Kconfig - OpenGrok cross reference for /Linux-v5.15/security/integrity/ima/Kconfig

Lines Matching refs:IMA
4 config IMA  config
5 	bool "Integrity Measurement Architecture(IMA)"
18 	  Measurement Architecture(IMA) maintains a list of hash
24 	  If your system has a TPM chip, then IMA also maintains
29 	  to learn more about IMA.
33 	bool "Enable carrying the IMA measurement list across a soft boot"
34 	depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
38 	   a TPM's quote after a soft boot, the IMA measurement list of the
41 	   Depending on the IMA policy, the measurement list can grow to
46 	depends on IMA
51 	  that IMA uses to maintain the integrity aggregate of the
56 	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)
64 	depends on IMA
66 	  Select the default IMA measurement template.
84 	depends on IMA
92 	depends on IMA
122 	depends on IMA
130 	bool "Enable multiple writes to the IMA policy"
131 	depends on IMA
134 	  IMA policy can now be updated multiple times.  The new rules get
141 	bool "Enable reading back the current IMA policy"
142 	depends on IMA
146 	   It is often useful to be able to read back the IMA policy.  It is
152 	depends on IMA
166         bool "Enable loading an IMA architecture specific policy"
167         depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
171           This option enables loading an IMA architecture specific policy
175 	bool "IMA build time configured policy rules"
179 	  This option defines an IMA appraisal policy at build time, which
185 	  modules, firmware, the kexec kernel image, and/or the IMA policy
205 	  be signed and verified by a public key on the trusted IMA
218 	  and verified by a public key on the trusted IMA keyring.
220 	  Kernel module signatures can only be verified by IMA-appraisal,
225 	bool "Appraise IMA policy signature"
229 	  Enabling this rule will require the IMA policy to be signed and
230 	  and verified by a key on the trusted IMA keyring.
250 	   The modsig keyword can be used in the IMA policy to allow a hook
273 	  Keys may be added to the IMA or IMA blacklist keyrings, if the
278 	  IMA keys to be added may be added to the system secondary keyring,
283 	bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
288 	   This option creates an IMA blacklist keyring, which contains all
289 	   revoked IMA keys.  It is consulted before any other keyring.  If
305 	string "IMA X509 certificate path"
309 	   This option defines IMA X509 certificate path.
320 	depends on IMA
335           trusted boot based on IMA runtime policies.
339 	depends on IMA