Home Explore Help
Register Sign In
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
CooCenter-Sy...
/
security
/
integrity
/
Kconfig

Kconfig 2.0 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #
    2. 

  2. config INTEGRITY
    3. 

  3. 	bool "Integrity subsystem"
    4. 

  4. 	depends on SECURITY
    5. 

  5. 	default y
    6. 

  6. 	help
    7. 

  7. 	  This option enables the integrity subsystem, which is comprised
    8. 

  8. 	  of a number of different components including the Integrity
    9. 

  9. 	  Measurement Architecture (IMA), Extended Verification Module
    10. 

  10. 	  (EVM), IMA-appraisal extension, digital signature verification
    11. 

  11. 	  extension and audit measurement log support.
    12. 

  12. 

  13. 	  Each of these components can be enabled/disabled separately.
    14. 

  14. 	  Refer to the individual components for additional details.
    15. 

  15. 

  16. if INTEGRITY
    17. 

  17. 

  18. config INTEGRITY_SIGNATURE
    19. 

  19. 	bool "Digital signature verification using multiple keyrings"
    20. 

  20. 	depends on KEYS
    21. 

  21. 	default n
    22. 

  22. 	select SIGNATURE
    23. 

  23. 	help
    24. 

  24. 	  This option enables digital signature verification support
    25. 

  25. 	  using multiple keyrings. It defines separate keyrings for each
    26. 

  26. 	  of the different use cases - evm, ima, and modules.
    27. 

  27. 	  Different keyrings improves search performance, but also allow
    28. 

  28. 	  to "lock" certain keyring to prevent adding new keys.
    29. 

  29. 	  This is useful for evm and module keyrings, when keys are
    30. 

  30. 	  usually only added from initramfs.
    31. 

  31. 

  32. config INTEGRITY_ASYMMETRIC_KEYS
    33. 

  33. 	bool "Enable asymmetric keys support"
    34. 

  34. 	depends on INTEGRITY_SIGNATURE
    35. 

  35. 	default n
    36. 

  36.         select ASYMMETRIC_KEY_TYPE
    37. 

  37.         select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
    38. 

  38.         select PUBLIC_KEY_ALGO_RSA
    39. 

  39.         select X509_CERTIFICATE_PARSER
    40. 

  40. 	help
    41. 

  41. 	  This option enables digital signature verification using
    42. 

  42. 	  asymmetric keys.
    43. 

  43. 

  44. config INTEGRITY_AUDIT
    45. 

  45. 	bool "Enables integrity auditing support "
    46. 

  46. 	depends on AUDIT
    47. 

  47. 	default y
    48. 

  48. 	help
    49. 

  49. 	  In addition to enabling integrity auditing support, this
    50. 

  50. 	  option adds a kernel parameter 'integrity_audit', which
    51. 

  51. 	  controls the level of integrity auditing messages.
    52. 

  52. 	  0 - basic integrity auditing messages (default)
    53. 

  53. 	  1 - additional integrity auditing messages
    54. 

  54. 

  55. 	  Additional informational integrity auditing messages would
    56. 

  56. 	  be enabled by specifying 'integrity_audit=1' on the kernel
    57. 

  57. 	  command line.
    58. 

  58. 

  59. source security/integrity/ima/Kconfig
    60. 

  60. source security/integrity/evm/Kconfig
    61. 

  61. 

  62. endif   # if INTEGRITY
    63.