summaryrefslogtreecommitdiff
path: root/security/integrity/evm/Kconfig
blob: 5aa910348e010307238dad13de40415d74e6ff07 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
config EVM
	boolean "EVM support"
	depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
	select CRYPTO_HMAC
	select CRYPTO_SHA1
	select ENCRYPTED_KEYS
	default n
	help
	  EVM protects a file's security extended attributes against
	  integrity attacks.

	  If you are unsure how to answer this question, answer N.

config EVM_HMAC_VERSION
	int "EVM HMAC version"
	depends on EVM
	default 2
	help
	  This options adds EVM HMAC version support.
	  1 - original version
	  2 - add per filesystem unique identifier (UUID) (default)

	  WARNING: changing the HMAC calculation method or adding 
	  additional info to the calculation, requires existing EVM
	  labeled file systems to be relabeled.