linux/security/ipe/Kconfig

# SPDX-License-Identifier: GPL-2.0-only
#
# Integrity Policy Enforcement (IPE) configuration
#

menuconfig SECURITY_IPE
	bool "Integrity Policy Enforcement (IPE)"
	depends on SECURITY && SECURITYFS
	select PKCS7_MESSAGE_PARSER
	select SYSTEM_DATA_VERIFICATION
	help
	  This option enables the Integrity Policy Enforcement LSM
	  allowing users to define a policy to enforce a trust-based access
	  control. A key feature of IPE is a customizable policy to allow
	  admins to reconfigure trust requirements on the fly.

	  If unsure, answer N.
lsm: add IPE lsm Integrity Policy Enforcement (IPE) is an LSM that provides an complimentary approach to Mandatory Access Control than existing LSMs today. Existing LSMs have centered around the concept of access to a resource should be controlled by the current user's credentials. IPE's approach, is that access to a resource should be controlled by the system's trust of a current resource. The basis of this approach is defining a global policy to specify which resource can be trusted. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-08-03 06:08:15 +00:00			`# SPDX-License-Identifier: GPL-2.0-only`
			`#`
			`# Integrity Policy Enforcement (IPE) configuration`
			`#`

			`menuconfig SECURITY_IPE`
			`bool "Integrity Policy Enforcement (IPE)"`
			`depends on SECURITY && SECURITYFS`
			`select PKCS7_MESSAGE_PARSER`
			`select SYSTEM_DATA_VERIFICATION`
			`help`
			`This option enables the Integrity Policy Enforcement LSM`
			`allowing users to define a policy to enforce a trust-based access`
			`control. A key feature of IPE is a customizable policy to allow`
			`admins to reconfigure trust requirements on the fly.`

			`If unsure, answer N.`