Changes in Kconfig

6dc7fce91041ec8d2f5e6fd589ee2962898d9f44 - crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3

Sat, 21 Mar 2026 05:09:26 +0100

crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3The kconfig options for generic crypto API modules have traditionally*not* had a "_GENERIC" suffix. Also, the "_GENERIC" suffix will makeeven less sense once the architecture-optimized SM3 code is moved intolib/crypto/ and the "sm3" crypto_shash is reimplemented on top of that.Thus, rename CRYPTO_SM3_GENERIC to CRYPTO_SM3.Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20260321040935.410034-4-ebiggers@kernel.orgSigned-off-by: Eric Biggers List of files: /linux/security/integrity/ima/Kconfig

0ad93987c9c10a3125a58da0f225241169f3271a - ima: make the kexec extra memory configurable

Tue, 22 Apr 2025 00:25:14 +0200

ima: make the kexec extra memory configurableThe extra memory allocated for carrying the IMA measurement list acrosskexec is hard-coded as half a PAGE. Make it configurable.Define a Kconfig option, IMA_KEXEC_EXTRA_MEMORY_KB, to configure theextra memory (in kb) to be allocated for IMA measurements added duringkexec soft reboot. Ensure the default value of the option is set suchthat extra half a page of memory for additional measurements is allocatedfor the additional measurements.Update ima_add_kexec_buffer() function to allocate memory based on theKconfig option value, rather than the currently hard-coded one.Suggested-by: Stefan Berger Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: Steven Chen Reviewed-by: Stefan Berger Acked-by: Baoquan He Tested-by: Stefan Berger # ppc64/kvmSigned-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

cd3cec0a02c7338ce2901c574f3935b8f6984aab - ima: Move to LSM infrastructure

Thu, 15 Feb 2024 11:31:08 +0100

ima: Move to LSM infrastructureMove hardcoded IMA function calls (not appraisal-specific functions) fromvarious places in the kernel to the LSM infrastructure, by introducing anew LSM named 'ima' (at the end of the LSM list and always enabled like'integrity').Having IMA before EVM in the Makefile is sufficient to preserve therelative order of the new 'ima' LSM in respect to the upcoming 'evm' LSM,and thus the order of IMA and EVM function calls as when they werehardcoded.Make moved functions as static (except ima_post_key_create_or_update(),which is not in ima_main.c), and register them as implementation of therespective hooks in the new function init_ima_lsm().Select CONFIG_SECURITY_PATH, to ensure that the path-based LSM hookpath_post_mknod is always available and ima_post_path_mknod() is alwaysexecuted to mark files as new, as before the move.A slight difference is that IMA and EVM functions registered for theinode_post_setattr, inode_post_removexattr, path_post_mknod,inode_post_create_tmpfile, inode_post_set_acl and inode_post_remove_aclwon't be executed for private inodes. Since those inodes are supposed to befs-internal, they should not be of interest to IMA or EVM. The S_PRIVATEflag is used for anonymous inodes, hugetlbfs, reiserfs xattrs, XFS scruband kernel-internal tmpfs files.Conditionally register ima_post_key_create_or_update() ifCONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. Also, conditionally registerima_kernel_module_request() if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled.Finally, add the LSM_ID_IMA case in lsm_list_modules_test.c.Signed-off-by: Roberto Sassu Acked-by: Chuck Lever Acked-by: Casey Schaufler Acked-by: Christian Brauner Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Acked-by: Mimi Zohar Signed-off-by: Paul Moore List of files: /linux/security/integrity/ima/Kconfig

f17167bea279d07314ee2629e7ce2dd5a754fec7 - ima: Remove EXPERIMENTAL from Kconfig

Tue, 07 Nov 2023 00:06:26 +0100

ima: Remove EXPERIMENTAL from KconfigRemove the EXPERIMENTAL from theIMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY Kconfignow that digitalSignature usage enforcement is set.Signed-off-by: Eric Snowberg link: https://lore.kernel.org/all/20230508220708.2888510-4-eric.snowberg@oracle.com/Acked-by: Jarkko Sakkinen Reviewed-by: Mimi Zohar Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

bdf1abd17ed209ccbb24f15002f32ef21145da91 - ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY

Tue, 07 Nov 2023 00:06:25 +0100

ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARYWhen the machine keyring is enabled, it may be used as a trust sourcefor the .ima keyring. Add a reference to this inIMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY.Signed-off-by: Eric Snowberg Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

91e326563ee34509c35267808a4b1b3ea3db62a8 - ima: rework CONFIG_IMA dependency block

