diff options
Diffstat (limited to 'meta-integrity/recipes-kernel/linux/linux/ima.cfg')
-rw-r--r-- | meta-integrity/recipes-kernel/linux/linux/ima.cfg | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-integrity/recipes-kernel/linux/linux/ima.cfg index 02381aa..b3e47ba 100644 --- a/meta-integrity/recipes-kernel/linux/linux/ima.cfg +++ b/meta-integrity/recipes-kernel/linux/linux/ima.cfg @@ -1,16 +1,18 @@ -# Enable bare minimum IMA measurement and appraisal as needed by this layer. - -CONFIG_SECURITY=y -CONFIG_INTEGRITY=y - -# measurement CONFIG_IMA=y - -# appraisal +CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_NG_TEMPLATE=y +CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" +CONFIG_IMA_DEFAULT_HASH_SHA1=y +CONFIG_IMA_DEFAULT_HASH="sha1" CONFIG_IMA_APPRAISE=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y - -# Kernel will get built with embedded X.509 root CA key and all keys -# need to be signed with that. +CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_SIGNATURE=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_LOAD_X509=y +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" + +#CONFIG_INTEGRITY_SIGNATURE=y +#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +#CONFIG_INTEGRITY_TRUSTED_KEYRING=y |