summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-02-28 14:18:09 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-03-07 12:15:49 -0500
commita3aef94b312ec51b5dfc199ef884924e60ad1b75 (patch)
treed8701214ae5cc34eb70adba841fcb3e62c875bf8 /security
parent1d91ac6213003f525ac34da5e39cbb6612d19deb (diff)
downloadlinux-a3aef94b312ec51b5dfc199ef884924e60ad1b75.tar.gz
linux-a3aef94b312ec51b5dfc199ef884924e60ad1b75.tar.bz2
linux-a3aef94b312ec51b5dfc199ef884924e60ad1b75.zip
evm: enable key retention service automatically
If keys are not enabled, EVM is not visible in the configuration menu. It may be difficult to figure out what to do unless you really know. Other subsystems as NFS, CIFS select keys automatically. This patch does the same. This patch also removes '(TRUSTED_KEYS=y || TRUSTED_KEYS=n)' dependency, which is unnecessary. EVM does not depend on trusted keys, but on encrypted keys. evm.h provides compile time dependency. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/evm/Kconfig5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index 5aa910348e01..d35b4915b00d 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,9 +1,10 @@
config EVM
boolean "EVM support"
- depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
+ depends on SECURITY
+ select KEYS
+ select ENCRYPTED_KEYS
select CRYPTO_HMAC
select CRYPTO_SHA1
- select ENCRYPTED_KEYS
default n
help
EVM protects a file's security extended attributes against