MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 05:15:23 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
0311507792
linux-yocto/security/ipe/Kconfig
Deven Bowers 0311507792 lsm: add IPE lsm 
Integrity Policy Enforcement (IPE) is an LSM that provides an
complimentary approach to Mandatory Access Control than existing LSMs
today.

Existing LSMs have centered around the concept of access to a resource
should be controlled by the current user's credentials. IPE's approach,
is that access to a resource should be controlled by the system's trust
of a current resource.

The basis of this approach is defining a global policy to specify which
resource can be trusted.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-19 22:36:26 -04:00

543 B
Raw Blame History

SPDX-License-Identifier: GPL-2.0-only

Integrity Policy Enforcement (IPE) configuration

menuconfig SECURITY_IPE bool "Integrity Policy Enforcement (IPE)" depends on SECURITY && SECURITYFS select PKCS7_MESSAGE_PARSER select SYSTEM_DATA_VERIFICATION help This option enables the Integrity Policy Enforcement LSM allowing users to define a policy to enforce a trust-based access control. A key feature of IPE is a customizable policy to allow admins to reconfigure trust requirements on the fly.

  If unsure, answer N.