Kconfig 1.0 KB

123456789101112131415161718192021222324252627282930313233
  1. #
  2. config INTEGRITY
  3. def_bool y
  4. depends on IMA || EVM
  5. config INTEGRITY_SIGNATURE
  6. boolean "Digital signature verification using multiple keyrings"
  7. depends on INTEGRITY && KEYS
  8. default n
  9. select SIGNATURE
  10. help
  11. This option enables digital signature verification support
  12. using multiple keyrings. It defines separate keyrings for each
  13. of the different use cases - evm, ima, and modules.
  14. Different keyrings improves search performance, but also allow
  15. to "lock" certain keyring to prevent adding new keys.
  16. This is useful for evm and module keyrings, when keys are
  17. usually only added from initramfs.
  18. config INTEGRITY_ASYMMETRIC_KEYS
  19. boolean "Enable asymmetric keys support"
  20. depends on INTEGRITY_SIGNATURE
  21. default n
  22. select ASYMMETRIC_KEY_TYPE
  23. select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
  24. select PUBLIC_KEY_ALGO_RSA
  25. select X509_CERTIFICATE_PARSER
  26. help
  27. This option enables digital signature verification using
  28. asymmetric keys.
  29. source security/integrity/ima/Kconfig
  30. source security/integrity/evm/Kconfig