[T106][ZXW-22]7520V3SCV2.01.01.02P42U09_VEC_V0.8_AP_VEC origin source commit Change-Id: Ic6e05d89ecd62fc34f82b23dcf306c93764aec4b

commit: 9ed821d7e5d875a3395740a9cc2545671fa429b7 [log] [tgz]
author: lh <lh@exm.com> Fri Apr 07 01:36:19 2023 -0700
committer: lh <lh@exm.com> Fri Apr 07 01:36:19 2023 -0700
tree: 121b5ff9a43e30066e3b33d57065b04bcf9bbabf
parent: a10a76fcf09e2ec7e9055902f242dff467ab9654 [diff] [blame]
diff --git a/ap/os/linux/linux-3.4.x/security/integrity/Kconfig b/ap/os/linux/linux-3.4.x/security/integrity/Kconfig
new file mode 100644
index 0000000..5bd1cc1
--- /dev/null
+++ b/ap/os/linux/linux-3.4.x/security/integrity/Kconfig

@@ -0,0 +1,21 @@
+#
+config INTEGRITY
+	def_bool y
+	depends on IMA || EVM
+
+config INTEGRITY_SIGNATURE
+	boolean "Digital signature verification using multiple keyrings"
+	depends on INTEGRITY && KEYS
+	default n
+	select SIGNATURE
+	help
+	  This option enables digital signature verification support
+	  using multiple keyrings. It defines separate keyrings for each
+	  of the different use cases - evm, ima, and modules.
+	  Different keyrings improves search performance, but also allow
+	  to "lock" certain keyring to prevent adding new keys.
+	  This is useful for evm and module keyrings, when keys are
+	  usually only added from initramfs.
+
+source security/integrity/ima/Kconfig
+source security/integrity/evm/Kconfig
commit	9ed821d7e5d875a3395740a9cc2545671fa429b7	[log] [tgz]
author	lh <lh@exm.com>	Fri Apr 07 01:36:19 2023 -0700
committer	lh <lh@exm.com>	Fri Apr 07 01:36:19 2023 -0700
tree	121b5ff9a43e30066e3b33d57065b04bcf9bbabf
parent	a10a76fcf09e2ec7e9055902f242dff467ab9654 [diff] [blame]