summaryrefslogtreecommitdiff
path: root/Documentation/kernel-parameters.txt
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2011-05-12 18:33:20 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2011-07-18 12:29:49 -0400
commit7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac (patch)
tree1de4ac95b25e6bebab103e4377047c8f76038dac /Documentation/kernel-parameters.txt
parent24e0198efe0df50034ec1c14b2d7b5bb0f66d54a (diff)
downloadkernel-common-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.tar.gz
kernel-common-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.tar.bz2
kernel-common-7102ebcd65c1cdb5d5a87c7c5cf7a46f5afb0cac.zip
evm: permit only valid security.evm xattrs to be updated
In addition to requiring CAP_SYS_ADMIN permission to modify/delete security.evm, prohibit invalid security.evm xattrs from changing, unless in fixmode. This patch prevents inadvertent 'fixing' of security.evm to reflect offline modifications. Changelog v7: - rename boot paramater 'evm_mode' to 'evm' Reported-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'Documentation/kernel-parameters.txt')
-rw-r--r--Documentation/kernel-parameters.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index fd248a318211..db97ff1da8c0 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -48,6 +48,7 @@ parameter is applicable:
EDD BIOS Enhanced Disk Drive Services (EDD) is enabled
EFI EFI Partitioning (GPT) is enabled
EIDE EIDE/ATAPI support is enabled.
+ EVM Extended Verification Module
FB The frame buffer device is enabled.
GCOV GCOV profiling is enabled.
HW Appropriate hardware is enabled.
@@ -750,6 +751,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
This option is obsoleted by the "netdev=" option, which
has equivalent usage. See its documentation for details.
+ evm= [EVM]
+ Format: { "fix" }
+ Permit 'security.evm' to be updated regardless of
+ current integrity status.
+
failslab=
fail_page_alloc=
fail_make_request=[KNL]