1 files changed, 49 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
new file mode 100644
index 000000000000..2a761c8ac996
--- /dev/null
+++ b/security/integrity/ima/Kconfig
@@ -0,0 +1,49 @@
+# IBM Integrity Measurement Architecture
+#
+config IMA
+        bool "Integrity Measurement Architecture(IMA)"
+        depends on ACPI
+        select SECURITYFS
+        select CRYPTO
+        select CRYPTO_HMAC
+        select CRYPTO_MD5
+        select CRYPTO_SHA1
+        select TCG_TPM
+        select TCG_TIS
+        help
+          The Trusted Computing Group(TCG) runtime Integrity
+          Measurement Architecture(IMA) maintains a list of hash
+          values of executables and other sensitive system files,
+          as they are read or executed. If an attacker manages
+          to change the contents of an important system file
+          being measured, we can tell.
+          If your system has a TPM chip, then IMA also maintains
+          an aggregate integrity value over this list inside the
+          TPM hardware, so that the TPM can prove to a third party
+          whether or not critical system files have been modified.
+          Read <http://www.usenix.org/events/sec04/tech/sailer.html>
+          to learn more about IMA.
+          If unsure, say N.
+config IMA_MEASURE_PCR_IDX
+        int
+        depends on IMA
+        range 8 14
+        default 10
+        help
+          IMA_MEASURE_PCR_IDX determines the TPM PCR register index
+          that IMA uses to maintain the integrity aggregate of the
+          measurement list.  If unsure, use the default 10.
+config IMA_AUDIT
+        bool
+        depends on IMA
+        default y
+        help
+          This option adds a kernel parameter 'ima_audit', which
+          allows informational auditing messages to be enabled
+          at boot.  If this option is selected, informational integrity
+          auditing messages can be enabled with 'ima_audit=1' on
+          the kernel command line.

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig new file mode 100644 index 000000000000..2a761c8ac996 --- /dev/null +++ b/security/integrity/ima/Kconfig
@@ -0,0 +1,49 @@
	1	# IBM Integrity Measurement Architecture
	2	#
	3	config IMA
	4	bool "Integrity Measurement Architecture(IMA)"
	5	depends on ACPI
	6	select SECURITYFS
	7	select CRYPTO
	8	select CRYPTO_HMAC
	9	select CRYPTO_MD5
	10	select CRYPTO_SHA1
	11	select TCG_TPM
	12	select TCG_TIS
	13	help
	14	The Trusted Computing Group(TCG) runtime Integrity
	15	Measurement Architecture(IMA) maintains a list of hash
	16	values of executables and other sensitive system files,
	17	as they are read or executed. If an attacker manages
	18	to change the contents of an important system file
	19	being measured, we can tell.
	20
	21	If your system has a TPM chip, then IMA also maintains
	22	an aggregate integrity value over this list inside the
	23	TPM hardware, so that the TPM can prove to a third party
	24	whether or not critical system files have been modified.
	25	Read <http://www.usenix.org/events/sec04/tech/sailer.html>
	26	to learn more about IMA.
	27	If unsure, say N.
	28
	29	config IMA_MEASURE_PCR_IDX
	30	int
	31	depends on IMA
	32	range 8 14
	33	default 10
	34	help
	35	IMA_MEASURE_PCR_IDX determines the TPM PCR register index
	36	that IMA uses to maintain the integrity aggregate of the
	37	measurement list. If unsure, use the default 10.
	38
	39	config IMA_AUDIT
	40	bool
	41	depends on IMA
	42	default y
	43	help
	44	This option adds a kernel parameter 'ima_audit', which
	45	allows informational auditing messages to be enabled
	46	at boot. If this option is selected, informational integrity
	47	auditing messages can be enabled with 'ima_audit=1' on
	48	the kernel command line.
	49