| Kconfig (31f8c8682f30720be25e9b1021caa43c64e8d9ce) | Kconfig (ba199dc909a20fe62270ae4e93f263987bb9d119) |
|---|---|
| 1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Integrity Policy Enforcement (IPE) configuration 4# 5 6menuconfig SECURITY_IPE 7 bool "Integrity Policy Enforcement (IPE)" 8 depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL --- 7 unchanged lines hidden (view full) --- 16 This option enables the Integrity Policy Enforcement LSM 17 allowing users to define a policy to enforce a trust-based access 18 control. A key feature of IPE is a customizable policy to allow 19 admins to reconfigure trust requirements on the fly. 20 21 If unsure, answer N. 22 23if SECURITY_IPE | 1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Integrity Policy Enforcement (IPE) configuration 4# 5 6menuconfig SECURITY_IPE 7 bool "Integrity Policy Enforcement (IPE)" 8 depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL --- 7 unchanged lines hidden (view full) --- 16 This option enables the Integrity Policy Enforcement LSM 17 allowing users to define a policy to enforce a trust-based access 18 control. A key feature of IPE is a customizable policy to allow 19 admins to reconfigure trust requirements on the fly. 20 21 If unsure, answer N. 22 23if SECURITY_IPE |
| 24config IPE_BOOT_POLICY 25 string "Integrity policy to apply on system startup" 26 help 27 This option specifies a filepath to an IPE policy that is compiled 28 into the kernel. This policy will be enforced until a policy update 29 is deployed via the $securityfs/ipe/policies/$policy_name/active 30 interface. 31 32 If unsure, leave blank. 33 |
|
| 24menu "IPE Trust Providers" 25 26config IPE_PROP_DM_VERITY 27 bool "Enable support for dm-verity based on root hash" 28 depends on DM_VERITY 29 help 30 This option enables the 'dmverity_roothash' property within IPE 31 policies. The property evaluates to TRUE when a file from a dm-verity --- 39 unchanged lines hidden --- | 34menu "IPE Trust Providers" 35 36config IPE_PROP_DM_VERITY 37 bool "Enable support for dm-verity based on root hash" 38 depends on DM_VERITY 39 help 40 This option enables the 'dmverity_roothash' property within IPE 41 policies. The property evaluates to TRUE when a file from a dm-verity --- 39 unchanged lines hidden --- |