103115077SDeven Bowers# SPDX-License-Identifier: GPL-2.0-only 203115077SDeven Bowers# 303115077SDeven Bowers# Integrity Policy Enforcement (IPE) configuration 403115077SDeven Bowers# 503115077SDeven Bowers 603115077SDeven Bowersmenuconfig SECURITY_IPE 703115077SDeven Bowers bool "Integrity Policy Enforcement (IPE)" 8*f44554b5SDeven Bowers depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL 903115077SDeven Bowers select PKCS7_MESSAGE_PARSER 1003115077SDeven Bowers select SYSTEM_DATA_VERIFICATION 1103115077SDeven Bowers help 1203115077SDeven Bowers This option enables the Integrity Policy Enforcement LSM 1303115077SDeven Bowers allowing users to define a policy to enforce a trust-based access 1403115077SDeven Bowers control. A key feature of IPE is a customizable policy to allow 1503115077SDeven Bowers admins to reconfigure trust requirements on the fly. 1603115077SDeven Bowers 1703115077SDeven Bowers If unsure, answer N. 18