Kconfig (revision d726d8d7) - OpenGrok cross reference for /openbmc/linux/security/integrity/Kconfig

f381c272SMimi Zohar#
f381c272SMimi Zoharconfig INTEGRITY
f381c272SMimi Zohar	def_bool y
66dbc325SMimi Zohar	depends on IMA || EVM
f381c272SMimi Zohar
f1be242cSDmitry Kasatkinconfig INTEGRITY_SIGNATURE
8607c501SDmitry Kasatkin	boolean "Digital signature verification using multiple keyrings"
de353533SDmitry Kasatkin	depends on INTEGRITY && KEYS
8607c501SDmitry Kasatkin	default n
5e8898e9SDmitry Kasatkin	select SIGNATURE
8607c501SDmitry Kasatkin	help
8607c501SDmitry Kasatkin	  This option enables digital signature verification support
8607c501SDmitry Kasatkin	  using multiple keyrings. It defines separate keyrings for each
8607c501SDmitry Kasatkin	  of the different use cases - evm, ima, and modules.
8607c501SDmitry Kasatkin	  Different keyrings improves search performance, but also allow
8607c501SDmitry Kasatkin	  to "lock" certain keyring to prevent adding new keys.
8607c501SDmitry Kasatkin	  This is useful for evm and module keyrings, when keys are
8607c501SDmitry Kasatkin	  usually only added from initramfs.
8607c501SDmitry Kasatkin
d726d8d7SMimi Zoharconfig INTEGRITY_AUDIT
d726d8d7SMimi Zohar	bool "Enables integrity auditing support "
d726d8d7SMimi Zohar	depends on INTEGRITY && AUDIT
d726d8d7SMimi Zohar	default y
d726d8d7SMimi Zohar	help
d726d8d7SMimi Zohar	  In addition to enabling integrity auditing support, this
d726d8d7SMimi Zohar	  option adds a kernel parameter 'integrity_audit', which
d726d8d7SMimi Zohar	  controls the level of integrity auditing messages.
d726d8d7SMimi Zohar	  0 - basic integrity auditing messages (default)
d726d8d7SMimi Zohar	  1 - additional integrity auditing messages
d726d8d7SMimi Zohar
d726d8d7SMimi Zohar	  Additional informational integrity auditing messages would
d726d8d7SMimi Zohar	  be enabled by specifying 'integrity_audit=1' on the kernel
d726d8d7SMimi Zohar	  command line.
d726d8d7SMimi Zohar
e0751257SDmitry Kasatkinconfig INTEGRITY_ASYMMETRIC_KEYS
e0751257SDmitry Kasatkin	boolean "Enable asymmetric keys support"
e0751257SDmitry Kasatkin	depends on INTEGRITY_SIGNATURE
e0751257SDmitry Kasatkin	default n
e0751257SDmitry Kasatkin        select ASYMMETRIC_KEY_TYPE
e0751257SDmitry Kasatkin        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
e0751257SDmitry Kasatkin        select PUBLIC_KEY_ALGO_RSA
e0751257SDmitry Kasatkin        select X509_CERTIFICATE_PARSER
e0751257SDmitry Kasatkin	help
e0751257SDmitry Kasatkin	  This option enables digital signature verification using
e0751257SDmitry Kasatkin	  asymmetric keys.
e0751257SDmitry Kasatkin
f381c272SMimi Zoharsource security/integrity/ima/Kconfig
66dbc325SMimi Zoharsource security/integrity/evm/Kconfig