mirror of
https://github.com/torvalds/linux.git
synced 2024-12-28 13:51:44 +00:00
217091dd7a
Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
134 lines
3.7 KiB
Plaintext
134 lines
3.7 KiB
Plaintext
# IBM Integrity Measurement Architecture
|
|
#
|
|
config IMA
|
|
bool "Integrity Measurement Architecture(IMA)"
|
|
depends on SECURITY
|
|
select INTEGRITY
|
|
select SECURITYFS
|
|
select CRYPTO
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH_INFO
|
|
select TCG_TPM if HAS_IOMEM && !UML
|
|
select TCG_TIS if TCG_TPM && X86
|
|
select TCG_IBMVTPM if TCG_TPM && PPC64
|
|
help
|
|
The Trusted Computing Group(TCG) runtime Integrity
|
|
Measurement Architecture(IMA) maintains a list of hash
|
|
values of executables and other sensitive system files,
|
|
as they are read or executed. If an attacker manages
|
|
to change the contents of an important system file
|
|
being measured, we can tell.
|
|
|
|
If your system has a TPM chip, then IMA also maintains
|
|
an aggregate integrity value over this list inside the
|
|
TPM hardware, so that the TPM can prove to a third party
|
|
whether or not critical system files have been modified.
|
|
Read <http://www.usenix.org/events/sec04/tech/sailer.html>
|
|
to learn more about IMA.
|
|
If unsure, say N.
|
|
|
|
config IMA_MEASURE_PCR_IDX
|
|
int
|
|
depends on IMA
|
|
range 8 14
|
|
default 10
|
|
help
|
|
IMA_MEASURE_PCR_IDX determines the TPM PCR register index
|
|
that IMA uses to maintain the integrity aggregate of the
|
|
measurement list. If unsure, use the default 10.
|
|
|
|
config IMA_LSM_RULES
|
|
bool
|
|
depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
|
|
default y
|
|
help
|
|
Disabling this option will disregard LSM based policy rules.
|
|
|
|
choice
|
|
prompt "Default template"
|
|
default IMA_NG_TEMPLATE
|
|
depends on IMA
|
|
help
|
|
Select the default IMA measurement template.
|
|
|
|
The original 'ima' measurement list template contains a
|
|
hash, defined as 20 bytes, and a null terminated pathname,
|
|
limited to 255 characters. The 'ima-ng' measurement list
|
|
template permits both larger hash digests and longer
|
|
pathnames.
|
|
|
|
config IMA_TEMPLATE
|
|
bool "ima"
|
|
config IMA_NG_TEMPLATE
|
|
bool "ima-ng (default)"
|
|
config IMA_SIG_TEMPLATE
|
|
bool "ima-sig"
|
|
endchoice
|
|
|
|
config IMA_DEFAULT_TEMPLATE
|
|
string
|
|
depends on IMA
|
|
default "ima" if IMA_TEMPLATE
|
|
default "ima-ng" if IMA_NG_TEMPLATE
|
|
default "ima-sig" if IMA_SIG_TEMPLATE
|
|
|
|
choice
|
|
prompt "Default integrity hash algorithm"
|
|
default IMA_DEFAULT_HASH_SHA1
|
|
depends on IMA
|
|
help
|
|
Select the default hash algorithm used for the measurement
|
|
list, integrity appraisal and audit log. The compiled default
|
|
hash algorithm can be overwritten using the kernel command
|
|
line 'ima_hash=' option.
|
|
|
|
config IMA_DEFAULT_HASH_SHA1
|
|
bool "SHA1 (default)"
|
|
depends on CRYPTO_SHA1
|
|
|
|
config IMA_DEFAULT_HASH_SHA256
|
|
bool "SHA256"
|
|
depends on CRYPTO_SHA256 && !IMA_TEMPLATE
|
|
|
|
config IMA_DEFAULT_HASH_SHA512
|
|
bool "SHA512"
|
|
depends on CRYPTO_SHA512 && !IMA_TEMPLATE
|
|
|
|
config IMA_DEFAULT_HASH_WP512
|
|
bool "WP512"
|
|
depends on CRYPTO_WP512 && !IMA_TEMPLATE
|
|
endchoice
|
|
|
|
config IMA_DEFAULT_HASH
|
|
string
|
|
depends on IMA
|
|
default "sha1" if IMA_DEFAULT_HASH_SHA1
|
|
default "sha256" if IMA_DEFAULT_HASH_SHA256
|
|
default "sha512" if IMA_DEFAULT_HASH_SHA512
|
|
default "wp512" if IMA_DEFAULT_HASH_WP512
|
|
|
|
config IMA_APPRAISE
|
|
bool "Appraise integrity measurements"
|
|
depends on IMA
|
|
default n
|
|
help
|
|
This option enables local measurement integrity appraisal.
|
|
It requires the system to be labeled with a security extended
|
|
attribute containing the file hash measurement. To protect
|
|
the security extended attributes from offline attack, enable
|
|
and configure EVM.
|
|
|
|
For more information on integrity appraisal refer to:
|
|
<http://linux-ima.sourceforge.net>
|
|
If unsure, say N.
|
|
|
|
config IMA_TRUSTED_KEYRING
|
|
bool "Require all keys on the _ima keyring be signed"
|
|
depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
|
|
default y
|
|
help
|
|
This option requires that all keys added to the _ima
|
|
keyring be signed by a key on the system trusted keyring.
|