Re: [Patch 3/7] integrity: EVM as an integrity service provider

[Pavel Machek]

Hi!

> > +++ linux-2.6.21-rc4-mm1/security/evm/Kconfig
> > @@ -0,0 +1,17 @@
> > +config INTEGRITY_EVM
> > +	boolean "EVM support"
> > +	depends on INTEGRITY && KEYS
> > +	select CRYPTO_HMAC
> > +	select CRYPTO_MD5
> > +	select CRYPTO_SHA1
> > +	default 0
> > +	help
> > +	  The Extended Verification Module is an integrity provider.
> > +	  An extensible set of extended attributes, as defined in
> > +	  /etc/evm.conf, are HMAC protected against modification
> > +	  using the TPM's KERNEL ROOT KEY, if configured, or with a
> > +	  pass-phrase.  Possible extended attributes include authenticity,
> > +	  integrity, and revision level.

What is identity provider good for? Can you explain it a bit more, or
perhaps point to Doc*/ somewhere?
							Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/