diff options
author | James Morris <james.l.morris@oracle.com> | 2014-11-19 13:36:07 +0300 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2014-11-19 13:36:07 +0300 |
commit | a6aacbde406eeb6f8fc218b2c6172825f5e73fcf (patch) | |
tree | b79e1a17c38090915085f0dbb501a0970cb79b28 /security/integrity/ima/Kconfig | |
parent | b10778a00d40b3d9fdaaf5891e802794781ff71c (diff) | |
parent | 6fb5032ebb1c5b852461d64ee33829081de8ca61 (diff) | |
download | linux-a6aacbde406eeb6f8fc218b2c6172825f5e73fcf.tar.xz |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
Diffstat (limited to 'security/integrity/ima/Kconfig')
-rw-r--r-- | security/integrity/ima/Kconfig | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e099875643c5..b80a93ec1ccc 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -131,3 +131,28 @@ config IMA_TRUSTED_KEYRING help This option requires that all keys added to the .ima keyring be signed by a key on the system trusted keyring. + +config IMA_LOAD_X509 + bool "Load X509 certificate onto the '.ima' trusted keyring" + depends on IMA_TRUSTED_KEYRING + default n + help + File signature verification is based on the public keys + loaded on the .ima trusted keyring. These public keys are + X509 certificates signed by a trusted key on the + .system keyring. This option enables X509 certificate + loading from the kernel onto the '.ima' trusted keyring. + +config IMA_X509_PATH + string "IMA X509 certificate path" + depends on IMA_LOAD_X509 + default "/etc/keys/x509_ima.der" + help + This option defines IMA X509 certificate path. + +config IMA_APPRAISE_SIGNED_INIT + bool "Require signed user-space initialization" + depends on IMA_LOAD_X509 + default n + help + This option requires user-space init to be signed. |