| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Mar 2007 12:13:22 +0000 From: Pavel Machek <pavel@....cz> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, safford@...son.ibm.com, serue@...ux.vnet.ibm.com, kjhall@...ux.vnet.ibm.com, zohar@...ibm.com Subject: Re: [Patch 3/7] integrity: EVM as an integrity service provider Hi! > > +++ linux-2.6.21-rc4-mm1/security/evm/Kconfig > > @@ -0,0 +1,17 @@ > > +config INTEGRITY_EVM > > + boolean "EVM support" > > + depends on INTEGRITY && KEYS > > + select CRYPTO_HMAC > > + select CRYPTO_MD5 > > + select CRYPTO_SHA1 > > + default 0 > > + help > > + The Extended Verification Module is an integrity provider. > > + An extensible set of extended attributes, as defined in > > + /etc/evm.conf, are HMAC protected against modification > > + using the TPM's KERNEL ROOT KEY, if configured, or with a > > + pass-phrase. Possible extended attributes include authenticity, > > + integrity, and revision level. What is identity provider good for? Can you explain it a bit more, or perhaps point to Doc*/ somewhere? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists