1# IBM Integrity Measurement Architecture 2# 3config IMA 4 bool "Integrity Measurement Architecture(IMA)" 5 depends on SECURITY 6 select INTEGRITY 7 select SECURITYFS 8 select CRYPTO 9 select CRYPTO_HMAC 10 select CRYPTO_MD5 11 select CRYPTO_SHA1 12 select TCG_TPM if HAS_IOMEM && !UML 13 select TCG_TIS if TCG_TPM && X86 14 select TCG_IBMVTPM if TCG_TPM && PPC64 15 help 16 The Trusted Computing Group(TCG) runtime Integrity 17 Measurement Architecture(IMA) maintains a list of hash 18 values of executables and other sensitive system files, 19 as they are read or executed. If an attacker manages 20 to change the contents of an important system file 21 being measured, we can tell. 22 23 If your system has a TPM chip, then IMA also maintains 24 an aggregate integrity value over this list inside the 25 TPM hardware, so that the TPM can prove to a third party 26 whether or not critical system files have been modified. 27 Read <http://www.usenix.org/events/sec04/tech/sailer.html> 28 to learn more about IMA. 29 If unsure, say N. 30 31config IMA_MEASURE_PCR_IDX 32 int 33 depends on IMA 34 range 8 14 35 default 10 36 help 37 IMA_MEASURE_PCR_IDX determines the TPM PCR register index 38 that IMA uses to maintain the integrity aggregate of the 39 measurement list. If unsure, use the default 10. 40 41config IMA_AUDIT 42 bool "Enables auditing support" 43 depends on IMA 44 depends on AUDIT 45 default y 46 help 47 This option adds a kernel parameter 'ima_audit', which 48 allows informational auditing messages to be enabled 49 at boot. If this option is selected, informational integrity 50 auditing messages can be enabled with 'ima_audit=1' on 51 the kernel command line. 52 53config IMA_LSM_RULES 54 bool 55 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK) 56 default y 57 help 58 Disabling this option will disregard LSM based policy rules. 59