1# IBM Integrity Measurement Architecture 2# 3config IMA 4 bool "Integrity Measurement Architecture(IMA)" 5 depends on SECURITY 6 select SECURITYFS 7 select CRYPTO 8 select CRYPTO_HMAC 9 select CRYPTO_MD5 10 select CRYPTO_SHA1 11 select TCG_TPM if !S390 12 select TCG_TIS if TCG_TPM 13 help 14 The Trusted Computing Group(TCG) runtime Integrity 15 Measurement Architecture(IMA) maintains a list of hash 16 values of executables and other sensitive system files, 17 as they are read or executed. If an attacker manages 18 to change the contents of an important system file 19 being measured, we can tell. 20 21 If your system has a TPM chip, then IMA also maintains 22 an aggregate integrity value over this list inside the 23 TPM hardware, so that the TPM can prove to a third party 24 whether or not critical system files have been modified. 25 Read <http://www.usenix.org/events/sec04/tech/sailer.html> 26 to learn more about IMA. 27 If unsure, say N. 28 29config IMA_MEASURE_PCR_IDX 30 int 31 depends on IMA 32 range 8 14 33 default 10 34 help 35 IMA_MEASURE_PCR_IDX determines the TPM PCR register index 36 that IMA uses to maintain the integrity aggregate of the 37 measurement list. If unsure, use the default 10. 38 39config IMA_AUDIT 40 bool 41 depends on IMA 42 default y 43 help 44 This option adds a kernel parameter 'ima_audit', which 45 allows informational auditing messages to be enabled 46 at boot. If this option is selected, informational integrity 47 auditing messages can be enabled with 'ima_audit=1' on 48 the kernel command line. 49 50config IMA_LSM_RULES 51 bool 52 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK) 53 default y 54 help 55 Disabling this option will disregard LSM based policy rules. 56