xref: /linux/security/integrity/ima/Kconfig (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1# IBM Integrity Measurement Architecture
2#
3config IMA
4	bool "Integrity Measurement Architecture(IMA)"
5	depends on SECURITY
6	select INTEGRITY
7	select SECURITYFS
8	select CRYPTO
9	select CRYPTO_HMAC
10	select CRYPTO_MD5
11	select CRYPTO_SHA1
12	select CRYPTO_HASH_INFO
13	select TCG_TPM if HAS_IOMEM && !UML
14	select TCG_TIS if TCG_TPM && X86
15	select TCG_IBMVTPM if TCG_TPM && PPC64
16	help
17	  The Trusted Computing Group(TCG) runtime Integrity
18	  Measurement Architecture(IMA) maintains a list of hash
19	  values of executables and other sensitive system files,
20	  as they are read or executed. If an attacker manages
21	  to change the contents of an important system file
22	  being measured, we can tell.
23
24	  If your system has a TPM chip, then IMA also maintains
25	  an aggregate integrity value over this list inside the
26	  TPM hardware, so that the TPM can prove to a third party
27	  whether or not critical system files have been modified.
28	  Read <http://www.usenix.org/events/sec04/tech/sailer.html>
29	  to learn more about IMA.
30	  If unsure, say N.
31
32config IMA_MEASURE_PCR_IDX
33	int
34	depends on IMA
35	range 8 14
36	default 10
37	help
38	  IMA_MEASURE_PCR_IDX determines the TPM PCR register index
39	  that IMA uses to maintain the integrity aggregate of the
40	  measurement list.  If unsure, use the default 10.
41
42config IMA_LSM_RULES
43	bool
44	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
45	default y
46	help
47	  Disabling this option will disregard LSM based policy rules.
48
49choice
50	prompt "Default template"
51	default IMA_NG_TEMPLATE
52	depends on IMA
53	help
54	  Select the default IMA measurement template.
55
56	  The original 'ima' measurement list template contains a
57	  hash, defined as 20 bytes, and a null terminated pathname,
58	  limited to 255 characters.  The 'ima-ng' measurement list
59	  template permits both larger hash digests and longer
60	  pathnames.
61
62	config IMA_TEMPLATE
63		bool "ima"
64	config IMA_NG_TEMPLATE
65		bool "ima-ng (default)"
66	config IMA_SIG_TEMPLATE
67		bool "ima-sig"
68endchoice
69
70config IMA_DEFAULT_TEMPLATE
71	string
72	depends on IMA
73	default "ima" if IMA_TEMPLATE
74	default "ima-ng" if IMA_NG_TEMPLATE
75	default "ima-sig" if IMA_SIG_TEMPLATE
76
77choice
78	prompt "Default integrity hash algorithm"
79	default IMA_DEFAULT_HASH_SHA1
80	depends on IMA
81	help
82	   Select the default hash algorithm used for the measurement
83	   list, integrity appraisal and audit log.  The compiled default
84	   hash algorithm can be overwritten using the kernel command
85	   line 'ima_hash=' option.
86
87	config IMA_DEFAULT_HASH_SHA1
88		bool "SHA1 (default)"
89		depends on CRYPTO_SHA1
90
91	config IMA_DEFAULT_HASH_SHA256
92		bool "SHA256"
93		depends on CRYPTO_SHA256 && !IMA_TEMPLATE
94
95	config IMA_DEFAULT_HASH_SHA512
96		bool "SHA512"
97		depends on CRYPTO_SHA512 && !IMA_TEMPLATE
98
99	config IMA_DEFAULT_HASH_WP512
100		bool "WP512"
101		depends on CRYPTO_WP512 && !IMA_TEMPLATE
102endchoice
103
104config IMA_DEFAULT_HASH
105	string
106	depends on IMA
107	default "sha1" if IMA_DEFAULT_HASH_SHA1
108	default "sha256" if IMA_DEFAULT_HASH_SHA256
109	default "sha512" if IMA_DEFAULT_HASH_SHA512
110	default "wp512" if IMA_DEFAULT_HASH_WP512
111
112config IMA_APPRAISE
113	bool "Appraise integrity measurements"
114	depends on IMA
115	default n
116	help
117	  This option enables local measurement integrity appraisal.
118	  It requires the system to be labeled with a security extended
119	  attribute containing the file hash measurement.  To protect
120	  the security extended attributes from offline attack, enable
121	  and configure EVM.
122
123	  For more information on integrity appraisal refer to:
124	  <http://linux-ima.sourceforge.net>
125	  If unsure, say N.
126
127config IMA_TRUSTED_KEYRING
128	bool "Require all keys on the .ima keyring be signed"
129	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
130	depends on INTEGRITY_ASYMMETRIC_KEYS
131	select KEYS_DEBUG_PROC_KEYS
132	default y
133	help
134	   This option requires that all keys added to the .ima
135	   keyring be signed by a key on the system trusted keyring.
136