diff options
author | H. Peter Anvin <hpa@linux.intel.com> | 2012-01-20 00:56:50 +0400 |
---|---|---|
committer | H. Peter Anvin <hpa@linux.intel.com> | 2012-01-20 00:56:50 +0400 |
commit | 282f445a779ed76fca9884fe377bf56a3088b208 (patch) | |
tree | d9abcf526baee0100672851e0a8894c19e762a39 /security/integrity/Kconfig | |
parent | 68f30fbee19cc67849b9fa8e153ede70758afe81 (diff) | |
parent | 90a4c0f51e8e44111a926be6f4c87af3938a79c3 (diff) | |
download | linux-282f445a779ed76fca9884fe377bf56a3088b208.tar.xz |
Merge remote-tracking branch 'linus/master' into x86/urgent
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r-- | security/integrity/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 4bf00acf7937..5bd1cc1b4a54 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -3,5 +3,19 @@ config INTEGRITY def_bool y depends on IMA || EVM +config INTEGRITY_SIGNATURE + boolean "Digital signature verification using multiple keyrings" + depends on INTEGRITY && KEYS + default n + select SIGNATURE + help + This option enables digital signature verification support + using multiple keyrings. It defines separate keyrings for each + of the different use cases - evm, ima, and modules. + Different keyrings improves search performance, but also allow + to "lock" certain keyring to prevent adding new keys. + This is useful for evm and module keyrings, when keys are + usually only added from initramfs. + source security/integrity/ima/Kconfig source security/integrity/evm/Kconfig |