Kconfig - OpenGrok cross reference for /linux-6.12.1/security/ipe/Kconfig

1 # SPDX-License-Identifier: GPL-2.0-only
8 	depends on SECURITY && SECURITYFS && AUDIT && AUDITSYSCALL
16 	  This option enables the Integrity Policy Enforcement LSM
17 	  allowing users to define a policy to enforce a trust-based access
19 	  admins to reconfigure trust requirements on the fly.
25 	string "Integrity policy to apply on system startup"
28 	  into the kernel. This policy will be enforced until a policy update
29 	  is deployed via the $securityfs/ipe/policies/$policy_name/active
37 	depends on SECONDARY_TRUSTED_KEYRING
39 	  Also allow the secondary trusted keyring to verify IPE policy
47 	depends on INTEGRITY_PLATFORM_KEYRING
49 	  Also allow the platform keyring to verify IPE policy updates.
56 	bool "Enable support for dm-verity based on root hash"
57 	depends on DM_VERITY
59 	  This option enables the 'dmverity_roothash' property within IPE
60 	  policies. The property evaluates to TRUE when a file from a dm-verity
61 	  volume is evaluated, and the volume's root hash matches the value
62 	  supplied in the policy.
65 	bool "Enable support for dm-verity based on root hash signature"
66 	depends on DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
68 	  This option enables the 'dmverity_signature' property within IPE
69 	  policies. The property evaluates to TRUE when a file from a dm-verity
76 	bool "Enable support for fs-verity based on file digest"
77 	depends on FS_VERITY
79 	  This option enables the 'fsverity_digest' property within IPE
80 	  policies. The property evaluates to TRUE when a file is fsverity
81 	  enabled and its digest matches the supplied digest value in the
87 	bool "Enable support for fs-verity based on builtin signature"
88 	depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
90 	  This option enables the 'fsverity_signature' property within IPE
91 	  policies. The property evaluates to TRUE when a file is fsverity
93 	  is in the .fs-verity keyring.
101 	depends on KUNIT=y
104 	  This builds the IPE KUnit tests.
106 	  KUnit tests run during boot and output the results to the debug log
111 	  For more information on KUnit and unit tests in general please refer
112 	  to the KUnit documentation in Documentation/dev-tools/kunit/.