Wed, 27 Sep 2023 09:22:14 +0200

ima: rework CONFIG_IMA dependency blockChanging the direct dependencies of IMA_BLACKLIST_KEYRING andIMA_LOAD_X509 caused them to no longer depend on IMA, but aa configuration without IMA results in link failures:arm-linux-gnueabi-ld: security/integrity/iint.o: in function `integrity_load_keys':iint.c:(.init.text+0xd8): undefined reference to `ima_load_x509'aarch64-linux-ld: security/integrity/digsig_asymmetric.o: in function `asymmetric_verify':digsig_asymmetric.c:(.text+0x104): undefined reference to `ima_blacklist_keyring'Adding explicit dependencies on IMA would fix this, but a more reliableway to do this is to enclose the entire Kconfig file in an 'if IMA' block.This also allows removing the existing direct dependencies.Fixes: be210c6d3597f ("ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig")Signed-off-by: Arnd Bergmann Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

be210c6d3597faf330cb9af33b9f1591d7b2a983 - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig

Thu, 21 Sep 2023 08:45:05 +0200

ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigThe removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509and IMA_BLACKLIST_KEYRING unavailable because the lattertwo depend on the former. Since IMA_TRUSTED_KEYRING wasdeprecated in favor of INTEGRITY_TRUSTED_KEYRING use itas a dependency for the two Kconfigs affected by thedeprecation.Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")Signed-off-by: Oleksandr Tymoshenko Reviewed-by: Nayna Jain Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

1a35914f738c564060a14388f52a06669b09e0b3 - Merge tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Wed, 30 Aug 2023 18:16:56 +0200

Merge tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrityPull integrity subsystem updates from Mimi Zohar: - With commit 099f26f22f58 ("integrity: machine keyring CA configuration") certificates may be loaded onto the IMA keyring, directly or indirectly signed by keys on either the "builtin" or the "machine" keyrings. With the ability for the system/machine owner to sign the IMA policy itself without needing to recompile the kernel, update the IMA architecture specific policy rules to require the IMA policy itself be signed. [ As commit 099f26f22f58 was upstreamed in linux-6.4, updating the IMA architecture specific policy now to require signed IMA policies may break userspace expectations. ] - IMA only checked the file data hash was not on the system blacklist keyring for files with an appended signature (e.g. kernel modules, Power kernel image). Check all file data hashes regardless of how it was signed - Code cleanup, and a kernel-doc update* tag 'integrity-v6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: kexec_lock: Replace kexec_mutex() by kexec_lock() in two comments ima: require signed IMA policy when UEFI secure boot is enabled integrity: Always reference the blacklist keyring with appraisal ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig List of files: /linux/security/integrity/ima/Kconfig

90f6f691a706754e33d2d0c6fa2e1dacedb477f6 - integrity: Enforce digitalSignature usage in the ima and evm keyrings

Tue, 23 May 2023 01:09:43 +0200

integrity: Enforce digitalSignature usage in the ima and evm keyringsAfter being vouched for by a system keyring, only allow keys into the .imaand .evm keyrings that have the digitalSignature usage field set.Link: https://lore.kernel.org/all/41dffdaeb7eb7840f7e38bc691fbda836635c9f9.camel@linux.ibm.comSuggested-by: Mimi Zohar Signed-off-by: Eric Snowberg Acked-and-tested-by: Mimi Zohar Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen List of files: /linux/security/integrity/ima/Kconfig

5087fd9e80e539d2163accd045b73da64de7de95 - ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig

Tue, 11 Jul 2023 18:44:47 +0200

ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigTime to remove "IMA_TRUSTED_KEYRING".Fixes: f4dc37785e9b ("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+Signed-off-by: Nayna Jain Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

644f17412f5acf01a19af9d04a921937a2bc86c6 - IMA: allow/fix UML builds

Fri, 24 Feb 2023 04:27:03 +0100

IMA: allow/fix UML buildsUML supports HAS_IOMEM since 0bbadafdc49d (um: allow disablingNO_IOMEM).Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'ld: security/integrity/ima/ima_init.o: in function `ima_init':ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEMis set, regardless of the UML Kconfig setting.This updates TCG_TPM from =m to =y and fixes the linker errors.Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")Cc: Stable # v5.14+Signed-off-by: Randy Dunlap Cc: Fabio Estevam Cc: Richard Weinberger Cc: Anton Ivanov Cc: Johannes Berg Cc: linux-um@lists.infradead.orgSigned-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

b6018af440a07bd0d74b58c4e18045f4a8dbfe6b - ima: Fix hash dependency to correct algorithm

