1# 2config INTEGRITY 3 def_bool y 4 depends on IMA || EVM 5 6config INTEGRITY_SIGNATURE 7 boolean "Digital signature verification using multiple keyrings" 8 depends on INTEGRITY && KEYS 9 default n 10 select SIGNATURE 11 help 12 This option enables digital signature verification support 13 using multiple keyrings. It defines separate keyrings for each 14 of the different use cases - evm, ima, and modules. 15 Different keyrings improves search performance, but also allow 16 to "lock" certain keyring to prevent adding new keys. 17 This is useful for evm and module keyrings, when keys are 18 usually only added from initramfs. 19 20config INTEGRITY_AUDIT 21 bool "Enables integrity auditing support " 22 depends on INTEGRITY && AUDIT 23 default y 24 help 25 In addition to enabling integrity auditing support, this 26 option adds a kernel parameter 'integrity_audit', which 27 controls the level of integrity auditing messages. 28 0 - basic integrity auditing messages (default) 29 1 - additional integrity auditing messages 30 31 Additional informational integrity auditing messages would 32 be enabled by specifying 'integrity_audit=1' on the kernel 33 command line. 34 35config INTEGRITY_ASYMMETRIC_KEYS 36 boolean "Enable asymmetric keys support" 37 depends on INTEGRITY_SIGNATURE 38 default n 39 select ASYMMETRIC_KEY_TYPE 40 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 41 select PUBLIC_KEY_ALGO_RSA 42 select X509_CERTIFICATE_PARSER 43 help 44 This option enables digital signature verification using 45 asymmetric keys. 46 47source security/integrity/ima/Kconfig 48source security/integrity/evm/Kconfig 49