evm: remove TCG_TPM dependency
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 28 Aug 2011 12:57:11 +0000 (08:57 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 14 Sep 2011 19:24:49 +0000 (15:24 -0400)
All tristates selected by EVM(boolean) are forced to be builtin, except
in the TCG_TPM(tristate) dependency case. Arnaud Lacombe summarizes the
Kconfig bug as, "So it would seem direct dependency state influence the
state of reverse dependencies.."  For a detailed explanation, refer to
Arnaud Lacombe's posting http://lkml.org/lkml/2011/8/23/498.

With the "encrypted-keys: remove trusted-keys dependency" patch, EVM
can now be built without a dependency on TCG_TPM.  The trusted-keys
dependency requires trusted-keys to either be builtin or not selected.
This dependency will prevent the boolean/tristate mismatch from
occuring.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>,
             Randy Dunlap <rdunlap@xenotimenet>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
security/integrity/evm/Kconfig

index 884617d4aad0567d729348728d73cf5bca032b16..afbb59dd262d57f9ee635c3dcd6caeff6751d932 100644 (file)
@@ -1,11 +1,10 @@
 config EVM
        boolean "EVM support"
-       depends on SECURITY && KEYS && TCG_TPM
+       depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
        select CRYPTO_HMAC
        select CRYPTO_MD5
        select CRYPTO_SHA1
        select ENCRYPTED_KEYS
-       select TRUSTED_KEYS
        default n
        help
          EVM protects a file's security extended attributes against