Home Explore Help
Sign In
ichrin
/
kernel_samsung_msm8974
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4d1322ecff
Branches Tags
kernel_samsu...
/
security
/
integrity
/
ima
/
Kconfig

Kconfig 1.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. # IBM Integrity Measurement Architecture
    2. 

  2. #
    3. 

  3. config IMA
    4. 

  4. 	bool "Integrity Measurement Architecture(IMA)"
    5. 

  5. 	depends on SECURITY
    6. 

  6. 	select INTEGRITY
    7. 

  7. 	select SECURITYFS
    8. 

  8. 	select CRYPTO
    9. 

  9. 	select CRYPTO_HMAC
    10. 

  10. 	select CRYPTO_MD5
    11. 

  11. 	select CRYPTO_SHA1
    12. 

  12. 	select TCG_TPM if HAS_IOMEM && !UML
    13. 

  13. 	select TCG_TIS if TCG_TPM && X86
    14. 

  14. 	help
    15. 

  15. 	  The Trusted Computing Group(TCG) runtime Integrity
    16. 

  16. 	  Measurement Architecture(IMA) maintains a list of hash
    17. 

  17. 	  values of executables and other sensitive system files,
    18. 

  18. 	  as they are read or executed. If an attacker manages
    19. 

  19. 	  to change the contents of an important system file
    20. 

  20. 	  being measured, we can tell.
    21. 

  21. 

  22. 	  If your system has a TPM chip, then IMA also maintains
    23. 

  23. 	  an aggregate integrity value over this list inside the
    24. 

  24. 	  TPM hardware, so that the TPM can prove to a third party
    25. 

  25. 	  whether or not critical system files have been modified.
    26. 

  26. 	  Read <http://www.usenix.org/events/sec04/tech/sailer.html>
    27. 

  27. 	  to learn more about IMA.
    28. 

  28. 	  If unsure, say N.
    29. 

  29. 

  30. config IMA_MEASURE_PCR_IDX
    31. 

  31. 	int
    32. 

  32. 	depends on IMA
    33. 

  33. 	range 8 14
    34. 

  34. 	default 10
    35. 

  35. 	help
    36. 

  36. 	  IMA_MEASURE_PCR_IDX determines the TPM PCR register index
    37. 

  37. 	  that IMA uses to maintain the integrity aggregate of the
    38. 

  38. 	  measurement list.  If unsure, use the default 10.
    39. 

  39. 

  40. config IMA_AUDIT
    41. 

  41. 	bool
    42. 

  42. 	depends on IMA
    43. 

  43. 	default y
    44. 

  44. 	help
    45. 

  45. 	  This option adds a kernel parameter 'ima_audit', which
    46. 

  46. 	  allows informational auditing messages to be enabled
    47. 

  47. 	  at boot.  If this option is selected, informational integrity
    48. 

  48. 	  auditing messages can be enabled with 'ima_audit=1' on
    49. 

  49. 	  the kernel command line.
    50. 

  50. 

  51. config IMA_LSM_RULES
    52. 

  52. 	bool
    53. 

  53. 	depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
    54. 

  54. 	default y
    55. 

  55. 	help
    56. 

  56. 	  Disabling this option will disregard LSM based policy rules.
    57. 

  57.