1# 2config INTEGRITY 3 def_bool y 4 depends on IMA || EVM 5 6config INTEGRITY_SIGNATURE 7 boolean "Digital signature verification using multiple keyrings" 8 depends on INTEGRITY && KEYS 9 default n 10 select SIGNATURE 11 help 12 This option enables digital signature verification support 13 using multiple keyrings. It defines separate keyrings for each 14 of the different use cases - evm, ima, and modules. 15 Different keyrings improves search performance, but also allow 16 to "lock" certain keyring to prevent adding new keys. 17 This is useful for evm and module keyrings, when keys are 18 usually only added from initramfs. 19 20config INTEGRITY_ASYMMETRIC_KEYS 21 boolean "Enable asymmetric keys support" 22 depends on INTEGRITY_SIGNATURE 23 default n 24 select ASYMMETRIC_KEY_TYPE 25 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 26 select PUBLIC_KEY_ALGO_RSA 27 select X509_CERTIFICATE_PARSER 28 help 29 This option enables digital signature verification using 30 asymmetric keys. 31 32source security/integrity/ima/Kconfig 33source security/integrity/evm/Kconfig 34