1# 2config INTEGRITY 3 def_bool y 4 depends on IMA || EVM 5 6config INTEGRITY_SIGNATURE 7 boolean "Digital signature verification using multiple keyrings" 8 depends on INTEGRITY && KEYS 9 default n 10 select SIGNATURE 11 help 12 This option enables digital signature verification support 13 using multiple keyrings. It defines separate keyrings for each 14 of the different use cases - evm, ima, and modules. 15 Different keyrings improves search performance, but also allow 16 to "lock" certain keyring to prevent adding new keys. 17 This is useful for evm and module keyrings, when keys are 18 usually only added from initramfs. 19 20config INTEGRITY_ASYMMETRIC_KEYS 21 boolean "Enable asymmetric keys support" 22 depends on INTEGRITY_SIGNATURE 23 default n 24 select ASYMMETRIC_KEY_TYPE 25 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 26 select PUBLIC_KEY_ALGO_RSA 27 select X509_CERTIFICATE_PARSER 28 help 29 This option enables digital signature verification using 30 asymmetric keys. 31 32config INTEGRITY_AUDIT 33 bool "Enables integrity auditing support " 34 depends on INTEGRITY && AUDIT 35 default y 36 help 37 In addition to enabling integrity auditing support, this 38 option adds a kernel parameter 'integrity_audit', which 39 controls the level of integrity auditing messages. 40 0 - basic integrity auditing messages (default) 41 1 - additional integrity auditing messages 42 43 Additional informational integrity auditing messages would 44 be enabled by specifying 'integrity_audit=1' on the kernel 45 command line. 46 47source security/integrity/ima/Kconfig 48source security/integrity/evm/Kconfig 49