Lines Matching +full:default +full:- +full:on
1 # SPDX-License-Identifier: GPL-2.0-only
36 depends on TCG_TPM && HAVE_IMA_KEXEC
37 default n
39 TPM PCRs are only reset on a hard reboot. In order to validate
41 running kernel must be saved and restored on boot.
43 Depending on the IMA policy, the measurement list can grow to
49 default 10
53 measurement list. If unsure, use the default 10.
57 depends on AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)
58 default y
63 prompt "Default template"
64 default IMA_NG_TEMPLATE
66 Select the default IMA measurement template.
70 limited to 255 characters. The 'ima-ng' measurement list
72 pathnames. The configured default template can be replaced
73 by specifying "ima_template=" on the boot command line.
76 bool "ima-ng (default)"
78 bool "ima-sig"
83 default "ima-ng" if IMA_NG_TEMPLATE
84 default "ima-sig" if IMA_SIG_TEMPLATE
87 prompt "Default integrity hash algorithm"
88 default IMA_DEFAULT_HASH_SHA1
90 Select the default hash algorithm used for the measurement
91 list, integrity appraisal and audit log. The compiled default
96 bool "SHA1 (default)"
97 depends on CRYPTO_SHA1=y
101 depends on CRYPTO_SHA256=y
105 depends on CRYPTO_SHA512=y
109 depends on CRYPTO_WP512=y
113 depends on CRYPTO_SM3_GENERIC=y
118 default "sha1" if IMA_DEFAULT_HASH_SHA1
119 default "sha256" if IMA_DEFAULT_HASH_SHA256
120 default "sha512" if IMA_DEFAULT_HASH_SHA512
121 default "wp512" if IMA_DEFAULT_HASH_WP512
122 default "sm3" if IMA_DEFAULT_HASH_SM3
126 default n
136 default y if IMA_WRITE_POLICY
137 default n if !IMA_WRITE_POLICY
145 default n
153 For more information on integrity appraisal refer to:
154 <http://linux-ima.sourceforge.net>
159 depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
161 default n
164 based on run time secure boot flags.
168 depends on IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
169 default n
173 policy name on the boot command line. The build time appraisal
176 Depending on the rules configured, this policy may require kernel
183 depends on IMA_APPRAISE_BUILD_POLICY
184 default n
193 depends on IMA_APPRAISE_BUILD_POLICY
194 default n
197 be signed and verified by a public key on the trusted IMA
206 depends on IMA_APPRAISE_BUILD_POLICY
207 default n
210 and verified by a public key on the trusted IMA keyring.
212 Kernel module signatures can only be verified by IMA-appraisal,
218 depends on IMA_APPRAISE_BUILD_POLICY
219 default n
222 and verified by a key on the trusted IMA keyring.
226 depends on IMA_APPRAISE
227 default y
233 bool "Support module-style signatures for appraisal"
234 depends on IMA_APPRAISE
235 depends on INTEGRITY_ASYMMETRIC_KEYS
238 default n
246 bool "Permit keys validly signed by a built-in, machine (if configured) or secondary"
247 depends on SYSTEM_TRUSTED_KEYRING
248 depends on SECONDARY_TRUSTED_KEYRING
249 depends on INTEGRITY_ASYMMETRIC_KEYS
251 default n
254 key is validly signed by a CA cert in the system built-in,
261 built-in, machine (if configured) or secondary trusted keyrings.
265 depends on SYSTEM_TRUSTED_KEYRING
266 depends on INTEGRITY_TRUSTED_KEYRING
267 default n
276 depends on INTEGRITY_TRUSTED_KEYRING
277 default n
279 File signature verification is based on the public keys
280 loaded on the .ima trusted keyring. These public keys are
281 X509 certificates signed by a trusted key on the
287 depends on IMA_LOAD_X509
288 default "/etc/keys/x509_ima.der"
293 bool "Require signed user-space initialization"
294 depends on IMA_LOAD_X509
295 default n
297 This option requires user-space init to be signed.
301 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
302 default y
306 depends on IMA_MEASURE_ASYMMETRIC_KEYS
307 depends on SYSTEM_TRUSTED_KEYRING
308 default y
312 depends on IMA_ARCH_POLICY
315 trusted boot based on IMA runtime policies.
319 default n