Merge branch 'master' into fixes

author: Russell King <rmk+kernel@arm.linux.org.uk> 2012-01-13 15:00:22 +0000
committer: Russell King <rmk+kernel@arm.linux.org.uk> 2012-01-13 15:00:22 +0000
commit: 4de3a8e101150feaefa1139611a50ff37467f33e (patch)
tree: daada742542518b02d7db7c5d32e715eaa5f166d /security/integrity/Kconfig
parent: 294064f58953f9964e5945424b09c51800330a83 (diff)
parent: 099469502f62fbe0d7e4f0b83a2f22538367f734 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4bf00acf793..d384ea92148 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,5 +3,19 @@ config INTEGRITY
 	def_bool y
 	depends on IMA || EVM
 
+config INTEGRITY_DIGSIG
+	boolean "Digital signature verification using multiple keyrings"
+	depends on INTEGRITY && KEYS
+	default n
+	select DIGSIG
+	help
+	  This option enables digital signature verification support
+	  using multiple keyrings. It defines separate keyrings for each
+	  of the different use cases - evm, ima, and modules.
+	  Different keyrings improves search performance, but also allow
+	  to "lock" certain keyring to prevent adding new keys.
+	  This is useful for evm and module keyrings, when keys are
+	  usually only added from initramfs.
+
 source security/integrity/ima/Kconfig
 source security/integrity/evm/Kconfig
author	Russell King <rmk+kernel@arm.linux.org.uk>	2012-01-13 15:00:22 +0000
committer	Russell King <rmk+kernel@arm.linux.org.uk>	2012-01-13 15:00:22 +0000
commit	4de3a8e101150feaefa1139611a50ff37467f33e (patch)
tree	daada742542518b02d7db7c5d32e715eaa5f166d /security/integrity/Kconfig
parent	294064f58953f9964e5945424b09c51800330a83 (diff)
parent	099469502f62fbe0d7e4f0b83a2f22538367f734 (diff)