Lines Matching +full:kernel +full:- +full:policy
1 # SPDX-License-Identifier: GPL-2.0-only
3 # Integrity Policy Enforcement (IPE) configuration
7 bool "Integrity Policy Enforcement (IPE)"
17 This option enables the Integrity Policy Enforcement LSM
18 allowing users to define a policy to enforce a trust-based access
19 control. A key feature of IPE is a customizable policy to allow
26 string "Integrity policy to apply on system startup"
28 This option specifies a filepath to an IPE policy that is compiled
29 into the kernel. This policy will be enforced until a policy update
36 bool "IPE policy update verification with secondary keyring"
40 Also allow the secondary trusted keyring to verify IPE policy
46 bool "IPE policy update verification with platform keyring"
50 Also allow the platform keyring to verify IPE policy updates.
57 bool "Enable support for dm-verity based on root hash"
61 policies. The property evaluates to TRUE when a file from a dm-verity
63 supplied in the policy.
66 bool "Enable support for dm-verity based on root hash signature"
70 policies. The property evaluates to TRUE when a file from a dm-verity
77 bool "Enable support for fs-verity based on file digest"
83 policy.
88 bool "Enable support for fs-verity based on builtin signature"
94 is in the .fs-verity keyring.
108 in TAP format (https://testanything.org/). Only useful for kernel devs
113 to the KUnit documentation in Documentation/dev-tools/kunit/.