Integrity Policy Enforcement (IPE)
modulename: boot_policy.ko
configname: CONFIG_SECURITY_IPE
Linux Kernel Configuration
└─>Security options
└─>Integrity Policy Enforcement (IPE)
In linux kernel since version 6.1.112 (release Date: 2024-09-30)
This option enables the Integrity Policy Enforcement LSM
allowing users to define a policy to enforce a trust-based access
control. A key feature of IPE is a customizable policy to allow
admins to reconfigure trust requirements on the fly.
If unsure, answer N.
allowing users to define a policy to enforce a trust-based access
control. A key feature of IPE is a customizable policy to allow
admins to reconfigure trust requirements on the fly.
If unsure, answer N.
source code:
selects
CONFIG_PKCS7_MESSAGE_PARSERCONFIG_SYSTEM_DATA_VERIFICATION
CONFIG_IPE_PROP_DM_VERITY
CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
CONFIG_IPE_PROP_FS_VERITY
CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG