| Kconfig (38d859f991f3a05b352a06f82af0baa1acf33e02) | Kconfig (41c89b64d7184a780f12f2cccdabe65cb2408893) |
|---|---|
| 1# IBM Integrity Measurement Architecture 2# 3config IMA 4 bool "Integrity Measurement Architecture(IMA)" 5 select SECURITYFS 6 select CRYPTO 7 select CRYPTO_HMAC 8 select CRYPTO_MD5 --- 131 unchanged lines hidden (view full) --- 140 select INTEGRITY_TRUSTED_KEYRING 141 default y 142 help 143 This option requires that all keys added to the .ima 144 keyring be signed by a key on the system trusted keyring. 145 146 This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING 147 | 1# IBM Integrity Measurement Architecture 2# 3config IMA 4 bool "Integrity Measurement Architecture(IMA)" 5 select SECURITYFS 6 select CRYPTO 7 select CRYPTO_HMAC 8 select CRYPTO_MD5 --- 131 unchanged lines hidden (view full) --- 140 select INTEGRITY_TRUSTED_KEYRING 141 default y 142 help 143 This option requires that all keys added to the .ima 144 keyring be signed by a key on the system trusted keyring. 145 146 This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING 147 |
| 148config IMA_MOK_KEYRING 149 bool "Create IMA machine owner keys (MOK) and blacklist keyrings" 150 depends on SYSTEM_TRUSTED_KEYRING 151 depends on IMA_TRUSTED_KEYRING 152 default n 153 help 154 This option creates IMA MOK and blacklist keyrings. IMA MOK is an 155 intermediate keyring that sits between .system and .ima keyrings, 156 effectively forming a simple CA hierarchy. To successfully import a 157 key into .ima_mok it must be signed by a key which CA is in .system 158 keyring. On turn any key that needs to go in .ima keyring must be 159 signed by CA in either .system or .ima_mok keyrings. IMA MOK is empty 160 at kernel boot. 161 162 IMA blacklist keyring contains all revoked IMA keys. It is consulted 163 before any other keyring. If the search is successful the requested 164 operation is rejected and error is returned to the caller. 165 |
|
| 148config IMA_LOAD_X509 149 bool "Load X509 certificate onto the '.ima' trusted keyring" 150 depends on IMA_TRUSTED_KEYRING 151 default n 152 help 153 File signature verification is based on the public keys 154 loaded on the .ima trusted keyring. These public keys are 155 X509 certificates signed by a trusted key on the --- 16 unchanged lines hidden --- | 166config IMA_LOAD_X509 167 bool "Load X509 certificate onto the '.ima' trusted keyring" 168 depends on IMA_TRUSTED_KEYRING 169 default n 170 help 171 File signature verification is based on the public keys 172 loaded on the .ima trusted keyring. These public keys are 173 X509 certificates signed by a trusted key on the --- 16 unchanged lines hidden --- |