mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-16 16:54:20 +08:00
8607c50147
Define separate keyrings for each of the different use cases - evm, ima, and modules. Using different keyrings improves search performance, and also allows "locking" specific keyring to prevent adding new keys. This is useful for evm and module keyrings, when keys are usually only added from initramfs. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
22 lines
681 B
Plaintext
22 lines
681 B
Plaintext
#
|
|
config INTEGRITY
|
|
def_bool y
|
|
depends on IMA || EVM
|
|
|
|
config INTEGRITY_DIGSIG
|
|
boolean "Digital signature verification using multiple keyrings"
|
|
depends on INTEGRITY
|
|
default n
|
|
select DIGSIG
|
|
help
|
|
This option enables digital signature verification support
|
|
using multiple keyrings. It defines separate keyrings for each
|
|
of the different use cases - evm, ima, and modules.
|
|
Different keyrings improves search performance, but also allow
|
|
to "lock" certain keyring to prevent adding new keys.
|
|
This is useful for evm and module keyrings, when keys are
|
|
usually only added from initramfs.
|
|
|
|
source security/integrity/ima/Kconfig
|
|
source security/integrity/evm/Kconfig
|