first commit

author: Meizu OpenSource <patchwork@meizu.com> 2016-08-15 10:19:42 +0800
committer: Meizu OpenSource <patchwork@meizu.com> 2016-08-15 10:19:42 +0800
commit: d2e1446d81725c351dc73a03b397ce043fb18452 (patch)
tree: 4dbc616b7f92aea39cd697a9084205ddb805e344 /security/integrity/Kconfig
1 files changed, 33 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
new file mode 100644
index 000000000..4bb3a775a
--- /dev/null
+++ b/security/integrity/Kconfig
@@ -0,0 +1,33 @@
+#
+config INTEGRITY
+	def_bool y
+	depends on IMA || EVM
+
+config INTEGRITY_SIGNATURE
+	boolean "Digital signature verification using multiple keyrings"
+	depends on INTEGRITY && KEYS
+	default n
+	select SIGNATURE
+	help
+	  This option enables digital signature verification support
+	  using multiple keyrings. It defines separate keyrings for each
+	  of the different use cases - evm, ima, and modules.
+	  Different keyrings improves search performance, but also allow
+	  to "lock" certain keyring to prevent adding new keys.
+	  This is useful for evm and module keyrings, when keys are
+	  usually only added from initramfs.
+
+config INTEGRITY_ASYMMETRIC_KEYS
+	boolean "Enable asymmetric keys support"
+	depends on INTEGRITY_SIGNATURE
+	default n
+        select ASYMMETRIC_KEY_TYPE
+        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+        select PUBLIC_KEY_ALGO_RSA
+        select X509_CERTIFICATE_PARSER
+	help
+	  This option enables digital signature verification using
+	  asymmetric keys.
+
+source security/integrity/ima/Kconfig
+source security/integrity/evm/Kconfig
author	Meizu OpenSource <patchwork@meizu.com>	2016-08-15 10:19:42 +0800
committer	Meizu OpenSource <patchwork@meizu.com>	2016-08-15 10:19:42 +0800
commit	d2e1446d81725c351dc73a03b397ce043fb18452 (patch)
tree	4dbc616b7f92aea39cd697a9084205ddb805e344 /security/integrity/Kconfig