CONFIG_INTEGRITY_TRUSTED_KEYRING - kernelconfig.io

Require all keys on the integrity keyrings be signed

configname: CONFIG_INTEGRITY_TRUSTED_KEYRING

Linux Kernel Configuration

└─>Security options

└─>Require all keys on the integrity keyrings be signed

In linux kernel since version 3.10 (release Date: 2013-06-30)

This option requires that all keys added to the .ima and
.evm keyrings be signed by a key on the system trusted
keyring.

depends

CONFIG_INTEGRITY
CONFIG_INTEGRITY_ASYMMETRIC_KEYS
CONFIG_SYSTEM_TRUSTED_KEYRING

is depended by

CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY