Commit | Line | Data |
---|---|---|
f381c272 MZ |
1 | # |
2 | config INTEGRITY | |
3 | def_bool y | |
66dbc325 | 4 | depends on IMA || EVM |
f381c272 | 5 | |
f1be242c | 6 | config INTEGRITY_SIGNATURE |
8607c501 | 7 | boolean "Digital signature verification using multiple keyrings" |
de353533 | 8 | depends on INTEGRITY && KEYS |
8607c501 | 9 | default n |
5e8898e9 | 10 | select SIGNATURE |
8607c501 DK |
11 | help |
12 | This option enables digital signature verification support | |
13 | using multiple keyrings. It defines separate keyrings for each | |
14 | of the different use cases - evm, ima, and modules. | |
15 | Different keyrings improves search performance, but also allow | |
16 | to "lock" certain keyring to prevent adding new keys. | |
17 | This is useful for evm and module keyrings, when keys are | |
18 | usually only added from initramfs. | |
19 | ||
e0751257 DK |
20 | config INTEGRITY_ASYMMETRIC_KEYS |
21 | boolean "Enable asymmetric keys support" | |
22 | depends on INTEGRITY_SIGNATURE | |
23 | default n | |
24 | select ASYMMETRIC_KEY_TYPE | |
25 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE | |
26 | select PUBLIC_KEY_ALGO_RSA | |
27 | select X509_CERTIFICATE_PARSER | |
28 | help | |
29 | This option enables digital signature verification using | |
30 | asymmetric keys. | |
31 | ||
f381c272 | 32 | source security/integrity/ima/Kconfig |
66dbc325 | 33 | source security/integrity/evm/Kconfig |