[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070325121321.GA8550@ucw.cz>
Date: Sun, 25 Mar 2007 12:13:22 +0000
From: Pavel Machek <pavel@....cz>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org, safford@...son.ibm.com,
serue@...ux.vnet.ibm.com, kjhall@...ux.vnet.ibm.com,
zohar@...ibm.com
Subject: Re: [Patch 3/7] integrity: EVM as an integrity service provider
Hi!
> > +++ linux-2.6.21-rc4-mm1/security/evm/Kconfig
> > @@ -0,0 +1,17 @@
> > +config INTEGRITY_EVM
> > + boolean "EVM support"
> > + depends on INTEGRITY && KEYS
> > + select CRYPTO_HMAC
> > + select CRYPTO_MD5
> > + select CRYPTO_SHA1
> > + default 0
> > + help
> > + The Extended Verification Module is an integrity provider.
> > + An extensible set of extended attributes, as defined in
> > + /etc/evm.conf, are HMAC protected against modification
> > + using the TPM's KERNEL ROOT KEY, if configured, or with a
> > + pass-phrase. Possible extended attributes include authenticity,
> > + integrity, and revision level.
What is identity provider good for? Can you explain it a bit more, or
perhaps point to Doc*/ somewhere?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists