| Mimi Zohar | f381c27 | 2011-03-09 14:13:22 -0500 | [diff] [blame] | 1 | # |
| 2 | config INTEGRITY |
| 3 | def_bool y |
| Mimi Zohar | 66dbc32 | 2011-03-15 16:12:09 -0400 | [diff] [blame] | 4 | depends on IMA || EVM |
| Mimi Zohar | f381c27 | 2011-03-09 14:13:22 -0500 | [diff] [blame] | 5 | |
| Dmitry Kasatkin | f1be242 | 2012-01-17 17:12:07 +0200 | [diff] [blame] | 6 | config INTEGRITY_SIGNATURE |
| Dmitry Kasatkin | 8607c50 | 2011-10-05 11:54:46 +0300 | [diff] [blame] | 7 | boolean "Digital signature verification using multiple keyrings" |
| Dmitry Kasatkin | de35353 | 2011-11-21 17:31:15 +0200 | [diff] [blame] | 8 | depends on INTEGRITY && KEYS |
| Dmitry Kasatkin | 8607c50 | 2011-10-05 11:54:46 +0300 | [diff] [blame] | 9 | default n |
| Dmitry Kasatkin | 5e8898e | 2012-01-17 17:12:03 +0200 | [diff] [blame] | 10 | select SIGNATURE |
| Dmitry Kasatkin | 8607c50 | 2011-10-05 11:54:46 +0300 | [diff] [blame] | 11 | help |
| 12 | This option enables digital signature verification support |
| 13 | using multiple keyrings. It defines separate keyrings for each |
| 14 | of the different use cases - evm, ima, and modules. |
| 15 | Different keyrings improves search performance, but also allow |
| 16 | to "lock" certain keyring to prevent adding new keys. |
| 17 | This is useful for evm and module keyrings, when keys are |
| 18 | usually only added from initramfs. |
| 19 | |
| Mimi Zohar | f381c27 | 2011-03-09 14:13:22 -0500 | [diff] [blame] | 20 | source security/integrity/ima/Kconfig |
| Mimi Zohar | 66dbc32 | 2011-03-15 16:12:09 -0400 | [diff] [blame] | 21 | source security/integrity/evm/Kconfig |