Kconfig (762f99f4f3cb41a775b5157dd761217beba65873) Kconfig (891163adf180bc369b2f11c9dfce6d2758d2a5bd)
1# SPDX-License-Identifier: GPL-2.0-only
2# IBM Integrity Measurement Architecture
3#
4config IMA
5 bool "Integrity Measurement Architecture(IMA)"
6 select SECURITYFS
7 select CRYPTO
8 select CRYPTO_HMAC

--- 55 unchanged lines hidden (view full) ---

64 depends on IMA
65 help
66 Select the default IMA measurement template.
67
68 The original 'ima' measurement list template contains a
69 hash, defined as 20 bytes, and a null terminated pathname,
70 limited to 255 characters. The 'ima-ng' measurement list
71 template permits both larger hash digests and longer
1# SPDX-License-Identifier: GPL-2.0-only
2# IBM Integrity Measurement Architecture
3#
4config IMA
5 bool "Integrity Measurement Architecture(IMA)"
6 select SECURITYFS
7 select CRYPTO
8 select CRYPTO_HMAC

--- 55 unchanged lines hidden (view full) ---

64 depends on IMA
65 help
66 Select the default IMA measurement template.
67
68 The original 'ima' measurement list template contains a
69 hash, defined as 20 bytes, and a null terminated pathname,
70 limited to 255 characters. The 'ima-ng' measurement list
71 template permits both larger hash digests and longer
72 pathnames.
72 pathnames. The configured default template can be replaced
73 by specifying "ima_template=" on the boot command line.
73
74
74 config IMA_TEMPLATE
75 bool "ima"
76 config IMA_NG_TEMPLATE
77 bool "ima-ng (default)"
78 config IMA_SIG_TEMPLATE
79 bool "ima-sig"
80endchoice
81
82config IMA_DEFAULT_TEMPLATE
83 string
84 depends on IMA
75 config IMA_NG_TEMPLATE
76 bool "ima-ng (default)"
77 config IMA_SIG_TEMPLATE
78 bool "ima-sig"
79endchoice
80
81config IMA_DEFAULT_TEMPLATE
82 string
83 depends on IMA
85 default "ima" if IMA_TEMPLATE
86 default "ima-ng" if IMA_NG_TEMPLATE
87 default "ima-sig" if IMA_SIG_TEMPLATE
88
89choice
90 prompt "Default integrity hash algorithm"
91 default IMA_DEFAULT_HASH_SHA1
92 depends on IMA
93 help
94 Select the default hash algorithm used for the measurement
95 list, integrity appraisal and audit log. The compiled default
96 hash algorithm can be overwritten using the kernel command
97 line 'ima_hash=' option.
98
99 config IMA_DEFAULT_HASH_SHA1
100 bool "SHA1 (default)"
101 depends on CRYPTO_SHA1=y
102
103 config IMA_DEFAULT_HASH_SHA256
104 bool "SHA256"
84 default "ima-ng" if IMA_NG_TEMPLATE
85 default "ima-sig" if IMA_SIG_TEMPLATE
86
87choice
88 prompt "Default integrity hash algorithm"
89 default IMA_DEFAULT_HASH_SHA1
90 depends on IMA
91 help
92 Select the default hash algorithm used for the measurement
93 list, integrity appraisal and audit log. The compiled default
94 hash algorithm can be overwritten using the kernel command
95 line 'ima_hash=' option.
96
97 config IMA_DEFAULT_HASH_SHA1
98 bool "SHA1 (default)"
99 depends on CRYPTO_SHA1=y
100
101 config IMA_DEFAULT_HASH_SHA256
102 bool "SHA256"
105 depends on CRYPTO_SHA256=y && !IMA_TEMPLATE
103 depends on CRYPTO_SHA256=y
106
107 config IMA_DEFAULT_HASH_SHA512
108 bool "SHA512"
104
105 config IMA_DEFAULT_HASH_SHA512
106 bool "SHA512"
109 depends on CRYPTO_SHA512=y && !IMA_TEMPLATE
107 depends on CRYPTO_SHA512=y
110
111 config IMA_DEFAULT_HASH_WP512
112 bool "WP512"
108
109 config IMA_DEFAULT_HASH_WP512
110 bool "WP512"
113 depends on CRYPTO_WP512=y && !IMA_TEMPLATE
111 depends on CRYPTO_WP512=y
114
115 config IMA_DEFAULT_HASH_SM3
116 bool "SM3"
112
113 config IMA_DEFAULT_HASH_SM3
114 bool "SM3"
117 depends on CRYPTO_SM3=y && !IMA_TEMPLATE
115 depends on CRYPTO_SM3=y
118endchoice
119
120config IMA_DEFAULT_HASH
121 string
122 depends on IMA
123 default "sha1" if IMA_DEFAULT_HASH_SHA1
124 default "sha256" if IMA_DEFAULT_HASH_SHA256
125 default "sha512" if IMA_DEFAULT_HASH_SHA512

--- 217 unchanged lines hidden --- 		116endchoice
117
118config IMA_DEFAULT_HASH
119 string
120 depends on IMA
121 default "sha1" if IMA_DEFAULT_HASH_SHA1
122 default "sha256" if IMA_DEFAULT_HASH_SHA256
123 default "sha512" if IMA_DEFAULT_HASH_SHA512

--- 217 unchanged lines hidden ---