[mirror_ubuntu-artful-kernel.git] / security / integrity / Kconfig

#
config INTEGRITY
	def_bool y
	depends on IMA || EVM

config INTEGRITY_SIGNATURE
	boolean "Digital signature verification using multiple keyrings"
	depends on INTEGRITY && KEYS
	default n
	select SIGNATURE
	help
	  This option enables digital signature verification support
	  using multiple keyrings. It defines separate keyrings for each
	  of the different use cases - evm, ima, and modules.
	  Different keyrings improves search performance, but also allow
	  to "lock" certain keyring to prevent adding new keys.
	  This is useful for evm and module keyrings, when keys are
	  usually only added from initramfs.

config INTEGRITY_AUDIT
	bool "Enables integrity auditing support "
	depends on INTEGRITY && AUDIT
	default y
	help
	  In addition to enabling integrity auditing support, this
	  option adds a kernel parameter 'integrity_audit', which
	  controls the level of integrity auditing messages.
	  0 - basic integrity auditing messages (default)
	  1 - additional integrity auditing messages

	  Additional informational integrity auditing messages would
	  be enabled by specifying 'integrity_audit=1' on the kernel
	  command line.

config INTEGRITY_ASYMMETRIC_KEYS
	boolean "Enable asymmetric keys support"
	depends on INTEGRITY_SIGNATURE
	default n
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select PUBLIC_KEY_ALGO_RSA
        select X509_CERTIFICATE_PARSER
	help
	  This option enables digital signature verification using
	  asymmetric keys.

source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig
Commit	Line	Data
f381c272 MZ	1	#
	2	config INTEGRITY
	3	def_bool y
66dbc325	4	depends on IMA \|\| EVM
f381c272	5
f1be242c	6	config INTEGRITY_SIGNATURE
8607c501	7	boolean "Digital signature verification using multiple keyrings"
de353533	8	depends on INTEGRITY && KEYS
8607c501	9	default n
5e8898e9	10	select SIGNATURE
8607c501 DK	11	help
	12	This option enables digital signature verification support
	13	using multiple keyrings. It defines separate keyrings for each
	14	of the different use cases - evm, ima, and modules.
	15	Different keyrings improves search performance, but also allow
	16	to "lock" certain keyring to prevent adding new keys.
	17	This is useful for evm and module keyrings, when keys are
	18	usually only added from initramfs.
	19
d726d8d7 MZ	20	config INTEGRITY_AUDIT
	21	bool "Enables integrity auditing support "
	22	depends on INTEGRITY && AUDIT
	23	default y
	24	help
	25	In addition to enabling integrity auditing support, this
	26	option adds a kernel parameter 'integrity_audit', which
	27	controls the level of integrity auditing messages.
	28	0 - basic integrity auditing messages (default)
	29	1 - additional integrity auditing messages
	30
	31	Additional informational integrity auditing messages would
	32	be enabled by specifying 'integrity_audit=1' on the kernel
	33	command line.
	34
e0751257 DK	35	config INTEGRITY_ASYMMETRIC_KEYS
	36	boolean "Enable asymmetric keys support"
	37	depends on INTEGRITY_SIGNATURE
	38	default n
	39	select ASYMMETRIC_KEY_TYPE
	40	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	41	select PUBLIC_KEY_ALGO_RSA
	42	select X509_CERTIFICATE_PARSER
	43	help
	44	This option enables digital signature verification using
	45	asymmetric keys.
	46
f381c272	47	source security/integrity/ima/Kconfig
66dbc325	48	source security/integrity/evm/Kconfig