| # IBM Integrity Measurement Architecture |
| # |
| config IMA |
| bool "Integrity Measurement Architecture(IMA)" |
| select SECURITYFS |
| select CRYPTO |
| select CRYPTO_HMAC |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_HASH_INFO |
| select TCG_TPM if HAS_IOMEM && !UML |
| select TCG_TIS if TCG_TPM && X86 |
| select TCG_IBMVTPM if TCG_TPM && PPC64 |
| help |
| The Trusted Computing Group(TCG) runtime Integrity |
| Measurement Architecture(IMA) maintains a list of hash |
| values of executables and other sensitive system files, |
| as they are read or executed. If an attacker manages |
| to change the contents of an important system file |
| being measured, we can tell. |
| |
| If your system has a TPM chip, then IMA also maintains |
| an aggregate integrity value over this list inside the |
| TPM hardware, so that the TPM can prove to a third party |
| whether or not critical system files have been modified. |
| Read <http://www.usenix.org/events/sec04/tech/sailer.html> |
| to learn more about IMA. |
| If unsure, say N. |
| |
| config IMA_MEASURE_PCR_IDX |
| int |
| depends on IMA |
| range 8 14 |
| default 10 |
| help |
| IMA_MEASURE_PCR_IDX determines the TPM PCR register index |
| that IMA uses to maintain the integrity aggregate of the |
| measurement list. If unsure, use the default 10. |
| |
| config IMA_LSM_RULES |
| bool |
| depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK) |
| default y |
| help |
| Disabling this option will disregard LSM based policy rules. |
| |
| choice |
| prompt "Default template" |
| default IMA_NG_TEMPLATE |
| depends on IMA |
| help |
| Select the default IMA measurement template. |
| |
| The original 'ima' measurement list template contains a |
| hash, defined as 20 bytes, and a null terminated pathname, |
| limited to 255 characters. The 'ima-ng' measurement list |
| template permits both larger hash digests and longer |
| pathnames. |
| |
| config IMA_TEMPLATE |
| bool "ima" |
| config IMA_NG_TEMPLATE |
| bool "ima-ng (default)" |
| config IMA_SIG_TEMPLATE |
| bool "ima-sig" |
| endchoice |
| |
| config IMA_DEFAULT_TEMPLATE |
| string |
| depends on IMA |
| default "ima" if IMA_TEMPLATE |
| default "ima-ng" if IMA_NG_TEMPLATE |
| default "ima-sig" if IMA_SIG_TEMPLATE |
| |
| choice |
| prompt "Default integrity hash algorithm" |
| default IMA_DEFAULT_HASH_SHA1 |
| depends on IMA |
| help |
| Select the default hash algorithm used for the measurement |
| list, integrity appraisal and audit log. The compiled default |
| hash algorithm can be overwritten using the kernel command |
| line 'ima_hash=' option. |
| |
| config IMA_DEFAULT_HASH_SHA1 |
| bool "SHA1 (default)" |
| depends on CRYPTO_SHA1 |
| |
| config IMA_DEFAULT_HASH_SHA256 |
| bool "SHA256" |
| depends on CRYPTO_SHA256 && !IMA_TEMPLATE |
| |
| config IMA_DEFAULT_HASH_SHA512 |
| bool "SHA512" |
| depends on CRYPTO_SHA512 && !IMA_TEMPLATE |
| |
| config IMA_DEFAULT_HASH_WP512 |
| bool "WP512" |
| depends on CRYPTO_WP512 && !IMA_TEMPLATE |
| endchoice |
| |
| config IMA_DEFAULT_HASH |
| string |
| depends on IMA |
| default "sha1" if IMA_DEFAULT_HASH_SHA1 |
| default "sha256" if IMA_DEFAULT_HASH_SHA256 |
| default "sha512" if IMA_DEFAULT_HASH_SHA512 |
| default "wp512" if IMA_DEFAULT_HASH_WP512 |
| |
| config IMA_APPRAISE |
| bool "Appraise integrity measurements" |
| depends on IMA |
| default n |
| help |
| This option enables local measurement integrity appraisal. |
| It requires the system to be labeled with a security extended |
| attribute containing the file hash measurement. To protect |
| the security extended attributes from offline attack, enable |
| and configure EVM. |
| |
| For more information on integrity appraisal refer to: |
| <http://linux-ima.sourceforge.net> |
| If unsure, say N. |
| |
| config IMA_TRUSTED_KEYRING |
| bool "Require all keys on the .ima keyring be signed" |
| depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING |
| depends on INTEGRITY_ASYMMETRIC_KEYS |
| select KEYS_DEBUG_PROC_KEYS |
| default y |
| help |
| This option requires that all keys added to the .ima |
| keyring be signed by a key on the system trusted keyring. |