1config EVM 2 bool "EVM support" 3 select KEYS 4 select ENCRYPTED_KEYS 5 select CRYPTO_HMAC 6 select CRYPTO_SHA1 7 default n 8 help 9 EVM protects a file's security extended attributes against 10 integrity attacks. 11 12 If you are unsure how to answer this question, answer N. 13 14config EVM_ATTR_FSUUID 15 bool "FSUUID (version 2)" 16 default y 17 depends on EVM 18 help 19 Include filesystem UUID for HMAC calculation. 20 21 Default value is 'selected', which is former version 2. 22 if 'not selected', it is former version 1 23 24 WARNING: changing the HMAC calculation method or adding 25 additional info to the calculation, requires existing EVM 26 labeled file systems to be relabeled. 27 28config EVM_EXTRA_SMACK_XATTRS 29 bool "Additional SMACK xattrs" 30 depends on EVM && SECURITY_SMACK 31 default n 32 help 33 Include additional SMACK xattrs for HMAC calculation. 34 35 In addition to the original security xattrs (eg. security.selinux, 36 security.SMACK64, security.capability, and security.ima) included 37 in the HMAC calculation, enabling this option includes newly defined 38 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and 39 security.SMACK64MMAP. 40 41 WARNING: changing the HMAC calculation method or adding 42 additional info to the calculation, requires existing EVM 43 labeled file systems to be relabeled. 44 45