xref: /openbmc/linux/security/integrity/evm/Kconfig (revision a3aef94b312ec51b5dfc199ef884924e60ad1b75) 
166dbc325SMimi Zoharconfig EVM
266dbc325SMimi Zohar	boolean "EVM support"
3*a3aef94bSDmitry Kasatkin	depends on SECURITY
4*a3aef94bSDmitry Kasatkin	select KEYS
5*a3aef94bSDmitry Kasatkin	select ENCRYPTED_KEYS
666dbc325SMimi Zohar	select CRYPTO_HMAC
766dbc325SMimi Zohar	select CRYPTO_SHA1
866dbc325SMimi Zohar	default n
966dbc325SMimi Zohar	help
1066dbc325SMimi Zohar	  EVM protects a file's security extended attributes against
1166dbc325SMimi Zohar	  integrity attacks.
1266dbc325SMimi Zohar
1366dbc325SMimi Zohar	  If you are unsure how to answer this question, answer N.
1474de6684SDmitry Kasatkin
1574de6684SDmitry Kasatkinconfig EVM_HMAC_VERSION
1674de6684SDmitry Kasatkin	int "EVM HMAC version"
1774de6684SDmitry Kasatkin	depends on EVM
1874de6684SDmitry Kasatkin	default 2
1974de6684SDmitry Kasatkin	help
2074de6684SDmitry Kasatkin	  This options adds EVM HMAC version support.
2174de6684SDmitry Kasatkin	  1 - original version
2274de6684SDmitry Kasatkin	  2 - add per filesystem unique identifier (UUID) (default)
2374de6684SDmitry Kasatkin
2474de6684SDmitry Kasatkin	  WARNING: changing the HMAC calculation method or adding
2574de6684SDmitry Kasatkin	  additional info to the calculation, requires existing EVM
2674de6684SDmitry Kasatkin	  labeled file systems to be relabeled.
27