Linux-libre 4.5-gnu

author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2016-03-25 03:53:42 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2016-03-25 03:53:42 -0300
commit: 03dd4cb26d967f9588437b0fc9cc0e8353322bb7 (patch)
tree: fa581f6dc1c0596391690d1f67eceef3af8246dc /security/integrity/Kconfig
parent: d4e493caf788ef44982e131ff9c786546904d934 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 73c457bf5..21d756832 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -41,6 +41,17 @@ config INTEGRITY_ASYMMETRIC_KEYS
 	  This option enables digital signature verification using
 	  asymmetric keys.
 
+config INTEGRITY_TRUSTED_KEYRING
+	bool "Require all keys on the integrity keyrings be signed"
+	depends on SYSTEM_TRUSTED_KEYRING
+	depends on INTEGRITY_ASYMMETRIC_KEYS
+	select KEYS_DEBUG_PROC_KEYS
+	default y
+	help
+	   This option requires that all keys added to the .ima and
+	   .evm keyrings be signed by a key on the system trusted
+	   keyring.
+
 config INTEGRITY_AUDIT
 	bool "Enables integrity auditing support "
 	depends on AUDIT
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2016-03-25 03:53:42 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2016-03-25 03:53:42 -0300
commit	03dd4cb26d967f9588437b0fc9cc0e8353322bb7 (patch)
tree	fa581f6dc1c0596391690d1f67eceef3af8246dc /security/integrity/Kconfig
parent	d4e493caf788ef44982e131ff9c786546904d934 (diff)