GNU Linux-libre 4.4.295-gnu1

[releases.git] / security / integrity / ima / Kconfig

# IBM Integrity Measurement Architecture
#
config IMA
        bool "Integrity Measurement Architecture(IMA)"
        select SECURITYFS
        select CRYPTO
        select CRYPTO_HMAC
        select CRYPTO_MD5
        select CRYPTO_SHA1
        select CRYPTO_HASH_INFO
        select TCG_TPM if HAS_IOMEM && !UML
        select TCG_TIS if TCG_TPM && X86
        select TCG_CRB if TCG_TPM && ACPI
        select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
        help
          The Trusted Computing Group(TCG) runtime Integrity
          Measurement Architecture(IMA) maintains a list of hash
          values of executables and other sensitive system files,
          as they are read or executed. If an attacker manages
          to change the contents of an important system file
          being measured, we can tell.

          If your system has a TPM chip, then IMA also maintains
          an aggregate integrity value over this list inside the
          TPM hardware, so that the TPM can prove to a third party
          whether or not critical system files have been modified.
          Read <http://www.usenix.org/events/sec04/tech/sailer.html>
          to learn more about IMA.
          If unsure, say N.

config IMA_MEASURE_PCR_IDX
        int
        depends on IMA
        range 8 14
        default 10
        help
          IMA_MEASURE_PCR_IDX determines the TPM PCR register index
          that IMA uses to maintain the integrity aggregate of the
          measurement list.  If unsure, use the default 10.

config IMA_LSM_RULES
        bool
        depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
        default y
        help
          Disabling this option will disregard LSM based policy rules.

choice
        prompt "Default template"
        default IMA_NG_TEMPLATE
        depends on IMA
        help
          Select the default IMA measurement template.

          The original 'ima' measurement list template contains a
          hash, defined as 20 bytes, and a null terminated pathname,
          limited to 255 characters.  The 'ima-ng' measurement list
          template permits both larger hash digests and longer
          pathnames.

        config IMA_TEMPLATE
                bool "ima"
        config IMA_NG_TEMPLATE
                bool "ima-ng (default)"
        config IMA_SIG_TEMPLATE
                bool "ima-sig"
endchoice

config IMA_DEFAULT_TEMPLATE
        string
        depends on IMA
        default "ima" if IMA_TEMPLATE
        default "ima-ng" if IMA_NG_TEMPLATE
        default "ima-sig" if IMA_SIG_TEMPLATE

choice
        prompt "Default integrity hash algorithm"
        default IMA_DEFAULT_HASH_SHA1
        depends on IMA
        help
           Select the default hash algorithm used for the measurement
           list, integrity appraisal and audit log.  The compiled default
           hash algorithm can be overwritten using the kernel command
           line 'ima_hash=' option.

        config IMA_DEFAULT_HASH_SHA1
                bool "SHA1 (default)"
                depends on CRYPTO_SHA1

        config IMA_DEFAULT_HASH_SHA256
                bool "SHA256"
                depends on CRYPTO_SHA256 && !IMA_TEMPLATE

        config IMA_DEFAULT_HASH_SHA512
                bool "SHA512"
                depends on CRYPTO_SHA512 && !IMA_TEMPLATE

        config IMA_DEFAULT_HASH_WP512
                bool "WP512"
                depends on CRYPTO_WP512 && !IMA_TEMPLATE
endchoice

config IMA_DEFAULT_HASH
        string
        depends on IMA
        default "sha1" if IMA_DEFAULT_HASH_SHA1
        default "sha256" if IMA_DEFAULT_HASH_SHA256
        default "sha512" if IMA_DEFAULT_HASH_SHA512
        default "wp512" if IMA_DEFAULT_HASH_WP512

config IMA_APPRAISE
        bool "Appraise integrity measurements"
        depends on IMA
        default n
        help
          This option enables local measurement integrity appraisal.
          It requires the system to be labeled with a security extended
          attribute containing the file hash measurement.  To protect
          the security extended attributes from offline attack, enable
          and configure EVM.

          For more information on integrity appraisal refer to:
          <http://linux-ima.sourceforge.net>
          If unsure, say N.

config IMA_TRUSTED_KEYRING
        bool "Require all keys on the .ima keyring be signed"
        depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
        depends on INTEGRITY_ASYMMETRIC_KEYS
        default y
        help
           This option requires that all keys added to the .ima
           keyring be signed by a key on the system trusted keyring.

config IMA_LOAD_X509
        bool "Load X509 certificate onto the '.ima' trusted keyring"
        depends on IMA_TRUSTED_KEYRING
        default n
        help
           File signature verification is based on the public keys
           loaded on the .ima trusted keyring. These public keys are
           X509 certificates signed by a trusted key on the
           .system keyring.  This option enables X509 certificate
           loading from the kernel onto the '.ima' trusted keyring.

config IMA_X509_PATH
        string "IMA X509 certificate path"
        depends on IMA_LOAD_X509
        default "/etc/keys/x509_ima.der"
        help
           This option defines IMA X509 certificate path.

config IMA_APPRAISE_SIGNED_INIT
        bool "Require signed user-space initialization"
        depends on IMA_LOAD_X509
        default n
        help
           This option requires user-space init to be signed.