summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/integrity/Kconfig22
-rw-r--r--security/integrity/evm/Kconfig8
-rw-r--r--security/integrity/ima/Kconfig2
3 files changed, 18 insertions, 14 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index f79d8537bdda..b76235ae4786 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -1,11 +1,23 @@
#
config INTEGRITY
- def_bool y
- depends on IMA || EVM
+ bool "Integrity subsystem"
+ depends on SECURITY
+ default y
+ help
+ This option enables the integrity subsystem, which is comprised
+ of a number of different components including the Integrity
+ Measurement Architecture (IMA), Extended Verification Module
+ (EVM), IMA-appraisal extension, digital signature verification
+ extension and audit measurement log support.
+
+ Each of these components can be enabled/disabled separately.
+ Refer to the individual components for additional details.
+
+if INTEGRITY
config INTEGRITY_SIGNATURE
boolean "Digital signature verification using multiple keyrings"
- depends on INTEGRITY && KEYS
+ depends on KEYS
default n
select SIGNATURE
help
@@ -31,7 +43,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
config INTEGRITY_AUDIT
bool "Enables integrity auditing support "
- depends on INTEGRITY && AUDIT
+ depends on AUDIT
default y
help
In addition to enabling integrity auditing support, this
@@ -46,3 +58,5 @@ config INTEGRITY_AUDIT
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig
+
+endif # if INTEGRITY
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index d606f3d12d6b..df586fa00ef1 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,6 +1,5 @@
config EVM
boolean "EVM support"
- depends on SECURITY
select KEYS
select ENCRYPTED_KEYS
select CRYPTO_HMAC
@@ -12,10 +11,6 @@ config EVM
If you are unsure how to answer this question, answer N.
-if EVM
-
-menu "EVM options"
-
config EVM_ATTR_FSUUID
bool "FSUUID (version 2)"
default y
@@ -47,6 +42,3 @@ config EVM_EXTRA_SMACK_XATTRS
additional info to the calculation, requires existing EVM
labeled file systems to be relabeled.
-endmenu
-
-endif
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 08758fbd496f..e099875643c5 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,8 +2,6 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on SECURITY
- select INTEGRITY
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC