1 config SECURITY_LOCKDOWN_LSM 2 bool "Basic module for enforcing kerne 3 depends on SECURITY 4 select MODULE_SIG if MODULES 5 help 6 Build support for an LSM that enforc 7 behaviour. 8 9 config SECURITY_LOCKDOWN_LSM_EARLY 10 bool "Enable lockdown LSM early in ini 11 depends on SECURITY_LOCKDOWN_LSM 12 help 13 Enable the lockdown LSM early in boo 14 to ensure that lockdown enforcement 15 boot parameters that are otherwise p 16 subsystem is fully initialised. If e 17 unconditionally be called before any 18 19 choice 20 prompt "Kernel default lockdown mode" 21 default LOCK_DOWN_KERNEL_FORCE_NONE 22 depends on SECURITY_LOCKDOWN_LSM 23 help 24 The kernel can be configured to defa 25 lockdown. 26 27 config LOCK_DOWN_KERNEL_FORCE_NONE 28 bool "None" 29 help 30 No lockdown functionality is enabled 31 enabled via the kernel commandline o 32 33 config LOCK_DOWN_KERNEL_FORCE_INTEGRITY 34 bool "Integrity" 35 help 36 The kernel runs in integrity mode by 37 the kernel to be modified at runtime 38 39 config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY 40 bool "Confidentiality" 41 help 42 The kernel runs in confidentiality mo 43 allow the kernel to be modified at ru 44 code to read confidential material he 45 disabled. 46 47 endchoice
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.