~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/evm/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/integrity/evm/Kconfig (Version linux-6.12-rc7) and /security/integrity/evm/Kconfig (Version linux-5.2.21)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 config EVM                                          2 config EVM
  3         bool "EVM support"                          3         bool "EVM support"
  4         select KEYS                                 4         select KEYS
  5         select ENCRYPTED_KEYS                       5         select ENCRYPTED_KEYS
  6         select CRYPTO_HMAC                          6         select CRYPTO_HMAC
  7         select CRYPTO_SHA1                          7         select CRYPTO_SHA1
  8         select CRYPTO_HASH_INFO                     8         select CRYPTO_HASH_INFO
  9         select SECURITY_PATH                   << 
 10         default n                                   9         default n
 11         help                                       10         help
 12           EVM protects a file's security exten     11           EVM protects a file's security extended attributes against
 13           integrity attacks.                       12           integrity attacks.
 14                                                    13 
 15           If you are unsure how to answer this     14           If you are unsure how to answer this question, answer N.
 16                                                    15 
 17 config EVM_ATTR_FSUUID                             16 config EVM_ATTR_FSUUID
 18         bool "FSUUID (version 2)"                  17         bool "FSUUID (version 2)"
 19         default y                                  18         default y
 20         depends on EVM                             19         depends on EVM
 21         help                                       20         help
 22           Include filesystem UUID for HMAC cal     21           Include filesystem UUID for HMAC calculation.
 23                                                    22 
 24           Default value is 'selected', which i     23           Default value is 'selected', which is former version 2.
 25           if 'not selected', it is former vers     24           if 'not selected', it is former version 1
 26                                                    25 
 27           WARNING: changing the HMAC calculati     26           WARNING: changing the HMAC calculation method or adding
 28           additional info to the calculation,      27           additional info to the calculation, requires existing EVM
 29           labeled file systems to be relabeled     28           labeled file systems to be relabeled.
 30                                                    29 
 31 config EVM_EXTRA_SMACK_XATTRS                      30 config EVM_EXTRA_SMACK_XATTRS
 32         bool "Additional SMACK xattrs"             31         bool "Additional SMACK xattrs"
 33         depends on EVM && SECURITY_SMACK           32         depends on EVM && SECURITY_SMACK
 34         default n                                  33         default n
 35         help                                       34         help
 36           Include additional SMACK xattrs for      35           Include additional SMACK xattrs for HMAC calculation.
 37                                                    36 
 38           In addition to the original security     37           In addition to the original security xattrs (eg. security.selinux,
 39           security.SMACK64, security.capabilit     38           security.SMACK64, security.capability, and security.ima) included
 40           in the HMAC calculation, enabling th     39           in the HMAC calculation, enabling this option includes newly defined
 41           Smack xattrs: security.SMACK64EXEC,      40           Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
 42           security.SMACK64MMAP.                    41           security.SMACK64MMAP.
 43                                                    42 
 44           WARNING: changing the HMAC calculati     43           WARNING: changing the HMAC calculation method or adding
 45           additional info to the calculation,      44           additional info to the calculation, requires existing EVM
 46           labeled file systems to be relabeled     45           labeled file systems to be relabeled.
 47                                                    46 
 48 config EVM_ADD_XATTRS                              47 config EVM_ADD_XATTRS
 49         bool "Add additional EVM extended attr     48         bool "Add additional EVM extended attributes at runtime"
 50         depends on EVM                             49         depends on EVM
 51         default n                                  50         default n
 52         help                                       51         help
 53           Allow userland to provide additional     52           Allow userland to provide additional xattrs for HMAC calculation.
 54                                                    53 
 55           When this option is enabled, root ca     54           When this option is enabled, root can add additional xattrs to the
 56           list used by EVM by writing them int     55           list used by EVM by writing them into
 57           /sys/kernel/security/integrity/evm/e     56           /sys/kernel/security/integrity/evm/evm_xattrs.
 58                                                    57 
 59 config EVM_LOAD_X509                               58 config EVM_LOAD_X509
 60         bool "Load an X509 certificate onto th     59         bool "Load an X509 certificate onto the '.evm' trusted keyring"
 61         depends on EVM && INTEGRITY_TRUSTED_KE     60         depends on EVM && INTEGRITY_TRUSTED_KEYRING
 62         default n                                  61         default n
 63         help                                       62         help
 64            Load an X509 certificate onto the '     63            Load an X509 certificate onto the '.evm' trusted keyring.
 65                                                    64 
 66            This option enables X509 certificat     65            This option enables X509 certificate loading from the kernel
 67            onto the '.evm' trusted keyring.  A     66            onto the '.evm' trusted keyring.  A public key can be used to
 68            verify EVM integrity starting from  !!  67            verify EVM integrity starting from the 'init' process.
 69            key must have digitalSignature usag << 
 70                                                    68 
 71 config EVM_X509_PATH                               69 config EVM_X509_PATH
 72         string "EVM X509 certificate path"         70         string "EVM X509 certificate path"
 73         depends on EVM_LOAD_X509                   71         depends on EVM_LOAD_X509
 74         default "/etc/keys/x509_evm.der"           72         default "/etc/keys/x509_evm.der"
 75         help                                       73         help
 76            This option defines X509 certificat     74            This option defines X509 certificate path.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php