[deliverable/linux.git] / security / integrity / Kconfig

#
config INTEGRITY
        def_bool y
        depends on IMA || EVM

config INTEGRITY_SIGNATURE
        boolean "Digital signature verification using multiple keyrings"
        depends on INTEGRITY && KEYS
        default n
        select SIGNATURE
        help
          This option enables digital signature verification support
          using multiple keyrings. It defines separate keyrings for each
          of the different use cases - evm, ima, and modules.
          Different keyrings improves search performance, but also allow
          to "lock" certain keyring to prevent adding new keys.
          This is useful for evm and module keyrings, when keys are
          usually only added from initramfs.

config INTEGRITY_ASYMMETRIC_KEYS
        boolean "Enable asymmetric keys support"
        depends on INTEGRITY_SIGNATURE
        default n
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select PUBLIC_KEY_ALGO_RSA
        select X509_CERTIFICATE_PARSER
        help
          This option enables digital signature verification using
          asymmetric keys.

config INTEGRITY_AUDIT
        bool "Enables integrity auditing support "
        depends on INTEGRITY && AUDIT
        default y
        help
          In addition to enabling integrity auditing support, this
          option adds a kernel parameter 'integrity_audit', which
          controls the level of integrity auditing messages.
          0 - basic integrity auditing messages (default)
          1 - additional integrity auditing messages

          Additional informational integrity auditing messages would
          be enabled by specifying 'integrity_audit=1' on the kernel
          command line.

source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig