Commit 7ef84e65 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

integrity: base integrity subsystem kconfig options on integrity 



The integrity subsystem has lots of options and takes more than
half of the security menu.  This patch consolidates the options
under "integrity", which are hidden if not enabled.  This change
does not affect existing configurations.  Re-configuration is not
needed.

Changes v4:
- no need to change "integrity subsystem" to menuconfig as
options are hidden, when not enabled. (Mimi)
- add INTEGRITY Kconfig help description

Changes v3:
- dependency to INTEGRITY removed when behind 'if INTEGRITY'

Changes v2:
- previous patch moved integrity out of the 'security' menu.
  This version keeps integrity as a security option (Mimi).

Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 1ae8f41c

security/integrity/Kconfig

+18 −4
Original line number Original line Diff line number Diff line 
#

#

config INTEGRITY

config INTEGRITY

	def_bool y

	bool "Integrity subsystem"

	depends on IMA || EVM

	depends on SECURITY

	default y

	help

	  This option enables the integrity subsystem, which is comprised

	  of a number of different components including the Integrity

	  Measurement Architecture (IMA), Extended Verification Module

	  (EVM), IMA-appraisal extension, digital signature verification

	  extension and audit measurement log support.



	  Each of these components can be enabled/disabled separately.

	  Refer to the individual components for additional details.



if INTEGRITY





config INTEGRITY_SIGNATURE

config INTEGRITY_SIGNATURE

	boolean "Digital signature verification using multiple keyrings"

	boolean "Digital signature verification using multiple keyrings"

	depends on INTEGRITY && KEYS

	depends on KEYS

	default n

	default n

	select SIGNATURE

	select SIGNATURE

	help

	help
@@ -31,7 +43,7 @@ config INTEGRITY_ASYMMETRIC_KEYS 




config INTEGRITY_AUDIT

config INTEGRITY_AUDIT

	bool "Enables integrity auditing support "

	bool "Enables integrity auditing support "

	depends on INTEGRITY && AUDIT

	depends on AUDIT

	default y

	default y

	help

	help

	  In addition to enabling integrity auditing support, this

	  In addition to enabling integrity auditing support, this
@@ -46,3 +58,5 @@ config INTEGRITY_AUDIT 




source security/integrity/ima/Kconfig

source security/integrity/ima/Kconfig

source security/integrity/evm/Kconfig

source security/integrity/evm/Kconfig



endif   # if INTEGRITY

security/integrity/evm/Kconfig

+0 −8
Original line number Original line Diff line number Diff line 
config EVM

config EVM

	boolean "EVM support"

	boolean "EVM support"

	depends on SECURITY

	select KEYS

	select KEYS

	select ENCRYPTED_KEYS

	select ENCRYPTED_KEYS

	select CRYPTO_HMAC

	select CRYPTO_HMAC
@@ -12,10 +11,6 @@ config EVM 




	  If you are unsure how to answer this question, answer N.

	  If you are unsure how to answer this question, answer N.





if EVM



menu "EVM options"



config EVM_ATTR_FSUUID

config EVM_ATTR_FSUUID

	bool "FSUUID (version 2)"

	bool "FSUUID (version 2)"

	default y

	default y
@@ -47,6 +42,3 @@ config EVM_EXTRA_SMACK_XATTRS 
	  additional info to the calculation, requires existing EVM

	  additional info to the calculation, requires existing EVM

	  labeled file systems to be relabeled.

	  labeled file systems to be relabeled.

endmenu



endif

security/integrity/ima/Kconfig

+0 −2
Original line number Original line Diff line number Diff line
@@ -2,8 +2,6 @@ 
#

#

config IMA

config IMA

	bool "Integrity Measurement Architecture(IMA)"

	bool "Integrity Measurement Architecture(IMA)"

	depends on SECURITY

	select INTEGRITY

	select SECURITYFS

	select SECURITYFS

	select CRYPTO

	select CRYPTO

	select CRYPTO_HMAC

	select CRYPTO_HMAC