diff options
Diffstat (limited to 'security/integrity/Kconfig')
| -rw-r--r-- | security/integrity/Kconfig | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 245c6d92065b..b76235ae4786 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig | |||
| @@ -1,11 +1,23 @@ | |||
| 1 | # | 1 | # |
| 2 | config INTEGRITY | 2 | config INTEGRITY |
| 3 | def_bool y | 3 | bool "Integrity subsystem" |
| 4 | depends on IMA || EVM | 4 | depends on SECURITY |
| 5 | default y | ||
| 6 | help | ||
| 7 | This option enables the integrity subsystem, which is comprised | ||
| 8 | of a number of different components including the Integrity | ||
| 9 | Measurement Architecture (IMA), Extended Verification Module | ||
| 10 | (EVM), IMA-appraisal extension, digital signature verification | ||
| 11 | extension and audit measurement log support. | ||
| 12 | |||
| 13 | Each of these components can be enabled/disabled separately. | ||
| 14 | Refer to the individual components for additional details. | ||
| 15 | |||
| 16 | if INTEGRITY | ||
| 5 | 17 | ||
| 6 | config INTEGRITY_SIGNATURE | 18 | config INTEGRITY_SIGNATURE |
| 7 | boolean "Digital signature verification using multiple keyrings" | 19 | boolean "Digital signature verification using multiple keyrings" |
| 8 | depends on INTEGRITY && KEYS | 20 | depends on KEYS |
| 9 | default n | 21 | default n |
| 10 | select SIGNATURE | 22 | select SIGNATURE |
| 11 | help | 23 | help |
| @@ -17,9 +29,21 @@ config INTEGRITY_SIGNATURE | |||
| 17 | This is useful for evm and module keyrings, when keys are | 29 | This is useful for evm and module keyrings, when keys are |
| 18 | usually only added from initramfs. | 30 | usually only added from initramfs. |
| 19 | 31 | ||
| 32 | config INTEGRITY_ASYMMETRIC_KEYS | ||
| 33 | boolean "Enable asymmetric keys support" | ||
| 34 | depends on INTEGRITY_SIGNATURE | ||
| 35 | default n | ||
| 36 | select ASYMMETRIC_KEY_TYPE | ||
| 37 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE | ||
| 38 | select PUBLIC_KEY_ALGO_RSA | ||
| 39 | select X509_CERTIFICATE_PARSER | ||
| 40 | help | ||
| 41 | This option enables digital signature verification using | ||
| 42 | asymmetric keys. | ||
| 43 | |||
| 20 | config INTEGRITY_AUDIT | 44 | config INTEGRITY_AUDIT |
| 21 | bool "Enables integrity auditing support " | 45 | bool "Enables integrity auditing support " |
| 22 | depends on INTEGRITY && AUDIT | 46 | depends on AUDIT |
| 23 | default y | 47 | default y |
| 24 | help | 48 | help |
| 25 | In addition to enabling integrity auditing support, this | 49 | In addition to enabling integrity auditing support, this |
| @@ -32,17 +56,7 @@ config INTEGRITY_AUDIT | |||
| 32 | be enabled by specifying 'integrity_audit=1' on the kernel | 56 | be enabled by specifying 'integrity_audit=1' on the kernel |
| 33 | command line. | 57 | command line. |
| 34 | 58 | ||
| 35 | config INTEGRITY_ASYMMETRIC_KEYS | ||
| 36 | boolean "Enable asymmetric keys support" | ||
| 37 | depends on INTEGRITY_SIGNATURE | ||
| 38 | default n | ||
| 39 | select ASYMMETRIC_KEY_TYPE | ||
| 40 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE | ||
| 41 | select PUBLIC_KEY_ALGO_RSA | ||
| 42 | select X509_CERTIFICATE_PARSER | ||
| 43 | help | ||
| 44 | This option enables digital signature verification using | ||
| 45 | asymmetric keys. | ||
| 46 | |||
| 47 | source security/integrity/ima/Kconfig | 59 | source security/integrity/ima/Kconfig |
| 48 | source security/integrity/evm/Kconfig | 60 | source security/integrity/evm/Kconfig |
| 61 | |||
| 62 | endif # if INTEGRITY | ||