Re: [PATCH 6/8] evm: enable key retention service automatically
From: Mimi Zohar
Date: Mon Mar 03 2014 - 21:02:31 EST
On Fri, 2014-02-28 at 16:59 +0200, Dmitry Kasatkin wrote:
> If keys are not enabled, EVM is not visible in the configuration menu.
> It may be difficult to figure out what to do unless you really know.
>
> Other subsystems as NFS, CIFS select keys automatically.
> This patch does the same.
>
> Signed-off-by: Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx>
> ---
> security/integrity/evm/Kconfig | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
> index 5aa9103..d35b491 100644
> --- a/security/integrity/evm/Kconfig
> +++ b/security/integrity/evm/Kconfig
> @@ -1,9 +1,10 @@
> config EVM
> boolean "EVM support"
> - depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
Including KEYS is fine, but the trusted-keys dependency is still
required. If trusted-keys is enabled, then the TPM and trusted-keys
must be builtin.
Mimi
> + depends on SECURITY
> + select KEYS
> + select ENCRYPTED_KEYS
> select CRYPTO_HMAC
> select CRYPTO_SHA1
> - select ENCRYPTED_KEYS
> default n
> help
> EVM protects a file's security extended attributes against
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/