166dbc325SMimi Zoharconfig EVM 2*6341e62bSChristoph Jaeger bool "EVM support" 3a3aef94bSDmitry Kasatkin select KEYS 4a3aef94bSDmitry Kasatkin select ENCRYPTED_KEYS 566dbc325SMimi Zohar select CRYPTO_HMAC 666dbc325SMimi Zohar select CRYPTO_SHA1 766dbc325SMimi Zohar default n 866dbc325SMimi Zohar help 966dbc325SMimi Zohar EVM protects a file's security extended attributes against 1066dbc325SMimi Zohar integrity attacks. 1166dbc325SMimi Zohar 1266dbc325SMimi Zohar If you are unsure how to answer this question, answer N. 1374de6684SDmitry Kasatkin 14d3b33679SDmitry Kasatkinconfig EVM_ATTR_FSUUID 15d3b33679SDmitry Kasatkin bool "FSUUID (version 2)" 16d3b33679SDmitry Kasatkin default y 1774de6684SDmitry Kasatkin depends on EVM 1874de6684SDmitry Kasatkin help 19d3b33679SDmitry Kasatkin Include filesystem UUID for HMAC calculation. 20d3b33679SDmitry Kasatkin 21d3b33679SDmitry Kasatkin Default value is 'selected', which is former version 2. 22d3b33679SDmitry Kasatkin if 'not selected', it is former version 1 2374de6684SDmitry Kasatkin 2474de6684SDmitry Kasatkin WARNING: changing the HMAC calculation method or adding 2574de6684SDmitry Kasatkin additional info to the calculation, requires existing EVM 2674de6684SDmitry Kasatkin labeled file systems to be relabeled. 27d3b33679SDmitry Kasatkin 283e38df56SDmitry Kasatkinconfig EVM_EXTRA_SMACK_XATTRS 293e38df56SDmitry Kasatkin bool "Additional SMACK xattrs" 303e38df56SDmitry Kasatkin depends on EVM && SECURITY_SMACK 313e38df56SDmitry Kasatkin default n 323e38df56SDmitry Kasatkin help 333e38df56SDmitry Kasatkin Include additional SMACK xattrs for HMAC calculation. 343e38df56SDmitry Kasatkin 353e38df56SDmitry Kasatkin In addition to the original security xattrs (eg. security.selinux, 363e38df56SDmitry Kasatkin security.SMACK64, security.capability, and security.ima) included 373e38df56SDmitry Kasatkin in the HMAC calculation, enabling this option includes newly defined 383e38df56SDmitry Kasatkin Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and 393e38df56SDmitry Kasatkin security.SMACK64MMAP. 403e38df56SDmitry Kasatkin 413e38df56SDmitry Kasatkin WARNING: changing the HMAC calculation method or adding 423e38df56SDmitry Kasatkin additional info to the calculation, requires existing EVM 433e38df56SDmitry Kasatkin labeled file systems to be relabeled. 443e38df56SDmitry Kasatkin 45