| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- #
- config INTEGRITY
- def_bool y
- depends on IMA || EVM
- config INTEGRITY_SIGNATURE
- boolean "Digital signature verification using multiple keyrings"
- depends on INTEGRITY && KEYS
- default n
- select SIGNATURE
- help
- This option enables digital signature verification support
- using multiple keyrings. It defines separate keyrings for each
- of the different use cases - evm, ima, and modules.
- Different keyrings improves search performance, but also allow
- to "lock" certain keyring to prevent adding new keys.
- This is useful for evm and module keyrings, when keys are
- usually only added from initramfs.
- config INTEGRITY_AUDIT
- bool "Enables integrity auditing support "
- depends on INTEGRITY && AUDIT
- default y
- help
- In addition to enabling integrity auditing support, this
- option adds a kernel parameter 'integrity_audit', which
- controls the level of integrity auditing messages.
- 0 - basic integrity auditing messages (default)
- 1 - additional integrity auditing messages
- Additional informational integrity auditing messages would
- be enabled by specifying 'integrity_audit=1' on the kernel
- command line.
- config INTEGRITY_ASYMMETRIC_KEYS
- boolean "Enable asymmetric keys support"
- depends on INTEGRITY_SIGNATURE
- default n
- select ASYMMETRIC_KEY_TYPE
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select PUBLIC_KEY_ALGO_RSA
- select X509_CERTIFICATE_PARSER
- help
- This option enables digital signature verification using
- asymmetric keys.
- source security/integrity/ima/Kconfig
- source security/integrity/evm/Kconfig
|
