Startsida Utforska Hjälp
Registrera dig Logga in
RD_Software
/
linux-arkmicro
2
0
Fork 1
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Gren: master
Grenar Taggar
linux-arkmicro
/
linux
/
security
/
integrity
/
evm
/
Kconfig

Kconfig 2.2 KB
Permalänk Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. config EVM
    2. 

  2. 	bool "EVM support"
    3. 

  3. 	select KEYS
    4. 

  4. 	select ENCRYPTED_KEYS
    5. 

  5. 	select CRYPTO_HMAC
    6. 

  6. 	select CRYPTO_SHA1
    7. 

  7. 	select CRYPTO_HASH_INFO
    8. 

  8. 	default n
    9. 

  9. 	help
    10. 

  10. 	  EVM protects a file's security extended attributes against
    11. 

  11. 	  integrity attacks.
    12. 

  12. 

  13. 	  If you are unsure how to answer this question, answer N.
    14. 

  14. 

  15. config EVM_ATTR_FSUUID
    16. 

  16. 	bool "FSUUID (version 2)"
    17. 

  17. 	default y
    18. 

  18. 	depends on EVM
    19. 

  19. 	help
    20. 

  20. 	  Include filesystem UUID for HMAC calculation.
    21. 

  21. 

  22. 	  Default value is 'selected', which is former version 2.
    23. 

  23. 	  if 'not selected', it is former version 1
    24. 

  24. 

  25. 	  WARNING: changing the HMAC calculation method or adding
    26. 

  26. 	  additional info to the calculation, requires existing EVM
    27. 

  27. 	  labeled file systems to be relabeled.
    28. 

  28. 

  29. config EVM_EXTRA_SMACK_XATTRS
    30. 

  30. 	bool "Additional SMACK xattrs"
    31. 

  31. 	depends on EVM && SECURITY_SMACK
    32. 

  32. 	default n
    33. 

  33. 	help
    34. 

  34. 	  Include additional SMACK xattrs for HMAC calculation.
    35. 

  35. 

  36. 	  In addition to the original security xattrs (eg. security.selinux,
    37. 

  37. 	  security.SMACK64, security.capability, and security.ima) included
    38. 

  38. 	  in the HMAC calculation, enabling this option includes newly defined
    39. 

  39. 	  Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
    40. 

  40. 	  security.SMACK64MMAP.
    41. 

  41. 

  42. 	  WARNING: changing the HMAC calculation method or adding
    43. 

  43. 	  additional info to the calculation, requires existing EVM
    44. 

  44. 	  labeled file systems to be relabeled.
    45. 

  45. 

  46. config EVM_ADD_XATTRS
    47. 

  47. 	bool "Add additional EVM extended attributes at runtime"
    48. 

  48. 	depends on EVM
    49. 

  49. 	default n
    50. 

  50. 	help
    51. 

  51. 	  Allow userland to provide additional xattrs for HMAC calculation.
    52. 

  52. 

  53. 	  When this option is enabled, root can add additional xattrs to the
    54. 

  54. 	  list used by EVM by writing them into
    55. 

  55. 	  /sys/kernel/security/integrity/evm/evm_xattrs.
    56. 

  56. 

  57. config EVM_LOAD_X509
    58. 

  58. 	bool "Load an X509 certificate onto the '.evm' trusted keyring"
    59. 

  59. 	depends on EVM && INTEGRITY_TRUSTED_KEYRING
    60. 

  60. 	default n
    61. 

  61. 	help
    62. 

  62. 	   Load an X509 certificate onto the '.evm' trusted keyring.
    63. 

  63. 

  64. 	   This option enables X509 certificate loading from the kernel
    65. 

  65. 	   onto the '.evm' trusted keyring.  A public key can be used to
    66. 

  66. 	   verify EVM integrity starting from the 'init' process.
    67. 

  67. 

  68. config EVM_X509_PATH
    69. 

  69. 	string "EVM X509 certificate path"
    70. 

  70. 	depends on EVM_LOAD_X509
    71. 

  71. 	default "/etc/keys/x509_evm.der"
    72. 

  72. 	help
    73. 

  73. 	   This option defines X509 certificate path.
    74.