49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
#
|
|
config INTEGRITY
|
|
def_bool y
|
|
depends on IMA || EVM
|
|
|
|
config INTEGRITY_SIGNATURE
|
|
boolean "Digital signature verification using multiple keyrings"
|
|
depends on INTEGRITY && KEYS
|
|
default n
|
|
select SIGNATURE
|
|
help
|
|
This option enables digital signature verification support
|
|
using multiple keyrings. It defines separate keyrings for each
|
|
of the different use cases - evm, ima, and modules.
|
|
Different keyrings improves search performance, but also allow
|
|
to "lock" certain keyring to prevent adding new keys.
|
|
This is useful for evm and module keyrings, when keys are
|
|
usually only added from initramfs.
|
|
|
|
config INTEGRITY_AUDIT
|
|
bool "Enables integrity auditing support "
|
|
depends on INTEGRITY && AUDIT
|
|
default y
|
|
help
|
|
In addition to enabling integrity auditing support, this
|
|
option adds a kernel parameter 'integrity_audit', which
|
|
controls the level of integrity auditing messages.
|
|
0 - basic integrity auditing messages (default)
|
|
1 - additional integrity auditing messages
|
|
|
|
Additional informational integrity auditing messages would
|
|
be enabled by specifying 'integrity_audit=1' on the kernel
|
|
command line.
|
|
|
|
config INTEGRITY_ASYMMETRIC_KEYS
|
|
boolean "Enable asymmetric keys support"
|
|
depends on INTEGRITY_SIGNATURE
|
|
default n
|
|
select ASYMMETRIC_KEY_TYPE
|
|
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select PUBLIC_KEY_ALGO_RSA
|
|
select X509_CERTIFICATE_PARSER
|
|
help
|
|
This option enables digital signature verification using
|
|
asymmetric keys.
|
|
|
|
source security/integrity/ima/Kconfig
|
|
source security/integrity/evm/Kconfig
|