Fri, 25 Nov 2022 13:18:40 +0100

ima: Fix hash dependency to correct algorithmCommit d2825fa9365d ("crypto: sm3,sm4 - move into crypto directory") movesthe SM3 and SM4 stand-alone library and the algorithm implementation forthe Crypto API into the same directory, and the corresponding relationshipof Kconfig is modified, CONFIG_CRYPTO_SM3/4 corresponds to the stand-alonelibrary of SM3/4, and CONFIG_CRYPTO_SM3/4_GENERIC corresponds to thealgorithm implementation for the Crypto API. Therefore, it is necessaryfor this module to depend on the correct algorithm.Fixes: d2825fa9365d ("crypto: sm3,sm4 - move into crypto directory")Cc: Jason A. Donenfeld Cc: stable@vger.kernel.org # v5.19+Signed-off-by: Tianjia Zhang Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

891163adf180bc369b2f11c9dfce6d2758d2a5bd - ima: remove the IMA_TEMPLATE Kconfig option

Thu, 07 Apr 2022 04:16:19 +0200

ima: remove the IMA_TEMPLATE Kconfig optionThe original 'ima' measurement list template contains a hash, definedas 20 bytes, and a null terminated pathname, limited to 255characters. Other measurement list templates permit both larger hashesand longer pathnames. When the "ima" template is configured as thedefault, a new measurement list template (ima_template=) must bespecified before specifying a larger hash algorithm (ima_hash=) on theboot command line.To avoid this boot command line ordering issue, remove the legacy "ima"template configuration option, allowing it to still be specified on theboot command line.The root cause of this issue is that during the processing of ima_hash,we would try to check whether the hash algorithm is compatible with thetemplate. If the template is not set at the moment we do the check, wecheck the algorithm against the configured default template. If thedefault template is "ima", then we reject any hash algorithm other thansha1 and md5.For example, if the compiled default template is "ima", and the defaultalgorithm is sha1 (which is the current default). In the cmdline, we putin "ima_hash=sha256 ima_template=ima-ng". The expected behavior would bethat ima starts with ima-ng as the template and sha256 as the hashalgorithm. However, during the processing of "ima_hash=","ima_template=" has not been processed yet, and hash_setup would checkthe configured hash algorithm against the compiled default: ima, andreject sha256. So at the end, the hash algorithm that is actually usedwill be sha1.With template "ima" removed from the configured default, we ensure thatthe default tempalte would at least be "ima-ng" which allows forbasically any hash algorithm.This change would not break the algorithm compatibility checks for IMA.Fixes: 4286587dccd43 ("ima: add Kconfig default measurement list template")Signed-off-by: GUO Zihua Cc: Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

8510505d55e194d3f6c9644c9f9d12c4f6b0395a - IMA: remove the dependency on CRYPTO_MD5

Mon, 16 Aug 2021 10:10:59 +0200

IMA: remove the dependency on CRYPTO_MD5MD5 is a weak digest algorithm that shouldn't be used for cryptographicoperation. It hinders the efficiency of a patch set that aims to limitthe digests allowed for the extended file attribute namely security.ima.MD5 is no longer a requirement for IMA, nor should it be used there.The sole place where we still use the MD5 algorithm inside IMA is settingthe ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5'parameter on the command line. With commit ab60368ab6a4 ("ima: Fallbackto the builtin hash algorithm"), setting "ima_hash=md5" fails gracefullywhen CRYPTO_MD5 is not set: ima: Can not allocate md5 (reason: -2) ima: Allocating md5 failed, going to use default hash algorithm sha256Remove the CRYPTO_MD5 dependency for IMA.Signed-off-by: THOBY Simon Reviewed-by: Lakshmi Ramasubramanian [zohar@linux.ibm.com: include commit number in patch description forstable.]Cc: stable@vger.kernel.org # 4.17Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

52c208397c246f0c31d031eb8c41f9c7e9fdec0e - IMA: support for duplicate measurement records

