Lines Matching +full:kernel +full:- +full:policy
1 # SPDX-License-Identifier: GPL-2.0-only
3 # Integrity Policy Enforcement (IPE) configuration
7 bool "Integrity Policy Enforcement (IPE)"
16 This option enables the Integrity Policy Enforcement LSM
17 allowing users to define a policy to enforce a trust-based access
18 control. A key feature of IPE is a customizable policy to allow
25 string "Integrity policy to apply on system startup"
27 This option specifies a filepath to an IPE policy that is compiled
28 into the kernel. This policy will be enforced until a policy update
35 bool "IPE policy update verification with secondary keyring"
39 Also allow the secondary trusted keyring to verify IPE policy
45 bool "IPE policy update verification with platform keyring"
49 Also allow the platform keyring to verify IPE policy updates.
56 bool "Enable support for dm-verity based on root hash"
60 policies. The property evaluates to TRUE when a file from a dm-verity
62 supplied in the policy.
65 bool "Enable support for dm-verity based on root hash signature"
69 policies. The property evaluates to TRUE when a file from a dm-verity
76 bool "Enable support for fs-verity based on file digest"
82 policy.
87 bool "Enable support for fs-verity based on builtin signature"
93 is in the .fs-verity keyring.
107 in TAP format (https://testanything.org/). Only useful for kernel devs
112 to the KUnit documentation in Documentation/dev-tools/kunit/.