Enable support for fs-verity based on builtin signature
configname: CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
Linux Kernel Configuration
└─>Security options
└─>Integrity Policy Enforcement (IPE)
└─>IPE Trust Providers
└─>Enable support for fs-verity based on builtin signature
In linux kernel since version 6.1.112 (release Date: 2024-09-30)
This option enables the 'fsverity_signature' property within IPE
policies. The property evaluates to TRUE when a file is fsverity
enabled and it has a valid builtin signature whose signing cert
is in the .fs-verity keyring.
if unsure, answer Y.
policies. The property evaluates to TRUE when a file is fsverity
enabled and it has a valid builtin signature whose signing cert
is in the .fs-verity keyring.
if unsure, answer Y.