From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
James Morris <jmorris@namei.org>,
LKML <linux-kernel@vger.kernel.org>,
Randy Dunlap <rdunlap@xenotime.net>,
Arnaud Lacombe <lacombar@gmail.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
David Safford <safford@watson.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: [PATCH v1 2/2] evm: remove TCG_TPM dependency
Date: Mon, 29 Aug 2011 10:48:33 -0400 [thread overview]
Message-ID: <1314629313-11980-2-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1314629313-11980-1-git-send-email-zohar@linux.vnet.ibm.com>
All tristates selected by EVM(boolean) are forced to be builtin, except
in the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the
Kconfig bug as, "So it would seem direct dependency state influence the
state of reverse dependencies.." For a detailed explanation, refer to
Arnaud Lacombe's posting http://lkml.org/lkml/2011/8/23/498.
With the "encrypted-keys: remove trusted-keys dependency" patch, EVM
can now be built without a dependency on TCG_TPM. The trusted-keys
dependency requires trusted-keys to either be builtin or not selected.
This dependency will prevent the boolean/tristate mismatch from
occuring.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>,
Randy Dunlap <rdunlap@xenotimenet>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
security/integrity/evm/Kconfig | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index 884617d..afbb59d 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,11 +1,10 @@
config EVM
boolean "EVM support"
- depends on SECURITY && KEYS && TCG_TPM
+ depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
select CRYPTO_HMAC
select CRYPTO_MD5
select CRYPTO_SHA1
select ENCRYPTED_KEYS
- select TRUSTED_KEYS
default n
help
EVM protects a file's security extended attributes against
--
1.7.3.4
next prev parent reply other threads:[~2011-08-29 14:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-29 14:48 [PATCH v1 1/2] encrypted-keys: remove trusted-keys dependency Mimi Zohar
2011-08-29 14:48 ` Mimi Zohar [this message]
2011-08-29 14:56 ` Sasha Levin
2011-08-29 15:46 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1314629313-11980-2-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=jmorris@namei.org \
--cc=lacombar@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=safford@watson.ibm.com \
--cc=sfr@canb.auug.org.au \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.