From 9ca8dbcc65cfc63d6f5ef3312a33184e1d726e00 Mon Sep 17 00:00:00 2001 From: Yunhong Jiang Date: Tue, 4 Aug 2015 12:17:53 -0700 Subject: Add the rt linux 4.1.3-rt3 as base Import the rt linux 4.1.3-rt3 as OPNFV kvm base. It's from git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git linux-4.1.y-rt and the base is: commit 0917f823c59692d751951bf5ea699a2d1e2f26a2 Author: Sebastian Andrzej Siewior Date: Sat Jul 25 12:13:34 2015 +0200 Prepare v4.1.3-rt3 Signed-off-by: Sebastian Andrzej Siewior We lose all the git history this way and it's not good. We should apply another opnfv project repo in future. Change-Id: I87543d81c9df70d99c5001fbdf646b202c19f423 Signed-off-by: Yunhong Jiang --- kernel/security/integrity/Kconfig | 62 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 kernel/security/integrity/Kconfig (limited to 'kernel/security/integrity/Kconfig') diff --git a/kernel/security/integrity/Kconfig b/kernel/security/integrity/Kconfig new file mode 100644 index 000000000..73c457bf5 --- /dev/null +++ b/kernel/security/integrity/Kconfig @@ -0,0 +1,62 @@ +# +config INTEGRITY + bool "Integrity subsystem" + depends on SECURITY + default y + help + This option enables the integrity subsystem, which is comprised + of a number of different components including the Integrity + Measurement Architecture (IMA), Extended Verification Module + (EVM), IMA-appraisal extension, digital signature verification + extension and audit measurement log support. + + Each of these components can be enabled/disabled separately. + Refer to the individual components for additional details. + +if INTEGRITY + +config INTEGRITY_SIGNATURE + bool "Digital signature verification using multiple keyrings" + depends on KEYS + default n + select SIGNATURE + help + This option enables digital signature verification support + using multiple keyrings. It defines separate keyrings for each + of the different use cases - evm, ima, and modules. + Different keyrings improves search performance, but also allow + to "lock" certain keyring to prevent adding new keys. + This is useful for evm and module keyrings, when keys are + usually only added from initramfs. + +config INTEGRITY_ASYMMETRIC_KEYS + bool "Enable asymmetric keys support" + depends on INTEGRITY_SIGNATURE + default n + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select PUBLIC_KEY_ALGO_RSA + select X509_CERTIFICATE_PARSER + help + This option enables digital signature verification using + asymmetric keys. + +config INTEGRITY_AUDIT + bool "Enables integrity auditing support " + depends on AUDIT + default y + help + In addition to enabling integrity auditing support, this + option adds a kernel parameter 'integrity_audit', which + controls the level of integrity auditing messages. + 0 - basic integrity auditing messages (default) + 1 - additional integrity auditing messages + + Additional informational integrity auditing messages would + be enabled by specifying 'integrity_audit=1' on the kernel + command line. + +source security/integrity/ima/Kconfig +source security/integrity/evm/Kconfig + +endif # if INTEGRITY -- cgit 1.2.3-korg