1*03115077SDeven Bowers# SPDX-License-Identifier: GPL-2.0-only 2*03115077SDeven Bowers# 3*03115077SDeven Bowers# Integrity Policy Enforcement (IPE) configuration 4*03115077SDeven Bowers# 5*03115077SDeven Bowers 6*03115077SDeven Bowersmenuconfig SECURITY_IPE 7*03115077SDeven Bowers bool "Integrity Policy Enforcement (IPE)" 8*03115077SDeven Bowers depends on SECURITY && SECURITYFS 9*03115077SDeven Bowers select PKCS7_MESSAGE_PARSER 10*03115077SDeven Bowers select SYSTEM_DATA_VERIFICATION 11*03115077SDeven Bowers help 12*03115077SDeven Bowers This option enables the Integrity Policy Enforcement LSM 13*03115077SDeven Bowers allowing users to define a policy to enforce a trust-based access 14*03115077SDeven Bowers control. A key feature of IPE is a customizable policy to allow 15*03115077SDeven Bowers admins to reconfigure trust requirements on the fly. 16*03115077SDeven Bowers 17*03115077SDeven Bowers If unsure, answer N. 18