[PATCH] ima: remove ACPI dependency

From: Mimi Zohar
Date: Mon Oct 26 2009 - 09:26:55 EST

Next message: Jens Axboe: "Re: [PATCH/RFC 0/4] cfq: implement merging and breaking up ofcfq_queues"
Previous message: Mimi Zohar: "[PATCH] tpm add default function definitions"
In reply to: Mimi Zohar: "[PATCH] tpm add default function definitions"
Next in thread: Eric Paris: "Re: [PATCH] ima: remove ACPI dependency"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remove ACPI dependency on systems without a TPM enabled.

Reported-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
Acked-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
Cc: Stable Kernel <stable@xxxxxxxxxx>
---
security/integrity/ima/Kconfig | 17 +++++++----------
1 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 3d7846d..3ca39e7 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,15 +2,12 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on ACPI
- depends on SECURITY
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
select CRYPTO_SHA1
- select TCG_TPM
- select TCG_TIS
+ select ACPI if TCG_TPM
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
@@ -19,12 +16,12 @@ config IMA
to change the contents of an important system file
being measured, we can tell.

- If your system has a TPM chip, then IMA also maintains
- an aggregate integrity value over this list inside the
- TPM hardware, so that the TPM can prove to a third party
- whether or not critical system files have been modified.
- Read <http://www.usenix.org/events/sec04/tech/sailer.html>
- to learn more about IMA.
+ If your system has a TPM chip, and it is enabled, then
+ IMA also maintains an aggregate integrity value over
+ this list inside the TPM hardware, so that the TPM can
+ prove to a third party whether or not critical system
+ files have been modified. To learn more about IMA, read
+ <http://www.usenix.org/events/sec04/tech/sailer.html>
If unsure, say N.

config IMA_MEASURE_PCR_IDX
--
1.6.0.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: [PATCH/RFC 0/4] cfq: implement merging and breaking up ofcfq_queues"
Previous message: Mimi Zohar: "[PATCH] tpm add default function definitions"
In reply to: Mimi Zohar: "[PATCH] tpm add default function definitions"
Next in thread: Eric Paris: "Re: [PATCH] ima: remove ACPI dependency"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]