Require all keys on the .ima keyring be signed

configname: CONFIG_IMA_TRUSTED_KEYRING

Linux Kernel Configuration
└─>Security options
└─>Require all keys on the .ima keyring be signed
In linux kernel since version 3.13.1 (release Date: 2014-01-29)  
This option requires that all keys added to the .ima
keyring be signed by a key on the system trusted keyring.