Code Review / kvmfornfv.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Add the rt linux 4.1.3-rt3 as base
[kvmfornfv.git] / kernel / security / integrity / Kconfig
diff --git a/kernel/security/integrity/Kconfig b/kernel/security/integrity/Kconfig
new file mode 100644 (file)
index 0000000..73c457b
--- /dev/null
+++ b/kernel/security/integrity/Kconfig
@@ -0,0 +1,62 @@
+#
+config INTEGRITY
+       bool "Integrity subsystem"
+       depends on SECURITY
+       default y
+       help
+         This option enables the integrity subsystem, which is comprised
+         of a number of different components including the Integrity
+         Measurement Architecture (IMA), Extended Verification Module
+         (EVM), IMA-appraisal extension, digital signature verification
+         extension and audit measurement log support.
+
+         Each of these components can be enabled/disabled separately.
+         Refer to the individual components for additional details.
+
+if INTEGRITY
+
+config INTEGRITY_SIGNATURE
+       bool "Digital signature verification using multiple keyrings"
+       depends on KEYS
+       default n
+       select SIGNATURE
+       help
+         This option enables digital signature verification support
+         using multiple keyrings. It defines separate keyrings for each
+         of the different use cases - evm, ima, and modules.
+         Different keyrings improves search performance, but also allow
+         to "lock" certain keyring to prevent adding new keys.
+         This is useful for evm and module keyrings, when keys are
+         usually only added from initramfs.
+
+config INTEGRITY_ASYMMETRIC_KEYS
+       bool "Enable asymmetric keys support"
+       depends on INTEGRITY_SIGNATURE
+       default n
+        select ASYMMETRIC_KEY_TYPE
+        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+        select PUBLIC_KEY_ALGO_RSA
+        select X509_CERTIFICATE_PARSER
+       help
+         This option enables digital signature verification using
+         asymmetric keys.
+
+config INTEGRITY_AUDIT
+       bool "Enables integrity auditing support "
+       depends on AUDIT
+       default y
+       help
+         In addition to enabling integrity auditing support, this
+         option adds a kernel parameter 'integrity_audit', which
+         controls the level of integrity auditing messages.
+         0 - basic integrity auditing messages (default)
+         1 - additional integrity auditing messages
+
+         Additional informational integrity auditing messages would
+         be enabled by specifying 'integrity_audit=1' on the kernel
+         command line.
+
+source security/integrity/ima/Kconfig
+source security/integrity/evm/Kconfig
+
+endif   # if INTEGRITY