Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: S9210ZCU4AXK4
Branches Tags
android_kernel_...
/
security
/
integrity
/
evm
/
Kconfig

Kconfig 2.2 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. # SPDX-License-Identifier: GPL-2.0-only
    2. 

  2. config EVM
    3. 

  3. 	bool "EVM support"
    4. 

  4. 	select KEYS
    5. 

  5. 	select ENCRYPTED_KEYS
    6. 

  6. 	select CRYPTO_HMAC
    7. 

  7. 	select CRYPTO_SHA1
    8. 

  8. 	select CRYPTO_HASH_INFO
    9. 

  9. 	default n
    10. 

  10. 	help
    11. 

  11. 	  EVM protects a file's security extended attributes against
    12. 

  12. 	  integrity attacks.
    13. 

  13. 

  14. 	  If you are unsure how to answer this question, answer N.
    15. 

  15. 

  16. config EVM_ATTR_FSUUID
    17. 

  17. 	bool "FSUUID (version 2)"
    18. 

  18. 	default y
    19. 

  19. 	depends on EVM
    20. 

  20. 	help
    21. 

  21. 	  Include filesystem UUID for HMAC calculation.
    22. 

  22. 

  23. 	  Default value is 'selected', which is former version 2.
    24. 

  24. 	  if 'not selected', it is former version 1
    25. 

  25. 

  26. 	  WARNING: changing the HMAC calculation method or adding
    27. 

  27. 	  additional info to the calculation, requires existing EVM
    28. 

  28. 	  labeled file systems to be relabeled.
    29. 

  29. 

  30. config EVM_EXTRA_SMACK_XATTRS
    31. 

  31. 	bool "Additional SMACK xattrs"
    32. 

  32. 	depends on EVM && SECURITY_SMACK
    33. 

  33. 	default n
    34. 

  34. 	help
    35. 

  35. 	  Include additional SMACK xattrs for HMAC calculation.
    36. 

  36. 

  37. 	  In addition to the original security xattrs (eg. security.selinux,
    38. 

  38. 	  security.SMACK64, security.capability, and security.ima) included
    39. 

  39. 	  in the HMAC calculation, enabling this option includes newly defined
    40. 

  40. 	  Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
    41. 

  41. 	  security.SMACK64MMAP.
    42. 

  42. 

  43. 	  WARNING: changing the HMAC calculation method or adding
    44. 

  44. 	  additional info to the calculation, requires existing EVM
    45. 

  45. 	  labeled file systems to be relabeled.
    46. 

  46. 

  47. config EVM_ADD_XATTRS
    48. 

  48. 	bool "Add additional EVM extended attributes at runtime"
    49. 

  49. 	depends on EVM
    50. 

  50. 	default n
    51. 

  51. 	help
    52. 

  52. 	  Allow userland to provide additional xattrs for HMAC calculation.
    53. 

  53. 

  54. 	  When this option is enabled, root can add additional xattrs to the
    55. 

  55. 	  list used by EVM by writing them into
    56. 

  56. 	  /sys/kernel/security/integrity/evm/evm_xattrs.
    57. 

  57. 

  58. config EVM_LOAD_X509
    59. 

  59. 	bool "Load an X509 certificate onto the '.evm' trusted keyring"
    60. 

  60. 	depends on EVM && INTEGRITY_TRUSTED_KEYRING
    61. 

  61. 	default n
    62. 

  62. 	help
    63. 

  63. 	   Load an X509 certificate onto the '.evm' trusted keyring.
    64. 

  64. 

  65. 	   This option enables X509 certificate loading from the kernel
    66. 

  66. 	   onto the '.evm' trusted keyring.  A public key can be used to
    67. 

  67. 	   verify EVM integrity starting from the 'init' process.
    68. 

  68. 

  69. config EVM_X509_PATH
    70. 

  70. 	string "EVM X509 certificate path"
    71. 

  71. 	depends on EVM_LOAD_X509
    72. 

  72. 	default "/etc/keys/x509_evm.der"
    73. 

  73. 	help
    74. 

  74. 	   This option defines X509 certificate path.
    75.