1 # IBM Integrity Measurement Architecture
4 bool "Integrity Measurement Architecture(IMA)"
10 select CRYPTO_HASH_INFO
11 select TCG_TPM if HAS_IOMEM && !UML
12 select TCG_TIS if TCG_TPM && X86
13 select TCG_CRB if TCG_TPM && ACPI
14 select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
16 The Trusted Computing Group(TCG) runtime Integrity
17 Measurement Architecture(IMA) maintains a list of hash
18 values of executables and other sensitive system files,
19 as they are read or executed. If an attacker manages
20 to change the contents of an important system file
21 being measured, we can tell.
23 If your system has a TPM chip, then IMA also maintains
24 an aggregate integrity value over this list inside the
25 TPM hardware, so that the TPM can prove to a third party
26 whether or not critical system files have been modified.
27 Read <http://www.usenix.org/events/sec04/tech/sailer.html>
28 to learn more about IMA.
31 config IMA_MEASURE_PCR_IDX
37 IMA_MEASURE_PCR_IDX determines the TPM PCR register index
38 that IMA uses to maintain the integrity aggregate of the
39 measurement list. If unsure, use the default 10.
43 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
46 Disabling this option will disregard LSM based policy rules.
49 prompt "Default template"
50 default IMA_NG_TEMPLATE
53 Select the default IMA measurement template.
55 The original 'ima' measurement list template contains a
56 hash, defined as 20 bytes, and a null terminated pathname,
57 limited to 255 characters. The 'ima-ng' measurement list
58 template permits both larger hash digests and longer
63 config IMA_NG_TEMPLATE
64 bool "ima-ng (default)"
65 config IMA_SIG_TEMPLATE
69 config IMA_DEFAULT_TEMPLATE
72 default "ima" if IMA_TEMPLATE
73 default "ima-ng" if IMA_NG_TEMPLATE
74 default "ima-sig" if IMA_SIG_TEMPLATE
77 prompt "Default integrity hash algorithm"
78 default IMA_DEFAULT_HASH_SHA1
81 Select the default hash algorithm used for the measurement
82 list, integrity appraisal and audit log. The compiled default
83 hash algorithm can be overwritten using the kernel command
84 line 'ima_hash=' option.
86 config IMA_DEFAULT_HASH_SHA1
88 depends on CRYPTO_SHA1
90 config IMA_DEFAULT_HASH_SHA256
92 depends on CRYPTO_SHA256 && !IMA_TEMPLATE
94 config IMA_DEFAULT_HASH_SHA512
96 depends on CRYPTO_SHA512 && !IMA_TEMPLATE
98 config IMA_DEFAULT_HASH_WP512
100 depends on CRYPTO_WP512 && !IMA_TEMPLATE
103 config IMA_DEFAULT_HASH
106 default "sha1" if IMA_DEFAULT_HASH_SHA1
107 default "sha256" if IMA_DEFAULT_HASH_SHA256
108 default "sha512" if IMA_DEFAULT_HASH_SHA512
109 default "wp512" if IMA_DEFAULT_HASH_WP512
112 bool "Appraise integrity measurements"
116 This option enables local measurement integrity appraisal.
117 It requires the system to be labeled with a security extended
118 attribute containing the file hash measurement. To protect
119 the security extended attributes from offline attack, enable
122 For more information on integrity appraisal refer to:
123 <http://linux-ima.sourceforge.net>
126 config IMA_TRUSTED_KEYRING
127 bool "Require all keys on the .ima keyring be signed"
128 depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
129 depends on INTEGRITY_ASYMMETRIC_KEYS
132 This option requires that all keys added to the .ima
133 keyring be signed by a key on the system trusted keyring.
136 bool "Load X509 certificate onto the '.ima' trusted keyring"
137 depends on IMA_TRUSTED_KEYRING
140 File signature verification is based on the public keys
141 loaded on the .ima trusted keyring. These public keys are
142 X509 certificates signed by a trusted key on the
143 .system keyring. This option enables X509 certificate
144 loading from the kernel onto the '.ima' trusted keyring.
147 string "IMA X509 certificate path"
148 depends on IMA_LOAD_X509
149 default "/etc/keys/x509_ima.der"
151 This option defines IMA X509 certificate path.
153 config IMA_APPRAISE_SIGNED_INIT
154 bool "Require signed user-space initialization"
155 depends on IMA_LOAD_X509
158 This option requires user-space init to be signed.