에프에이리눅스 / fullcycle-jenkins-joy

Blame view

kernel/linux-rt-4.4.41/security/integrity/Kconfig 2.01 KB
edit raw normal view history
5113f6f70   김현기   kernel add 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
  #
  config INTEGRITY
  	bool "Integrity subsystem"
  	depends on SECURITY
  	default y
  	help
  	  This option enables the integrity subsystem, which is comprised
  	  of a number of different components including the Integrity
  	  Measurement Architecture (IMA), Extended Verification Module
  	  (EVM), IMA-appraisal extension, digital signature verification
  	  extension and audit measurement log support.
  
  	  Each of these components can be enabled/disabled separately.
  	  Refer to the individual components for additional details.
  
  if INTEGRITY
  
  config INTEGRITY_SIGNATURE
  	bool "Digital signature verification using multiple keyrings"
  	depends on KEYS
  	default n
  	select SIGNATURE
  	help
  	  This option enables digital signature verification support
  	  using multiple keyrings. It defines separate keyrings for each
  	  of the different use cases - evm, ima, and modules.
  	  Different keyrings improves search performance, but also allow
  	  to "lock" certain keyring to prevent adding new keys.
  	  This is useful for evm and module keyrings, when keys are
  	  usually only added from initramfs.
  
  config INTEGRITY_ASYMMETRIC_KEYS
  	bool "Enable asymmetric keys support"
  	depends on INTEGRITY_SIGNATURE
  	default n
          select ASYMMETRIC_KEY_TYPE
          select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
          select PUBLIC_KEY_ALGO_RSA
          select X509_CERTIFICATE_PARSER
  	help
  	  This option enables digital signature verification using
  	  asymmetric keys.
  
  config INTEGRITY_AUDIT
  	bool "Enables integrity auditing support "
  	depends on AUDIT
  	default y
  	help
  	  In addition to enabling integrity auditing support, this
  	  option adds a kernel parameter 'integrity_audit', which
  	  controls the level of integrity auditing messages.
  	  0 - basic integrity auditing messages (default)
  	  1 - additional integrity auditing messages
  
  	  Additional informational integrity auditing messages would
  	  be enabled by specifying 'integrity_audit=1' on the kernel
  	  command line.
  
  source security/integrity/ima/Kconfig
  source security/integrity/evm/Kconfig
  
  endif   # if INTEGRITY