diff options
| -rw-r--r-- | security/integrity/Kconfig | 22 | ||||
| -rw-r--r-- | security/integrity/evm/Kconfig | 8 | ||||
| -rw-r--r-- | security/integrity/ima/Kconfig | 2 |
3 files changed, 18 insertions, 14 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index f79d853..b76235a 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -1,11 +1,23 @@ # config INTEGRITY - def_bool y - depends on IMA || EVM + bool "Integrity subsystem" + depends on SECURITY + default y + help + This option enables the integrity subsystem, which is comprised + of a number of different components including the Integrity + Measurement Architecture (IMA), Extended Verification Module + (EVM), IMA-appraisal extension, digital signature verification + extension and audit measurement log support. + + Each of these components can be enabled/disabled separately. + Refer to the individual components for additional details. + +if INTEGRITY config INTEGRITY_SIGNATURE boolean "Digital signature verification using multiple keyrings" - depends on INTEGRITY && KEYS + depends on KEYS default n select SIGNATURE help @@ -31,7 +43,7 @@ config INTEGRITY_ASYMMETRIC_KEYS config INTEGRITY_AUDIT bool "Enables integrity auditing support " - depends on INTEGRITY && AUDIT + depends on AUDIT default y help In addition to enabling integrity auditing support, this @@ -46,3 +58,5 @@ config INTEGRITY_AUDIT source security/integrity/ima/Kconfig source security/integrity/evm/Kconfig + +endif # if INTEGRITY diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig index d606f3d..df586fa 100644 --- a/security/integrity/evm/Kconfig +++ b/security/integrity/evm/Kconfig @@ -1,6 +1,5 @@ config EVM boolean "EVM support" - depends on SECURITY select KEYS select ENCRYPTED_KEYS select CRYPTO_HMAC @@ -12,10 +11,6 @@ config EVM If you are unsure how to answer this question, answer N. -if EVM - -menu "EVM options" - config EVM_ATTR_FSUUID bool "FSUUID (version 2)" default y @@ -47,6 +42,3 @@ config EVM_EXTRA_SMACK_XATTRS additional info to the calculation, requires existing EVM labeled file systems to be relabeled. -endmenu - -endif diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 08758fb..e099875 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -2,8 +2,6 @@ # config IMA bool "Integrity Measurement Architecture(IMA)" - depends on SECURITY - select INTEGRITY select SECURITYFS select CRYPTO select CRYPTO_HMAC |
