~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/ipe/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/ipe/Kconfig (Version linux-6.12-rc7) and /security/ipe/Kconfig (Version linux-5.9.16)

  1 # SPDX-License-Identifier: GPL-2.0-only           
  2 #                                                 
  3 # Integrity Policy Enforcement (IPE) configura    
  4 #                                                 
  5                                                   
  6 menuconfig SECURITY_IPE                           
  7         bool "Integrity Policy Enforcement (IP    
  8         depends on SECURITY && SECURITYFS && A    
  9         select PKCS7_MESSAGE_PARSER               
 10         select SYSTEM_DATA_VERIFICATION           
 11         select IPE_PROP_DM_VERITY if DM_VERITY    
 12         select IPE_PROP_DM_VERITY_SIGNATURE if    
 13         select IPE_PROP_FS_VERITY if FS_VERITY    
 14         select IPE_PROP_FS_VERITY_BUILTIN_SIG     
 15         help                                      
 16           This option enables the Integrity Po    
 17           allowing users to define a policy to    
 18           control. A key feature of IPE is a c    
 19           admins to reconfigure trust requirem    
 20                                                   
 21           If unsure, answer N.                    
 22                                                   
 23 if SECURITY_IPE                                   
 24 config IPE_BOOT_POLICY                            
 25         string "Integrity policy to apply on s    
 26         help                                      
 27           This option specifies a filepath to     
 28           into the kernel. This policy will be    
 29           is deployed via the $securityfs/ipe/    
 30           interface.                              
 31                                                   
 32           If unsure, leave blank.                 
 33                                                   
 34 config IPE_POLICY_SIG_SECONDARY_KEYRING           
 35         bool "IPE policy update verification w    
 36         default y                                 
 37         depends on SECONDARY_TRUSTED_KEYRING      
 38         help                                      
 39           Also allow the secondary trusted key    
 40           updates.                                
 41                                                   
 42           If unsure, answer Y.                    
 43                                                   
 44 config IPE_POLICY_SIG_PLATFORM_KEYRING            
 45         bool "IPE policy update verification w    
 46         default y                                 
 47         depends on INTEGRITY_PLATFORM_KEYRING     
 48         help                                      
 49           Also allow the platform keyring to v    
 50                                                   
 51           If unsure, answer Y.                    
 52                                                   
 53 menu "IPE Trust Providers"                        
 54                                                   
 55 config IPE_PROP_DM_VERITY                         
 56         bool "Enable support for dm-verity bas    
 57         depends on DM_VERITY                      
 58         help                                      
 59           This option enables the 'dmverity_ro    
 60           policies. The property evaluates to     
 61           volume is evaluated, and the volume'    
 62           supplied in the policy.                 
 63                                                   
 64 config IPE_PROP_DM_VERITY_SIGNATURE               
 65         bool "Enable support for dm-verity bas    
 66         depends on DM_VERITY && DM_VERITY_VERI    
 67         help                                      
 68           This option enables the 'dmverity_si    
 69           policies. The property evaluates to     
 70           volume, which has been mounted with     
 71           is evaluated.                           
 72                                                   
 73           If unsure, answer Y.                    
 74                                                   
 75 config IPE_PROP_FS_VERITY                         
 76         bool "Enable support for fs-verity bas    
 77         depends on FS_VERITY                      
 78         help                                      
 79           This option enables the 'fsverity_di    
 80           policies. The property evaluates to     
 81           enabled and its digest matches the s    
 82           policy.                                 
 83                                                   
 84           if unsure, answer Y.                    
 85                                                   
 86 config IPE_PROP_FS_VERITY_BUILTIN_SIG             
 87         bool "Enable support for fs-verity bas    
 88         depends on FS_VERITY && FS_VERITY_BUIL    
 89         help                                      
 90           This option enables the 'fsverity_si    
 91           policies. The property evaluates to     
 92           enabled and it has a valid builtin s    
 93           is in the .fs-verity keyring.           
 94                                                   
 95           if unsure, answer Y.                    
 96                                                   
 97 endmenu                                           
 98                                                   
 99 config SECURITY_IPE_KUNIT_TEST                    
100         bool "Build KUnit tests for IPE" if !K    
101         depends on KUNIT=y                        
102         default KUNIT_ALL_TESTS                   
103         help                                      
104           This builds the IPE KUnit tests.        
105                                                   
106           KUnit tests run during boot and outp    
107           in TAP format (https://testanything.    
108           running KUnit test harness and are n    
109           production build.                       
110                                                   
111           For more information on KUnit and un    
112           to the KUnit documentation in Docume    
113                                                   
114           If unsure, say N.                       
115                                                   
116 endif
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php