Merge remote-tracking branch 'linus/master' into x86/urgent

author: H. Peter Anvin <hpa@linux.intel.com> 2012-01-20 00:56:50 +0400
committer: H. Peter Anvin <hpa@linux.intel.com> 2012-01-20 00:56:50 +0400
commit: 282f445a779ed76fca9884fe377bf56a3088b208 (patch)
tree: d9abcf526baee0100672851e0a8894c19e762a39 /security/integrity/Kconfig
parent: 68f30fbee19cc67849b9fa8e153ede70758afe81 (diff)
parent: 90a4c0f51e8e44111a926be6f4c87af3938a79c3 (diff)
download: linux-282f445a779ed76fca9884fe377bf56a3088b208.tar.xz
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf7937..5bd1cc1b4a54 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
 	def_bool y
 	depends on IMA || EVM
 
+config INTEGRITY_SIGNATURE
+	boolean "Digital signature verification using multiple keyrings"
+	depends on INTEGRITY && KEYS
+	default n
+	select SIGNATURE
+	help
+	  This option enables digital signature verification support
+	  using multiple keyrings. It defines separate keyrings for each
+	  of the different use cases - evm, ima, and modules.
+	  Different keyrings improves search performance, but also allow
+	  to "lock" certain keyring to prevent adding new keys.
+	  This is useful for evm and module keyrings, when keys are
+	  usually only added from initramfs.
+
 source security/integrity/ima/Kconfig
 source security/integrity/evm/Kconfig
author	H. Peter Anvin <hpa@linux.intel.com>	2012-01-20 00:56:50 +0400
committer	H. Peter Anvin <hpa@linux.intel.com>	2012-01-20 00:56:50 +0400
commit	282f445a779ed76fca9884fe377bf56a3088b208 (patch)
tree	d9abcf526baee0100672851e0a8894c19e762a39 /security/integrity/Kconfig
parent	68f30fbee19cc67849b9fa8e153ede70758afe81 (diff)
parent	90a4c0f51e8e44111a926be6f4c87af3938a79c3 (diff)
download	linux-282f445a779ed76fca9884fe377bf56a3088b208.tar.xz