1f381c272SMimi Zohar# 2f381c272SMimi Zoharconfig INTEGRITY 3f381c272SMimi Zohar def_bool y 466dbc325SMimi Zohar depends on IMA || EVM 5f381c272SMimi Zohar 68607c501SDmitry Kasatkinconfig INTEGRITY_DIGSIG 78607c501SDmitry Kasatkin boolean "Digital signature verification using multiple keyrings" 88607c501SDmitry Kasatkin depends on INTEGRITY 98607c501SDmitry Kasatkin default n 108607c501SDmitry Kasatkin select DIGSIG 118607c501SDmitry Kasatkin help 128607c501SDmitry Kasatkin This option enables digital signature verification support 138607c501SDmitry Kasatkin using multiple keyrings. It defines separate keyrings for each 148607c501SDmitry Kasatkin of the different use cases - evm, ima, and modules. 158607c501SDmitry Kasatkin Different keyrings improves search performance, but also allow 168607c501SDmitry Kasatkin to "lock" certain keyring to prevent adding new keys. 178607c501SDmitry Kasatkin This is useful for evm and module keyrings, when keys are 188607c501SDmitry Kasatkin usually only added from initramfs. 198607c501SDmitry Kasatkin 20f381c272SMimi Zoharsource security/integrity/ima/Kconfig 2166dbc325SMimi Zoharsource security/integrity/evm/Kconfig 22