Kconfig - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
Kconfig (2291B)
      1# SPDX-License-Identifier: GPL-2.0-only
      2config EVM
      3	bool "EVM support"
      4	select KEYS
      5	select ENCRYPTED_KEYS
      6	select CRYPTO_HMAC
      7	select CRYPTO_SHA1
      8	select CRYPTO_HASH_INFO
      9	default n
     10	help
     11	  EVM protects a file's security extended attributes against
     12	  integrity attacks.
     13
     14	  If you are unsure how to answer this question, answer N.
     15
     16config EVM_ATTR_FSUUID
     17	bool "FSUUID (version 2)"
     18	default y
     19	depends on EVM
     20	help
     21	  Include filesystem UUID for HMAC calculation.
     22
     23	  Default value is 'selected', which is former version 2.
     24	  if 'not selected', it is former version 1
     25
     26	  WARNING: changing the HMAC calculation method or adding
     27	  additional info to the calculation, requires existing EVM
     28	  labeled file systems to be relabeled.
     29
     30config EVM_EXTRA_SMACK_XATTRS
     31	bool "Additional SMACK xattrs"
     32	depends on EVM && SECURITY_SMACK
     33	default n
     34	help
     35	  Include additional SMACK xattrs for HMAC calculation.
     36
     37	  In addition to the original security xattrs (eg. security.selinux,
     38	  security.SMACK64, security.capability, and security.ima) included
     39	  in the HMAC calculation, enabling this option includes newly defined
     40	  Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
     41	  security.SMACK64MMAP.
     42
     43	  WARNING: changing the HMAC calculation method or adding
     44	  additional info to the calculation, requires existing EVM
     45	  labeled file systems to be relabeled.
     46
     47config EVM_ADD_XATTRS
     48	bool "Add additional EVM extended attributes at runtime"
     49	depends on EVM
     50	default n
     51	help
     52	  Allow userland to provide additional xattrs for HMAC calculation.
     53
     54	  When this option is enabled, root can add additional xattrs to the
     55	  list used by EVM by writing them into
     56	  /sys/kernel/security/integrity/evm/evm_xattrs.
     57
     58config EVM_LOAD_X509
     59	bool "Load an X509 certificate onto the '.evm' trusted keyring"
     60	depends on EVM && INTEGRITY_TRUSTED_KEYRING
     61	default n
     62	help
     63	   Load an X509 certificate onto the '.evm' trusted keyring.
     64
     65	   This option enables X509 certificate loading from the kernel
     66	   onto the '.evm' trusted keyring.  A public key can be used to
     67	   verify EVM integrity starting from the 'init' process.
     68
     69config EVM_X509_PATH
     70	string "EVM X509 certificate path"
     71	depends on EVM_LOAD_X509
     72	default "/etc/keys/x509_evm.der"
     73	help
     74	   This option defines X509 certificate path.