summaryrefslogtreecommitdiff
path: root/security/integrity/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/Kconfig')
-rw-r--r--security/integrity/Kconfig22
1 files changed, 18 insertions, 4 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index f79d8537bdda..b76235ae4786 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -1,11 +1,23 @@
#
config INTEGRITY
- def_bool y
- depends on IMA || EVM
+ bool "Integrity subsystem"
+ depends on SECURITY
+ default y
+ help
+ This option enables the integrity subsystem, which is comprised
+ of a number of different components including the Integrity
+ Measurement Architecture (IMA), Extended Verification Module
+ (EVM), IMA-appraisal extension, digital signature verification
+ extension and audit measurement log support.
+
+ Each of these components can be enabled/disabled separately.
+ Refer to the individual components for additional details.
+
+if INTEGRITY
config INTEGRITY_SIGNATURE
boolean "Digital signature verification using multiple keyrings"
- depends on INTEGRITY && KEYS
+ depends on KEYS
default n
select SIGNATURE
help
@@ -31,7 +43,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
config INTEGRITY_AUDIT
bool "Enables integrity auditing support "
- depends on INTEGRITY && AUDIT
+ depends on AUDIT
default y
help
In addition to enabling integrity auditing support, this
@@ -46,3 +58,5 @@ config INTEGRITY_AUDIT
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig
+
+endif # if INTEGRITY