Kconfig - OpenGrok cross reference for /linux/security/ipe/Kconfig

Lines Matching +full:on +full:- +full:the +full:- +full:fly
1 # SPDX-License-Identifier: GPL-2.0-only
8 	depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL
17 	  This option enables the Integrity Policy Enforcement LSM
18 	  allowing users to define a policy to enforce a trust-based access
20 	  admins to reconfigure trust requirements on the fly.
26 	string "Integrity policy to apply on system startup"
29 	  into the kernel. This policy will be enforced until a policy update
30 	  is deployed via the $securityfs/ipe/policies/$policy_name/active
38 	depends on SECONDARY_TRUSTED_KEYRING
40 	  Also allow the secondary trusted keyring to verify IPE policy
48 	depends on INTEGRITY_PLATFORM_KEYRING
50 	  Also allow the platform keyring to verify IPE policy updates.
57 	bool "Enable support for dm-verity based on root hash"
58 	depends on DM_VERITY
60 	  This option enables the 'dmverity_roothash' property within IPE
61 	  policies. The property evaluates to TRUE when a file from a dm-verity
62 	  volume is evaluated, and the volume's root hash matches the value
63 	  supplied in the policy.
66 	bool "Enable support for dm-verity based on root hash signature"
67 	depends on DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
69 	  This option enables the 'dmverity_signature' property within IPE
70 	  policies. The property evaluates to TRUE when a file from a dm-verity
77 	bool "Enable support for fs-verity based on file digest"
78 	depends on FS_VERITY
80 	  This option enables the 'fsverity_digest' property within IPE
81 	  policies. The property evaluates to TRUE when a file is fsverity
82 	  enabled and its digest matches the supplied digest value in the
88 	bool "Enable support for fs-verity based on builtin signature"
89 	depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
91 	  This option enables the 'fsverity_signature' property within IPE
92 	  policies. The property evaluates to TRUE when a file is fsverity
94 	  is in the .fs-verity keyring.
102 	depends on KUNIT=y
105 	  This builds the IPE KUnit tests.
107 	  KUnit tests run during boot and output the results to the debug log
112 	  For more information on KUnit and unit tests in general please refer
113 	  to the KUnit documentation in Documentation/dev-tools/kunit/.