summaryrefslogtreecommitdiff
path: root/security/integrity/Kconfig
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2011-11-18 18:21:31 +1100
committerJames Morris <jmorris@namei.org>2011-11-18 18:21:31 +1100
commit4e2c5b28f8086cd2f678ade0ea21d8c3cc058c53 (patch)
tree789fbdac68279765ade21c576bb22b77a5c112bc /security/integrity/Kconfig
parent8077e8b059232f23fe51fdc42868dcd8ba293549 (diff)
parent15647eb3985ef30dfd657038924dc85c03026733 (diff)
Merge branch 'next-evm-digsig' of git://git.kernel.org/pub/scm/linux/kernel/git/kasatkin/linux-digsig into next
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r--security/integrity/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf7937..d87fa2a8fa3b 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
def_bool y
depends on IMA || EVM
+config INTEGRITY_DIGSIG
+ boolean "Digital signature verification using multiple keyrings"
+ depends on INTEGRITY
+ default n
+ select DIGSIG
+ help
+ This option enables digital signature verification support
+ using multiple keyrings. It defines separate keyrings for each
+ of the different use cases - evm, ima, and modules.
+ Different keyrings improves search performance, but also allow
+ to "lock" certain keyring to prevent adding new keys.
+ This is useful for evm and module keyrings, when keys are
+ usually only added from initramfs.
+
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig
generated by cgit (git 2.34.1) at 2024-06-13 20:45:38 +0000