On Sun, 2007-03-25 at 00:16 -0800, Andrew Morton wrote: > On Fri, 23 Mar 2007 12:09:36 -0400 Mimi Zohar <[EMAIL PROTECTED]> wrote: > > > +++ linux-2.6.21-rc4-mm1/security/evm/Kconfig > > @@ -0,0 +1,17 @@ > > +config INTEGRITY_EVM > > + boolean "EVM support" > > + depends on INTEGRITY && KEYS > > + select CRYPTO_HMAC > > + select CRYPTO_MD5 > > + select CRYPTO_SHA1 > > + default 0 > > + help > > + The Extended Verification Module is an integrity provider. > > + An extensible set of extended attributes, as defined in > > + /etc/evm.conf, are HMAC protected against modification > > + using the TPM's KERNEL ROOT KEY, if configured, or with a > > + pass-phrase. Possible extended attributes include authenticity, > > + integrity, and revision level. > > + > > + If you are unsure how to answer this question, answer N. > > + > > Is no dependency upon TPM needed?
It's obviously preferable to have and use a TPM, but if one is not available you can use a pass-phrase. Mimi Zoharar - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