Mon, 10 May 2021 21:09:39 +0200

IMA: support for duplicate measurement recordsIMA measures contents of a given file/buffer/critical-data record,and properly re-measures it on change. However, IMA does not measurethe duplicate value for a given record, since TPM extend is a veryexpensive operation. For example, if the record changes from value'v#1' to 'v#2', and then back to 'v#1', IMA will not measure and logthe last change to 'v#1', since the hash of 'v#1' for that record isalready present in the IMA htable. This limits the ability of anexternal attestation service to accurately determine the current stateof the system. The service would incorrectly conclude that the latestvalue of the given record on the system is 'v#2', and act accordingly.Define and use a new Kconfig option IMA_DISABLE_HTABLE to permitduplicate records in the IMA measurement list.In addition to the duplicate measurement records described above,other duplicate file measurement records may be included in the log,when CONFIG_IMA_DISABLE_HTABLE is enabled. For example, - i_version is not enabled, - i_generation changed, - same file present on different filesystems, - an inode is evicted from dcacheSigned-off-by: Tushar Sugandhi Reviewed-by: Petr Vorel [zohar@linux.ibm.com: updated list of duplicate measurement records]Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

ce13266d97b198934e86166491bfa4938e96508f - Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Tue, 11 Aug 2020 23:30:36 +0200

Merge tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-securityPull security subsystem updates from James Morris: "A couple of minor documentation updates only for this release"* tag 'for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: LSM: drop duplicated words in header file comments Replace HTTP links with HTTPS ones: security List of files: /linux/security/integrity/ima/Kconfig

c9fecf505a3421752a598227f8ef895e97966c4b - Replace HTTP links with HTTPS ones: security

Sun, 05 Jul 2020 23:45:12 +0200

Replace HTTP links with HTTPS ones: securityRationale:Reduces attack surface on kernel devs opening the links for MITMas HTTPS traffic is much harder to manipulate.Deterministic algorithm:For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS.Signed-off-by: Alexander A. Klimov Acked-by: John Johansen Signed-off-by: James Morris List of files: /linux/security/integrity/ima/Kconfig

311aa6aafea446c2f954cc19d66425bfed8c4b0b - ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime

Mon, 13 Jul 2020 18:48:30 +0200

ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtimeThe IMA_APPRAISE_BOOTPARAM config allows enabling different "ima_appraise="modes - log, fix, enforce - at run time, but not when IMA architecturespecific policies are enabled. This prevents properly labeling thefilesystem on systems where secure boot is supported, but not enabled on theplatform. Only when secure boot is actually enabled should these IMAappraise modes be disabled.This patch removes the compile time dependency and makes it a runtimedecision, based on the secure boot state of that platform.Test results as follows:-> x86-64 with secure boot enabled[ 0.015637] Kernel command line: <...> ima_policy=appraise_tcb ima_appraise=fix[ 0.015668] ima: Secure boot enabled: ignoring ima_appraise=fix boot parameter option-> powerpc with secure boot disabled[ 0.000000] Kernel command line: <...> ima_policy=appraise_tcb ima_appraise=fix[ 0.000000] Secure boot mode disabled-> Running the system without secure boot and with both options set:CONFIG_IMA_APPRAISE_BOOTPARAM=yCONFIG_IMA_ARCH_POLICY=yAudit prompts "missing-hash" but still allow execution and, consequently,filesystem labeling:type=INTEGRITY_DATA msg=audit(07/09/2020 12:30:27.778:1691) : pid=4976uid=root auid=root ses=2subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=appraise_datacause=missing-hash comm=bash name=/usr/bin/evmctl dev="dm-0" ino=493150res=noCc: stable@vger.kernel.orgFixes: d958083a8f64 ("x86/ima: define arch_get_ima_policy() for x86")Signed-off-by: Bruno Meneguele Cc: stable@vger.kernel.org # 5.0Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

1768215a650c612e7e68e779cfb50a8b55c2cf40 - ima: AppArmor satisfies the audit rule requirements

Wed, 24 Jun 2020 01:38:23 +0200

ima: AppArmor satisfies the audit rule requirementsAppArmor meets all the requirements for IMA in terms of audit rulessince commit e79c26d04043 ("apparmor: Add support for audit rulefiltering"). Update IMA's Kconfig section for CONFIG_IMA_LSM_RULES toreflect this.Fixes: e79c26d04043 ("apparmor: Add support for audit rule filtering")Signed-off-by: Tyler Hicks Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig

9e2b4be377f0d715d9d910507890f9620cc22a9d - ima: add a new CONFIG for loading arch-specific policies

Mon, 09 Mar 2020 01:57:51 +0100

ima: add a new CONFIG for loading arch-specific policiesEvery time a new architecture defines the IMA architecture specificfunctions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMAinclude file needs to be updated. To avoid this "noise", this patchdefines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowingthe different architectures to select it.Suggested-by: Linus Torvalds Signed-off-by: Nayna Jain Acked-by: Ard Biesheuvel Acked-by: Philipp Rudo (s390)Acked-by: Michael Ellerman (powerpc)Signed-off-by: Mimi Zohar List of files: /linux/security/integrity/ima/Kconfig