1 files changed, 12 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 5487827fa86c..370eb2f4dd37 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -27,6 +27,18 @@ config IMA
          to learn more about IMA.
          If unsure, say N.
+config IMA_KEXEC
+        bool "Enable carrying the IMA measurement list across a soft boot"
+        depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
+        default n
+        help
+           TPM PCRs are only reset on a hard reboot.  In order to validate
+           a TPM's quote after a soft boot, the IMA measurement list of the
+           running kernel must be saved and restored on boot.
+           Depending on the IMA policy, the measurement list can grow to
+           be very large.
 config IMA_MEASURE_PCR_IDX
        int
        depends on IMA

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 5487827fa86c..370eb2f4dd37 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig
@@ -27,6 +27,18 @@ config IMA
27	to learn more about IMA.	27	to learn more about IMA.
28	If unsure, say N.	28	If unsure, say N.
29		29
		30	config IMA_KEXEC
		31	bool "Enable carrying the IMA measurement list across a soft boot"
		32	depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
		33	default n
		34	help
		35	TPM PCRs are only reset on a hard reboot. In order to validate
		36	a TPM's quote after a soft boot, the IMA measurement list of the
		37	running kernel must be saved and restored on boot.
		38
		39	Depending on the IMA policy, the measurement list can grow to
		40	be very large.
		41
30	config IMA_MEASURE_PCR_IDX	42	config IMA_MEASURE_PCR_IDX
31	int	43	int
32	depends on IMA	44	depends on IMA