Lines Matching +full:default +full:- +full:on
1 # SPDX-License-Identifier: GPL-2.0-only
37 depends on TCG_TPM && HAVE_IMA_KEXEC
38 default n
40 TPM PCRs are only reset on a hard reboot. In order to validate
42 running kernel must be saved and restored on boot.
44 Depending on the IMA policy, the measurement list can grow to
50 default 10
54 measurement list. If unsure, use the default 10.
58 depends on AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)
59 default y
64 prompt "Default template"
65 default IMA_NG_TEMPLATE
67 Select the default IMA measurement template.
71 limited to 255 characters. The 'ima-ng' measurement list
73 pathnames. The configured default template can be replaced
74 by specifying "ima_template=" on the boot command line.
77 bool "ima-ng (default)"
79 bool "ima-sig"
84 default "ima-ng" if IMA_NG_TEMPLATE
85 default "ima-sig" if IMA_SIG_TEMPLATE
88 prompt "Default integrity hash algorithm"
89 default IMA_DEFAULT_HASH_SHA1
91 Select the default hash algorithm used for the measurement
92 list, integrity appraisal and audit log. The compiled default
97 bool "SHA1 (default)"
98 depends on CRYPTO_SHA1=y
102 depends on CRYPTO_SHA256=y
106 depends on CRYPTO_SHA512=y
110 depends on CRYPTO_WP512=y
114 depends on CRYPTO_SM3_GENERIC=y
119 default "sha1" if IMA_DEFAULT_HASH_SHA1
120 default "sha256" if IMA_DEFAULT_HASH_SHA256
121 default "sha512" if IMA_DEFAULT_HASH_SHA512
122 default "wp512" if IMA_DEFAULT_HASH_WP512
123 default "sm3" if IMA_DEFAULT_HASH_SM3
127 default n
137 default y if IMA_WRITE_POLICY
138 default n if !IMA_WRITE_POLICY
146 default n
154 For more information on integrity appraisal refer to:
155 <http://linux-ima.sourceforge.net>
160 depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \
162 default n
165 based on run time secure boot flags.
169 depends on IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
170 default n
174 policy name on the boot command line. The build time appraisal
177 Depending on the rules configured, this policy may require kernel
184 depends on IMA_APPRAISE_BUILD_POLICY
185 default n
194 depends on IMA_APPRAISE_BUILD_POLICY
195 default n
198 be signed and verified by a public key on the trusted IMA
207 depends on IMA_APPRAISE_BUILD_POLICY
208 default n
211 and verified by a public key on the trusted IMA keyring.
213 Kernel module signatures can only be verified by IMA-appraisal,
219 depends on IMA_APPRAISE_BUILD_POLICY
220 default n
223 and verified by a key on the trusted IMA keyring.
227 depends on IMA_APPRAISE
228 default y
234 bool "Support module-style signatures for appraisal"
235 depends on IMA_APPRAISE
236 depends on INTEGRITY_ASYMMETRIC_KEYS
239 default n
247 bool "Permit keys validly signed by a built-in, machine (if configured) or secondary"
248 depends on SYSTEM_TRUSTED_KEYRING
249 depends on SECONDARY_TRUSTED_KEYRING
250 depends on INTEGRITY_ASYMMETRIC_KEYS
252 default n
255 key is validly signed by a CA cert in the system built-in,
262 built-in, machine (if configured) or secondary trusted keyrings.
266 depends on SYSTEM_TRUSTED_KEYRING
267 depends on INTEGRITY_TRUSTED_KEYRING
268 default n
277 depends on INTEGRITY_TRUSTED_KEYRING
278 default n
280 File signature verification is based on the public keys
281 loaded on the .ima trusted keyring. These public keys are
282 X509 certificates signed by a trusted key on the
288 depends on IMA_LOAD_X509
289 default "/etc/keys/x509_ima.der"
294 bool "Require signed user-space initialization"
295 depends on IMA_LOAD_X509
296 default n
298 This option requires user-space init to be signed.
302 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
303 default y
307 depends on IMA_MEASURE_ASYMMETRIC_KEYS
308 depends on SYSTEM_TRUSTED_KEYRING
309 default y
313 depends on IMA_ARCH_POLICY
316 trusted boot based on IMA runtime policies.
320 default n