diff options
Diffstat (limited to 'security/integrity/Kconfig')
| -rw-r--r-- | security/integrity/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 4bf00acf7937..d384ea921482 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig | |||
| @@ -3,5 +3,19 @@ config INTEGRITY | |||
| 3 | def_bool y | 3 | def_bool y |
| 4 | depends on IMA || EVM | 4 | depends on IMA || EVM |
| 5 | 5 | ||
| 6 | config INTEGRITY_DIGSIG | ||
| 7 | boolean "Digital signature verification using multiple keyrings" | ||
| 8 | depends on INTEGRITY && KEYS | ||
| 9 | default n | ||
| 10 | select DIGSIG | ||
| 11 | help | ||
| 12 | This option enables digital signature verification support | ||
| 13 | using multiple keyrings. It defines separate keyrings for each | ||
| 14 | of the different use cases - evm, ima, and modules. | ||
| 15 | Different keyrings improves search performance, but also allow | ||
| 16 | to "lock" certain keyring to prevent adding new keys. | ||
| 17 | This is useful for evm and module keyrings, when keys are | ||
| 18 | usually only added from initramfs. | ||
| 19 | |||
| 6 | source security/integrity/ima/Kconfig | 20 | source security/integrity/ima/Kconfig |
| 7 | source security/integrity/evm/Kconfig | 21 | source security/integrity/evm/Kconfig |