| 1 | # |
| 2 | config INTEGRITY |
| 3 | def_bool y |
| 4 | depends on IMA || EVM |
| 5 | |
| 6 | config INTEGRITY_SIGNATURE |
| 7 | boolean "Digital signature verification using multiple keyrings" |
| 8 | depends on INTEGRITY && KEYS |
| 9 | default n |
| 10 | select SIGNATURE |
| 11 | help |
| 12 | This option enables digital signature verification support |
| 13 | using multiple keyrings. It defines separate keyrings for each |
| 14 | of the different use cases - evm, ima, and modules. |
| 15 | Different keyrings improves search performance, but also allow |
| 16 | to "lock" certain keyring to prevent adding new keys. |
| 17 | This is useful for evm and module keyrings, when keys are |
| 18 | usually only added from initramfs. |
| 19 | |
| 20 | config INTEGRITY_ASYMMETRIC_KEYS |
| 21 | boolean "Enable asymmetric keys support" |
| 22 | depends on INTEGRITY_SIGNATURE |
| 23 | default n |
| 24 | select ASYMMETRIC_KEY_TYPE |
| 25 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 26 | select PUBLIC_KEY_ALGO_RSA |
| 27 | select X509_CERTIFICATE_PARSER |
| 28 | help |
| 29 | This option enables digital signature verification using |
| 30 | asymmetric keys. |
| 31 | |
| 32 | source security/integrity/ima/Kconfig |
| 33 | source security/integrity/evm/Kconfig |