Remove ACPI dependency on systems without a TPM enabled.
Reported-by: Jean-Christophe Dubois <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
---
security/integrity/ima/Kconfig | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 53d9764..3ca39e7 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,14 +2,12 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on ACPI
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
select CRYPTO_SHA1
- select TCG_TPM
- select TCG_TIS
+ select ACPI if TCG_TPM
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
@@ -18,12 +16,12 @@ config IMA
to change the contents of an important system file
being measured, we can tell.
- If your system has a TPM chip, then IMA also maintains
- an aggregate integrity value over this list inside the
- TPM hardware, so that the TPM can prove to a third party
- whether or not critical system files have been modified.
- Read <http://www.usenix.org/events/sec04/tech/sailer.html>
- to learn more about IMA.
+ If your system has a TPM chip, and it is enabled, then
+ IMA also maintains an aggregate integrity value over
+ this list inside the TPM hardware, so that the TPM can
+ prove to a third party whether or not critical system
+ files have been modified. To learn more about IMA, read
+ <http://www.usenix.org/events/sec04/tech/sailer.html>
If unsure, say N.
config IMA_MEASURE_PCR_IDX
--
1.6.0.6
le mardi 20 octobre 2009 Mimi Zohar a ?crit
> Remove ACPI dependency on systems without a TPM enabled.
>
> Reported-by: Jean-Christophe Dubois <[email protected]>
> Signed-off-by: Mimi Zohar <[email protected]>
This patch requires that another patch is first applied (as reported by Mimi in
the attached email).
Tested on top of 2.6.30 and 2.6.31 on armv5 platform (versatilePB) with both
patches applied.
Acked-by: Jean-Christophe Dubois <[email protected]>
> ---
> security/integrity/ima/Kconfig | 16 +++++++---------
> 1 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/security/integrity/ima/Kconfig
> b/security/integrity/ima/Kconfig index 53d9764..3ca39e7 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -2,14 +2,12 @@
> #
> config IMA
> bool "Integrity Measurement Architecture(IMA)"
> - depends on ACPI
> select SECURITYFS
> select CRYPTO
> select CRYPTO_HMAC
> select CRYPTO_MD5
> select CRYPTO_SHA1
> - select TCG_TPM
> - select TCG_TIS
> + select ACPI if TCG_TPM
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
> @@ -18,12 +16,12 @@ config IMA
> to change the contents of an important system file
> being measured, we can tell.
>
> - If your system has a TPM chip, then IMA also maintains
> - an aggregate integrity value over this list inside the
> - TPM hardware, so that the TPM can prove to a third party
> - whether or not critical system files have been modified.
> - Read <http://www.usenix.org/events/sec04/tech/sailer.html>
> - to learn more about IMA.
> + If your system has a TPM chip, and it is enabled, then
> + IMA also maintains an aggregate integrity value over
> + this list inside the TPM hardware, so that the TPM can
> + prove to a third party whether or not critical system
> + files have been modified. To learn more about IMA, read
> + <http://www.usenix.org/events/sec04/tech/sailer.html>
> If unsure, say N.
>
> config IMA_MEASURE_PCR_IDX