mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-16 16:54:20 +08:00
5e8898e97a
It was reported that DIGSIG is confusing name for digital signature module. It was suggested to rename DIGSIG to SIGNATURE. Requested-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: James Morris <jmorris@namei.org>
22 lines
692 B
Plaintext
22 lines
692 B
Plaintext
#
|
|
config INTEGRITY
|
|
def_bool y
|
|
depends on IMA || EVM
|
|
|
|
config INTEGRITY_DIGSIG
|
|
boolean "Digital signature verification using multiple keyrings"
|
|
depends on INTEGRITY && KEYS
|
|
default n
|
|
select SIGNATURE
|
|
help
|
|
This option enables digital signature verification support
|
|
using multiple keyrings. It defines separate keyrings for each
|
|
of the different use cases - evm, ima, and modules.
|
|
Different keyrings improves search performance, but also allow
|
|
to "lock" certain keyring to prevent adding new keys.
|
|
This is useful for evm and module keyrings, when keys are
|
|
usually only added from initramfs.
|
|
|
|
source security/integrity/ima/Kconfig
|
|
source security/integrity/evm/Kconfig
|