Re: [Patch 3/7] integrity: EVM as an integrity service provider
From: Mimi Zohar
Date: Sun Mar 25 2007 - 23:14:50 EST
On Sun, 2007-03-25 at 00:16 -0800, Andrew Morton wrote:
> On Fri, 23 Mar 2007 12:09:36 -0400 Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > +++ linux-2.6.21-rc4-mm1/security/evm/Kconfig
> > @@ -0,0 +1,17 @@
> > +config INTEGRITY_EVM
> > + boolean "EVM support"
> > + depends on INTEGRITY && KEYS
> > + select CRYPTO_HMAC
> > + select CRYPTO_MD5
> > + select CRYPTO_SHA1
> > + default 0
> > + help
> > + The Extended Verification Module is an integrity provider.
> > + An extensible set of extended attributes, as defined in
> > + /etc/evm.conf, are HMAC protected against modification
> > + using the TPM's KERNEL ROOT KEY, if configured, or with a
> > + pass-phrase. Possible extended attributes include authenticity,
> > + integrity, and revision level.
> > +
> > + If you are unsure how to answer this question, answer N.
> > +
>
> Is no dependency upon TPM needed?
It's obviously preferable to have and use a TPM, but if one is not
available you can use a pass-phrase.
Mimi Zoharar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/