summaryrefslogtreecommitdiff
path: root/security/integrity/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r--security/integrity/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf7937..d384ea921482 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
def_bool y
depends on IMA || EVM
+config INTEGRITY_DIGSIG
+ boolean "Digital signature verification using multiple keyrings"
+ depends on INTEGRITY && KEYS
+ default n
+ select DIGSIG
+ help
+ This option enables digital signature verification support
+ using multiple keyrings. It defines separate keyrings for each
+ of the different use cases - evm, ima, and modules.
+ Different keyrings improves search performance, but also allow
+ to "lock" certain keyring to prevent adding new keys.
+ This is useful for evm and module keyrings, when keys are
+ usually only added from initramfs.
+
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig