summaryrefslogtreecommitdiff
path: root/security/integrity/Kconfig
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-01-11 09:51:23 +0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-01-11 09:51:23 +0400
commite7691a1ce341c80ed9504244a36b31c025217391 (patch)
treee9941bb350f64a726130e299c411821da6f41a53 /security/integrity/Kconfig
parent5cd9599bba428762025db6027764f1c59d0b1e1b (diff)
parent8fcc99549522fc7a0bbaeb5755855ab0d9a59ce8 (diff)
downloadlinux-e7691a1ce341c80ed9504244a36b31c025217391.tar.xz
Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security
* 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: (32 commits) ima: fix invalid memory reference ima: free duplicate measurement memory security: update security_file_mmap() docs selinux: Casting (void *) value returned by kmalloc is useless apparmor: fix module parameter handling Security: tomoyo: add .gitignore file tomoyo: add missing rcu_dereference() apparmor: add missing rcu_dereference() evm: prevent racing during tfm allocation evm: key must be set once during initialization mpi/mpi-mpow: NULL dereference on allocation failure digsig: build dependency fix KEYS: Give key types their own lockdep class for key->sem TPM: fix transmit_cmd error logic TPM: NSC and TIS drivers X86 dependency fix TPM: Export wait_for_stat for other vendor specific drivers TPM: Use vendor specific function for status probe tpm_tis: add delay after aborting command tpm_tis: Check return code from getting timeouts/durations tpm: Introduce function to poll for result of self test ... Fix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI and SIGSIG next to CONFIG_DQL addition.
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r--security/integrity/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf7937..d384ea921482 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
def_bool y
depends on IMA || EVM
+config INTEGRITY_DIGSIG
+ boolean "Digital signature verification using multiple keyrings"
+ depends on INTEGRITY && KEYS
+ default n
+ select DIGSIG
+ help
+ This option enables digital signature verification support
+ using multiple keyrings. It defines separate keyrings for each
+ of the different use cases - evm, ima, and modules.
+ Different keyrings improves search performance, but also allow
+ to "lock" certain keyring to prevent adding new keys.
+ This is useful for evm and module keyrings, when keys are
+ usually only added from initramfs.
+
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig