FS Verity builtin signature support
modulename: signature.ko
configname: CONFIG_FS_VERITY_BUILTIN_SIGNATURES
Linux Kernel Configuration
└─>File systems
└─>FS Verity builtin signature support
In linux kernel since version 4.14.326 (release Date: 2023-09-23)
Support verifying signatures of verity files against the X.509
certificates that have been loaded into the ".fs-verity"
kernel keyring.
This is meant as a relatively simple mechanism that can be
used to provide an authenticity guarantee for verity files, as
an alternative to IMA appraisal. Userspace programs still
need to check that the verity bit is set in order to get an
authenticity guarantee.
If unsure, say N.
certificates that have been loaded into the ".fs-verity"
kernel keyring.
This is meant as a relatively simple mechanism that can be
used to provide an authenticity guarantee for verity files, as
an alternative to IMA appraisal. Userspace programs still
need to check that the verity bit is set in order to get an
authenticity guarantee.
If unsure, say N.