[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1256069558-4222-1-git-send-email-zohar@linux.vnet.ibm.com>
Date: Tue, 20 Oct 2009 16:12:38 -0400
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: linux-kernel@...r.kernel.org
Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Jean-Christophe Dubois <jcd@...budubois.net>,
James Morris <jmorris@...ei.org>,
David Safford <safford@...son.ibm.com>,
Mimi Zohar <zohar@...ibm.com>
Subject: [PATCH] ima: remove ACPI dependency
Remove ACPI dependency on systems without a TPM enabled.
Reported-by: Jean-Christophe Dubois <jcd@...budubois.net>
Signed-off-by: Mimi Zohar <zohar@...ibm.com>
---
security/integrity/ima/Kconfig | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 53d9764..3ca39e7 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,14 +2,12 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on ACPI
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
select CRYPTO_SHA1
- select TCG_TPM
- select TCG_TIS
+ select ACPI if TCG_TPM
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
@@ -18,12 +16,12 @@ config IMA
to change the contents of an important system file
being measured, we can tell.
- If your system has a TPM chip, then IMA also maintains
- an aggregate integrity value over this list inside the
- TPM hardware, so that the TPM can prove to a third party
- whether or not critical system files have been modified.
- Read <http://www.usenix.org/events/sec04/tech/sailer.html>
- to learn more about IMA.
+ If your system has a TPM chip, and it is enabled, then
+ IMA also maintains an aggregate integrity value over
+ this list inside the TPM hardware, so that the TPM can
+ prove to a third party whether or not critical system
+ files have been modified. To learn more about IMA, read
+ <http://www.usenix.org/events/sec04/tech/sailer.html>
If unsure, say N.
config IMA_MEASURE_PCR_IDX
--
1.6.0.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists