNING: changing the HMAC calculati     41           WARNING: changing the HMAC calculation method or adding
 45           additional info to the calculation,      42           additional info to the calculation, requires existing EVM
 46           labeled file systems to be relabeled     43           labeled file systems to be relabeled.
 47                                                    44 
 48 config EVM_ADD_XATTRS                          << 
 49         bool "Add additional EVM extended attr << 
 50         depends on EVM                         << 
 51         default n                              << 
 52         help                                   << 
 53           Allow userland to provide additional << 
 54                                                << 
 55           When this option is enabled, root ca << 
 56           list used by EVM by writing them int << 
 57           /sys/kernel/security/integrity/evm/e << 
 58                                                << 
 59 config EVM_LOAD_X509                               45 config EVM_LOAD_X509
 60         bool "Load an X509 certificate onto th     46         bool "Load an X509 certificate onto the '.evm' trusted keyring"
 61         depends on EVM && INTEGRITY_TRUSTED_KE     47         depends on EVM && INTEGRITY_TRUSTED_KEYRING
 62         default n                                  48         default n
 63         help                                       49         help
 64            Load an X509 certificate onto the '     50            Load an X509 certificate onto the '.evm' trusted keyring.
 65                                                    51 
 66            This option enables X509 certificat     52            This option enables X509 certificate loading from the kernel
 67            onto the '.evm' trusted keyring.  A     53            onto the '.evm' trusted keyring.  A public key can be used to
 68            verify EVM integrity starting from  !!  54            verify EVM integrity starting from the 'init' process.
 69            key must have digitalSignature usag << 
 70                                                    55 
 71 config EVM_X509_PATH                               56 config EVM_X509_PATH
 72         string "EVM X509 certificate path"         57         string "EVM X509 certificate path"
 73         depends on EVM_LOAD_X509                   58         depends on EVM_LOAD_X509
 74         default "/etc/keys/x509_evm.der"           59         default "/etc/keys/x509_evm.der"
 75         help                                       60         help
 76            This option defines X509 certificat     61            This option defines X509 certificate path.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php