Lines Matching refs:IMA
3 config IMA config
4 bool "Integrity Measurement Architecture(IMA)"
18 Measurement Architecture(IMA) maintains a list of hash
24 If your system has a TPM chip, then IMA also maintains
29 to learn more about IMA.
33 bool "Enable carrying the IMA measurement list across a soft boot"
34 depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
38 a TPM's quote after a soft boot, the IMA measurement list of the
41 Depending on the IMA policy, the measurement list can grow to
46 depends on IMA
51 that IMA uses to maintain the integrity aggregate of the
56 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
64 depends on IMA
66 Select the default IMA measurement template.
84 depends on IMA
92 depends on IMA
118 depends on IMA
125 bool "Enable multiple writes to the IMA policy"
126 depends on IMA
129 IMA policy can now be updated multiple times. The new rules get
136 bool "Enable reading back the current IMA policy"
137 depends on IMA
141 It is often useful to be able to read back the IMA policy. It is
147 depends on IMA
161 bool "IMA build time configured policy rules"
165 This option defines an IMA appraisal policy at build time, which
171 modules, firmware, the kexec kernel image, and/or the IMA policy
191 be signed and verified by a public key on the trusted IMA
204 and verified by a public key on the trusted IMA keyring.
206 Kernel module signatures can only be verified by IMA-appraisal,
211 bool "Appraise IMA policy signature"
215 Enabling this rule will require the IMA policy to be signed and
216 and verified by a key on the trusted IMA keyring.
246 Keys may be added to the IMA or IMA blacklist keyrings, if the
251 IMA keys to be added may be added to the system secondary keyring,
256 bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
261 This option creates an IMA blacklist keyring, which contains all
262 revoked IMA keys. It is consulted before any other keyring. If
278 string "IMA X509 certificate path"
282 This option defines IMA X509 certificate path.