integrity: base integrity subsystem kconfig options on integrity
The integrity subsystem has lots of options and takes more than half of the security menu. This patch consolidates the options under "integrity", which are hidden if not enabled. This change does not affect existing configurations. Re-configuration is not needed. Changes v4: - no need to change "integrity subsystem" to menuconfig as options are hidden, when not enabled. (Mimi) - add INTEGRITY Kconfig help description Changes v3: - dependency to INTEGRITY removed when behind 'if INTEGRITY' Changes v2: - previous patch moved integrity out of the 'security' menu. This version keeps integrity as a security option (Mimi). Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
1ae8f41c23
commit
7ef84e65ec
3 changed files with 18 additions and 14 deletions
|
@ -1,11 +1,23 @@
|
|||
#
|
||||
config INTEGRITY
|
||||
def_bool y
|
||||
depends on IMA || EVM
|
||||
bool "Integrity subsystem"
|
||||
depends on SECURITY
|
||||
default y
|
||||
help
|
||||
This option enables the integrity subsystem, which is comprised
|
||||
of a number of different components including the Integrity
|
||||
Measurement Architecture (IMA), Extended Verification Module
|
||||
(EVM), IMA-appraisal extension, digital signature verification
|
||||
extension and audit measurement log support.
|
||||
|
||||
Each of these components can be enabled/disabled separately.
|
||||
Refer to the individual components for additional details.
|
||||
|
||||
if INTEGRITY
|
||||
|
||||
config INTEGRITY_SIGNATURE
|
||||
boolean "Digital signature verification using multiple keyrings"
|
||||
depends on INTEGRITY && KEYS
|
||||
depends on KEYS
|
||||
default n
|
||||
select SIGNATURE
|
||||
help
|
||||
|
@ -31,7 +43,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
|
|||
|
||||
config INTEGRITY_AUDIT
|
||||
bool "Enables integrity auditing support "
|
||||
depends on INTEGRITY && AUDIT
|
||||
depends on AUDIT
|
||||
default y
|
||||
help
|
||||
In addition to enabling integrity auditing support, this
|
||||
|
@ -46,3 +58,5 @@ config INTEGRITY_AUDIT
|
|||
|
||||
source security/integrity/ima/Kconfig
|
||||
source security/integrity/evm/Kconfig
|
||||
|
||||
endif # if INTEGRITY
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
config EVM
|
||||
boolean "EVM support"
|
||||
depends on SECURITY
|
||||
select KEYS
|
||||
select ENCRYPTED_KEYS
|
||||
select CRYPTO_HMAC
|
||||
|
@ -12,10 +11,6 @@ config EVM
|
|||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
if EVM
|
||||
|
||||
menu "EVM options"
|
||||
|
||||
config EVM_ATTR_FSUUID
|
||||
bool "FSUUID (version 2)"
|
||||
default y
|
||||
|
@ -47,6 +42,3 @@ config EVM_EXTRA_SMACK_XATTRS
|
|||
additional info to the calculation, requires existing EVM
|
||||
labeled file systems to be relabeled.
|
||||
|
||||
endmenu
|
||||
|
||||
endif
|
||||
|
|
|
@ -2,8 +2,6 @@
|
|||
#
|
||||
config IMA
|
||||
bool "Integrity Measurement Architecture(IMA)"
|
||||
depends on SECURITY
|
||||
select INTEGRITY
|
||||
select SECURITYFS
|
||||
select CRYPTO
|
||||
select CRYPTO_HMAC
|
||||
|
|
Loading…
Reference in a new issue