~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/evm/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/integrity/evm/Kconfig (Version linux-6.12-rc7) and /security/integrity/evm/Kconfig (Version linux-4.20.17)

  1 # SPDX-License-Identifier: GPL-2.0-only        << 
  2 config EVM                                          1 config EVM
  3         bool "EVM support"                          2         bool "EVM support"
  4         select KEYS                                 3         select KEYS
  5         select ENCRYPTED_KEYS                       4         select ENCRYPTED_KEYS
  6         select CRYPTO_HMAC                          5         select CRYPTO_HMAC
  7         select CRYPTO_SHA1                          6         select CRYPTO_SHA1
  8         select CRYPTO_HASH_INFO                     7         select CRYPTO_HASH_INFO
  9         select SECURITY_PATH                   << 
 10         default n                                   8         default n
 11         help                                        9         help
 12           EVM protects a file's security exten     10           EVM protects a file's security extended attributes against
 13           integrity attacks.                       11           integrity attacks.
 14                                                    12 
 15           If you are unsure how to answer this     13           If you are unsure how to answer this question, answer N.
 16                                                    14 
 17 config EVM_ATTR_FSUUID                             15 config EVM_ATTR_FSUUID
 18         bool "FSUUID (version 2)"                  16         bool "FSUUID (version 2)"
 19         default y                                  17         default y
 20         depends on EVM                             18         depends on EVM
 21         help                                       19         help
 22           Include filesystem UUID for HMAC cal     20           Include filesystem UUID for HMAC calculation.
 23                                                    21 
 24           Default value is 'selected', which i     22           Default value is 'selected', which is former version 2.
 25           if 'not selected', it is former vers     23           if 'not selected', it is former version 1
 26                                                    24 
 27           WARNING: changing the HMAC calculati     25           WARNING: changing the HMAC calculation method or adding
 28           additional info to the calculation,      26           additional info to the calculation, requires existing EVM
 29           labeled file systems to be relabeled     27           labeled file systems to be relabeled.
 30                                                    28 
 31 config EVM_EXTRA_SMACK_XATTRS                      29 config EVM_EXTRA_SMACK_XATTRS
 32         bool "Additional SMACK xattrs"             30         bool "Additional SMACK xattrs"
 33         depends on EVM && SECURITY_SMACK           31         depends on EVM && SECURITY_SMACK
 34         default n                                  32         default n
 35         help                                       33         help
 36           Include additional SMACK xattrs for      34           Include additional SMACK xattrs for HMAC calculation.
 37                                                    35 
 38           In addition to the original security     36           In addition to the original security xattrs (eg. security.selinux,
 39           security.SMACK64, security.capabilit     37           security.SMACK64, security.capability, and security.ima) included
 40           in the HMAC calculation, enabling th     38           in the HMAC calculation, enabling this option includes newly defined
 41           Smack xattrs: security.SMACK64EXEC,      39           Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
 42           security.SMACK64MMAP.                    40           security.SMACK64MMAP.
 43                                                    41 
 44           WARNING: changing the HMAC calculati     42           WARNING: changing the HMAC calculation method or adding
 45           additional info to the calculation,      43           additional info to the calculation, requires existing EVM
 46           labeled file systems to be relabeled     44           labeled file systems to be relabeled.
 47                                                    45 
 48 config EVM_ADD_XATTRS                              46 config EVM_ADD_XATTRS
 49         bool "Add additional EVM extended attr     47         bool "Add additional EVM extended attributes at runtime"
 50         depends on EVM                             48         depends on EVM
 51         default n                                  49         default n
 52         help                                       50         help
 53           Allow userland to provide additional     51           Allow userland to provide additional xattrs for HMAC calculation.
 54                                                    52 
 55           When this option is enabled, root ca     53           When this option is enabled, root can add additional xattrs to the
 56           list used by EVM by writing them int     54           list used by EVM by writing them into
 57           /sys/kernel/security/integrity/evm/e     55           /sys/kernel/security/integrity/evm/evm_xattrs.
 58                                                    56 
 59 config EVM_LOAD_X509                               57 config EVM_LOAD_X509
 60         bool "Load an X509 certificate onto th     58         bool "Load an X509 certificate onto the '.evm' trusted keyring"
 61         depends on EVM && INTEGRITY_TRUSTED_KE     59         depends on EVM && INTEGRITY_TRUSTED_KEYRING
 62         default n                                  60         default n
 63         help                                       61         help
 64            Load an X509 certificate onto the '     62            Load an X509 certificate onto the '.evm' trusted keyring.
 65                                                    63 
 66            This option enables X509 certificat     64            This option enables X509 certificate loading from the kernel
 67            onto the '.evm' trusted keyring.  A     65            onto the '.evm' trusted keyring.  A public key can be used to
 68            verify EVM integrity starting from  !!  66            verify EVM integrity starting from the 'init' process.
 69            key must have digitalSignature usag << 
 70                                                    67 
 71 config EVM_X509_PATH                               68 config EVM_X509_PATH
 72         string "EVM X509 certificate path"         69         string "EVM X509 certificate path"
 73         depends on EVM_LOAD_X509                   70         depends on EVM_LOAD_X509
 74         default "/etc/keys/x509_evm.der"           71         default "/etc/keys/x509_evm.der"
 75         help                                       72         help
 76            This option defines X509 certificat     73            This option defines X509 certificate path.
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php