| # |
| config INTEGRITY |
| def_bool y |
| depends on IMA || EVM |
| |
| config INTEGRITY_SIGNATURE |
| boolean "Digital signature verification using multiple keyrings" |
| depends on INTEGRITY && KEYS |
| default n |
| select SIGNATURE |
| help |
| This option enables digital signature verification support |
| using multiple keyrings. It defines separate keyrings for each |
| of the different use cases - evm, ima, and modules. |
| Different keyrings improves search performance, but also allow |
| to "lock" certain keyring to prevent adding new keys. |
| This is useful for evm and module keyrings, when keys are |
| usually only added from initramfs. |
| |
| config INTEGRITY_AUDIT |
| bool "Enables integrity auditing support " |
| depends on INTEGRITY && AUDIT |
| default y |
| help |
| In addition to enabling integrity auditing support, this |
| option adds a kernel parameter 'integrity_audit', which |
| controls the level of integrity auditing messages. |
| 0 - basic integrity auditing messages (default) |
| 1 - additional integrity auditing messages |
| |
| Additional informational integrity auditing messages would |
| be enabled by specifying 'integrity_audit=1' on the kernel |
| command line. |
| |
| config INTEGRITY_ASYMMETRIC_KEYS |
| boolean "Enable asymmetric keys support" |
| depends on INTEGRITY_SIGNATURE |
| default n |
| select ASYMMETRIC_KEY_TYPE |
| select ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| select PUBLIC_KEY_ALGO_RSA |
| select X509_CERTIFICATE_PARSER |
| help |
| This option enables digital signature verification using |
| asymmetric keys. |
| |
| source security/integrity/ima/Kconfig |
| source security/integrity/evm/Kconfig |
