6 config INTEGRITY_SIGNATURE
7 boolean "Digital signature verification using multiple keyrings"
8 depends on INTEGRITY && KEYS
12 This option enables digital signature verification support
13 using multiple keyrings. It defines separate keyrings for each
14 of the different use cases - evm, ima, and modules.
15 Different keyrings improves search performance, but also allow
16 to "lock" certain keyring to prevent adding new keys.
17 This is useful for evm and module keyrings, when keys are
18 usually only added from initramfs.
20 config INTEGRITY_ASYMMETRIC_KEYS
21 boolean "Enable asymmetric keys support"
22 depends on INTEGRITY_SIGNATURE
24 select ASYMMETRIC_KEY_TYPE
25 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
26 select PUBLIC_KEY_ALGO_RSA
27 select X509_CERTIFICATE_PARSER
29 This option enables digital signature verification using
32 config INTEGRITY_AUDIT
33 bool "Enables integrity auditing support "
34 depends on INTEGRITY && AUDIT
37 In addition to enabling integrity auditing support, this
38 option adds a kernel parameter 'integrity_audit', which
39 controls the level of integrity auditing messages.
40 0 - basic integrity auditing messages (default)
41 1 - additional integrity auditing messages
43 Additional informational integrity auditing messages would
44 be enabled by specifying 'integrity_audit=1' on the kernel
47 source security/integrity/ima/Kconfig
48 source security/integrity/evm/Kconfig