123456789101112131415161718192021222324252627282930313233 |
- #
- config INTEGRITY
- def_bool y
- depends on IMA || EVM
- config INTEGRITY_SIGNATURE
- boolean "Digital signature verification using multiple keyrings"
- depends on INTEGRITY && KEYS
- default n
- select SIGNATURE
- help
- This option enables digital signature verification support
- using multiple keyrings. It defines separate keyrings for each
- of the different use cases - evm, ima, and modules.
- Different keyrings improves search performance, but also allow
- to "lock" certain keyring to prevent adding new keys.
- This is useful for evm and module keyrings, when keys are
- usually only added from initramfs.
- config INTEGRITY_ASYMMETRIC_KEYS
- boolean "Enable asymmetric keys support"
- depends on INTEGRITY_SIGNATURE
- default n
- select ASYMMETRIC_KEY_TYPE
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select PUBLIC_KEY_ALGO_RSA
- select X509_CERTIFICATE_PARSER
- help
- This option enables digital signature verification using
- asymmetric keys.
- source security/integrity/ima/Kconfig
- source security/integrity/evm/Kconfig
|