aboutsummaryrefslogtreecommitdiffstats
path: root/meta-integrity/recipes-kernel/linux/linux/ima.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'meta-integrity/recipes-kernel/linux/linux/ima.cfg')
-rw-r--r--meta-integrity/recipes-kernel/linux/linux/ima.cfg16
1 files changed, 16 insertions, 0 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
new file mode 100644
index 0000000..02381aa
--- /dev/null
+++ b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
@@ -0,0 +1,16 @@
+# Enable bare minimum IMA measurement and appraisal as needed by this layer.
+
+CONFIG_SECURITY=y
+CONFIG_INTEGRITY=y
+
+# measurement
+CONFIG_IMA=y
+
+# appraisal
+CONFIG_IMA_APPRAISE=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+
+# Kernel will get built with embedded X.509 root CA key and all keys
+# need to be signed with that.
+CONFIG_IMA_TRUSTED_KEYRING=y
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-16 16:47:55 +0000