Kconfig - OpenGrok cross reference for /linux-6.12.1/security/integrity/ima/Kconfig

4 config IMA  config
5 	bool "Integrity Measurement Architecture(IMA)"
19 	  Measurement Architecture(IMA) maintains a list of hash
25 	  If your system has a TPM chip, then IMA also maintains
30 	  to learn more about IMA.
33 if IMA
36 	bool "Enable carrying the IMA measurement list across a soft boot"
41 	   a TPM's quote after a soft boot, the IMA measurement list of the
44 	   Depending on the IMA policy, the measurement list can grow to
53 	  that IMA uses to maintain the integrity aggregate of the
67 	  Select the default IMA measurement template.
126 	bool "Enable multiple writes to the IMA policy"
129 	  IMA policy can now be updated multiple times.  The new rules get
136 	bool "Enable reading back the current IMA policy"
140 	   It is often useful to be able to read back the IMA policy.  It is
159         bool "Enable loading an IMA architecture specific policy"
160         depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
164           This option enables loading an IMA architecture specific policy
168 	bool "IMA build time configured policy rules"
172 	  This option defines an IMA appraisal policy at build time, which
178 	  modules, firmware, the kexec kernel image, and/or the IMA policy
198 	  be signed and verified by a public key on the trusted IMA
211 	  and verified by a public key on the trusted IMA keyring.
213 	  Kernel module signatures can only be verified by IMA-appraisal,
218 	bool "Appraise IMA policy signature"
222 	  Enabling this rule will require the IMA policy to be signed and
223 	  and verified by a key on the trusted IMA keyring.
243 	   The modsig keyword can be used in the IMA policy to allow a hook
254 	  Keys may be added to the IMA or IMA blacklist keyrings, if the
260 	  IMA keys to be added may be added to the system secondary keyring,
265 	bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
270 	   This option creates an IMA blacklist keyring, which contains all
271 	   revoked IMA keys.  It is consulted before any other keyring.  If
287 	string "IMA X509 certificate path"
291 	   This option defines IMA X509 certificate path.
316           trusted boot based on IMA runtime policies.