|
@@ -17,6 +17,18 @@ config INTEGRITY_SIGNATURE
|
|
|
This is useful for evm and module keyrings, when keys are
|
|
This is useful for evm and module keyrings, when keys are
|
|
|
usually only added from initramfs.
|
|
usually only added from initramfs.
|
|
|
|
|
|
|
|
|
|
+config INTEGRITY_ASYMMETRIC_KEYS
|
|
|
|
|
+ boolean "Enable asymmetric keys support"
|
|
|
|
|
+ depends on INTEGRITY_SIGNATURE
|
|
|
|
|
+ default n
|
|
|
|
|
+ select ASYMMETRIC_KEY_TYPE
|
|
|
|
|
+ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
|
|
|
+ select PUBLIC_KEY_ALGO_RSA
|
|
|
|
|
+ select X509_CERTIFICATE_PARSER
|
|
|
|
|
+ help
|
|
|
|
|
+ This option enables digital signature verification using
|
|
|
|
|
+ asymmetric keys.
|
|
|
|
|
+
|
|
|
config INTEGRITY_AUDIT
|
|
config INTEGRITY_AUDIT
|
|
|
bool "Enables integrity auditing support "
|
|
bool "Enables integrity auditing support "
|
|
|
depends on INTEGRITY && AUDIT
|
|
depends on INTEGRITY && AUDIT
|
|
@@ -32,17 +44,5 @@ config INTEGRITY_AUDIT
|
|
|
be enabled by specifying 'integrity_audit=1' on the kernel
|
|
be enabled by specifying 'integrity_audit=1' on the kernel
|
|
|
command line.
|
|
command line.
|
|
|
|
|
|
|
|
-config INTEGRITY_ASYMMETRIC_KEYS
|
|
|
|
|
- boolean "Enable asymmetric keys support"
|
|
|
|
|
- depends on INTEGRITY_SIGNATURE
|
|
|
|
|
- default n
|
|
|
|
|
- select ASYMMETRIC_KEY_TYPE
|
|
|
|
|
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
|
|
|
- select PUBLIC_KEY_ALGO_RSA
|
|
|
|
|
- select X509_CERTIFICATE_PARSER
|
|
|
|
|
- help
|
|
|
|
|
- This option enables digital signature verification using
|
|
|
|
|
- asymmetric keys.
|
|
|
|
|
-
|
|
|
|
|
source security/integrity/ima/Kconfig
|
|
source security/integrity/ima/Kconfig
|
|
|
source security/integrity/evm/Kconfig
|
|
source security/integrity/evm/Kconfig
|
Dmitry Kasatkin