Kconfig - OpenGrok cross reference for /linux/security/integrity/ima/Kconfig

Lines Matching +full:kernel +full:- +full:policy
1 # SPDX-License-Identifier: GPL-2.0-only
42 	   running kernel must be saved and restored on boot.
44 	   Depending on the IMA policy, the measurement list can grow to
61 	  Disabling this option will disregard LSM based policy rules.
71 	  limited to 255 characters.  The 'ima-ng' measurement list
77 		bool "ima-ng (default)"
79 		bool "ima-sig"
84 	default "ima-ng" if IMA_NG_TEMPLATE
85 	default "ima-sig" if IMA_SIG_TEMPLATE
93 	   hash algorithm can be overwritten using the kernel command
126 	bool "Enable multiple writes to the IMA policy"
129 	  IMA policy can now be updated multiple times.  The new rules get
130 	  appended to the original policy.  Have in mind that the rules are
136 	bool "Enable reading back the current IMA policy"
140 	   It is often useful to be able to read back the IMA policy.  It is
142 	   This option allows the root user to see the current policy rules.
155 	  <http://linux-ima.sourceforge.net>
159         bool "Enable loading an IMA architecture specific policy"
164           This option enables loading an IMA architecture specific policy
168 	bool "IMA build time configured policy rules"
172 	  This option defines an IMA appraisal policy at build time, which
174 	  policy name on the boot command line.  The build time appraisal
175 	  policy rules persist after loading a custom policy.
177 	  Depending on the rules configured, this policy may require kernel
178 	  modules, firmware, the kexec kernel image, and/or the IMA policy
187 	  This option defines a policy requiring all firmware to be signed,
193 	bool "Appraise kexec kernel image signatures"
197 	  Enabling this rule will require all kexec'ed kernel images to
201 	  Kernel image signatures can not be verified by the original
206 	bool "Appraise kernel modules signatures"
210 	  Enabling this rule will require all kernel modules to be signed
213 	  Kernel module signatures can only be verified by IMA-appraisal,
218 	bool "Appraise IMA policy signature"
222 	  Enabling this rule will require the IMA policy to be signed and
234 	bool "Support module-style signatures for appraisal"
242 	   appended signature is the same used for signed kernel modules.
243 	   The modsig keyword can be used in the IMA policy to allow a hook
247 	bool "Permit keys validly signed by a built-in, machine (if configured) or secondary"
255 	  key is validly signed by a CA cert in the system built-in,
259 	  Intermediate keys between those the kernel has compiled in and the
262 	  built-in, machine (if configured) or secondary trusted keyrings.
284 	   loading from the kernel onto the '.ima' trusted keyring.
294 	bool "Require signed user-space initialization"
298 	   This option requires user-space init to be signed.