# config INTEGRITY def_bool y depends on IMA || EVM config INTEGRITY_SIGNATURE boolean "Digital signature verification using multiple keyrings" depends on INTEGRITY && KEYS default n select SIGNATURE help This option enables digital signature verification support using multiple keyrings. It defines separate keyrings for each of the different use cases - evm, ima, and modules. Different keyrings improves search performance, but also allow to "lock" certain keyring to prevent adding new keys. This is useful for evm and module keyrings, when keys are usually only added from initramfs. config INTEGRITY_ASYMMETRIC_KEYS boolean "Enable asymmetric keys support" depends on INTEGRITY_SIGNATURE default n select ASYMMETRIC_KEY_TYPE select ASYMMETRIC_PUBLIC_KEY_SUBTYPE select PUBLIC_KEY_ALGO_RSA select X509_CERTIFICATE_PARSER help This option enables digital signature verification using asymmetric keys. config INTEGRITY_AUDIT bool "Enables integrity auditing support " depends on INTEGRITY && AUDIT default y help In addition to enabling integrity auditing support, this option adds a kernel parameter 'integrity_audit', which controls the level of integrity auditing messages. 0 - basic integrity auditing messages (default) 1 - additional integrity auditing messages Additional informational integrity auditing messages would be enabled by specifying 'integrity_audit=1' on the kernel command line. source security/integrity/ima/Kconfig source security/integrity/evm/Kconfig