xref: /openbmc/linux/security/integrity/Kconfig (revision de353533)
1f381c272SMimi Zohar#
2f381c272SMimi Zoharconfig INTEGRITY
3f381c272SMimi Zohar	def_bool y
466dbc325SMimi Zohar	depends on IMA || EVM
5f381c272SMimi Zohar
68607c501SDmitry Kasatkinconfig INTEGRITY_DIGSIG
78607c501SDmitry Kasatkin	boolean "Digital signature verification using multiple keyrings"
8de353533SDmitry Kasatkin	depends on INTEGRITY && KEYS
98607c501SDmitry Kasatkin	default n
108607c501SDmitry Kasatkin	select DIGSIG
118607c501SDmitry Kasatkin	help
128607c501SDmitry Kasatkin	  This option enables digital signature verification support
138607c501SDmitry Kasatkin	  using multiple keyrings. It defines separate keyrings for each
148607c501SDmitry Kasatkin	  of the different use cases - evm, ima, and modules.
158607c501SDmitry Kasatkin	  Different keyrings improves search performance, but also allow
168607c501SDmitry Kasatkin	  to "lock" certain keyring to prevent adding new keys.
178607c501SDmitry Kasatkin	  This is useful for evm and module keyrings, when keys are
188607c501SDmitry Kasatkin	  usually only added from initramfs.
198607c501SDmitry Kasatkin
20f381c272SMimi Zoharsource security/integrity/ima/Kconfig
2166dbc325SMimi Zoharsource security/integrity/evm/Kconfig
22