1 # 2 config INTEGRITY 3 def_bool y 4 depends on IMA || EVM 5 6 config INTEGRITY_SIGNATURE 7 boolean "Digital signature verification using multiple keyrings" 8 depends on INTEGRITY && KEYS 9 default n 10 select SIGNATURE 11 help 12 This option enables digital signature verification support 13 using multiple keyrings. It defines separate keyrings for each 14 of the different use cases - evm, ima, and modules. 15 Different keyrings improves search performance, but also allow 16 to "lock" certain keyring to prevent adding new keys. 17 This is useful for evm and module keyrings, when keys are 18 usually only added from initramfs. 19 20 source security/integrity/ima/Kconfig 21 source security/integrity/evm/Kconfig 22