projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'smack-for-4.5' of https://github.com/cschaufler/smack-next into next
[cascardo/linux.git] / security / integrity / evm / Kconfig
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index bf19723..e825e0a 100644 (file)
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -42,3 +42,20 @@ config EVM_EXTRA_SMACK_XATTRS
          additional info to the calculation, requires existing EVM
          labeled file systems to be relabeled.
 
+config EVM_LOAD_X509
+       bool "Load an X509 certificate onto the '.evm' trusted keyring"
+       depends on EVM && INTEGRITY_TRUSTED_KEYRING
+       default n
+       help
+          Load an X509 certificate onto the '.evm' trusted keyring.
+
+          This option enables X509 certificate loading from the kernel
+          onto the '.evm' trusted keyring.  A public key can be used to
+          verify EVM integrity starting from the 'init' process.
+
+config EVM_X509_PATH
+       string "EVM X509 certificate path"
+       depends on EVM_LOAD_X509
+       default "/etc/keys/x509_evm.der"
+       help
+          This option defines X509 certificate path.
Unnamed repository; edit this file 'description' to name the repository.