[PATCH] ima: remove ACPI dependency
From: Mimi Zohar
Date: Tue Oct 20 2009 - 16:13:16 EST
Remove ACPI dependency on systems without a TPM enabled.
Reported-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
---
security/integrity/ima/Kconfig | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 53d9764..3ca39e7 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,14 +2,12 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on ACPI
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
select CRYPTO_SHA1
- select TCG_TPM
- select TCG_TIS
+ select ACPI if TCG_TPM
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
@@ -18,12 +16,12 @@ config IMA
to change the contents of an important system file
being measured, we can tell.
- If your system has a TPM chip, then IMA also maintains
- an aggregate integrity value over this list inside the
- TPM hardware, so that the TPM can prove to a third party
- whether or not critical system files have been modified.
- Read <http://www.usenix.org/events/sec04/tech/sailer.html>
- to learn more about IMA.
+ If your system has a TPM chip, and it is enabled, then
+ IMA also maintains an aggregate integrity value over
+ this list inside the TPM hardware, so that the TPM can
+ prove to a third party whether or not critical system
+ files have been modified. To learn more about IMA, read
+ <http://www.usenix.org/events/sec04/tech/sailer.html>
If unsure, say N.
config IMA_MEASURE_PCR_IDX
--
1.6.0.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/