From 03dd4cb26d967f9588437b0fc9cc0e8353322bb7 Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Fri, 25 Mar 2016 03:53:42 -0300
Subject: Linux-libre 4.5-gnu

---
 security/integrity/Kconfig | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'security/integrity/Kconfig')

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 73c457bf5..21d756832 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -41,6 +41,17 @@ config INTEGRITY_ASYMMETRIC_KEYS
 	  This option enables digital signature verification using
 	  asymmetric keys.
 
+config INTEGRITY_TRUSTED_KEYRING
+	bool "Require all keys on the integrity keyrings be signed"
+	depends on SYSTEM_TRUSTED_KEYRING
+	depends on INTEGRITY_ASYMMETRIC_KEYS
+	select KEYS_DEBUG_PROC_KEYS
+	default y
+	help
+	   This option requires that all keys added to the .ima and
+	   .evm keyrings be signed by a key on the system trusted
+	   keyring.
+
 config INTEGRITY_AUDIT
 	bool "Enables integrity auditing support "
 	depends on AUDIT
-- 
cgit v1.2.3-54-g00ecf