61 lines
2.0 KiB
Plaintext
61 lines
2.0 KiB
Plaintext
config SECURITY_LOCKDOWN_LSM
|
|
bool "Basic module for enforcing kernel lockdown"
|
|
depends on SECURITY
|
|
select MODULE_SIG if MODULES
|
|
help
|
|
Build support for an LSM that enforces a coarse kernel lockdown
|
|
behaviour.
|
|
|
|
config SECURITY_LOCKDOWN_LSM_EARLY
|
|
bool "Enable lockdown LSM early in init"
|
|
depends on SECURITY_LOCKDOWN_LSM
|
|
help
|
|
Enable the lockdown LSM early in boot. This is necessary in order
|
|
to ensure that lockdown enforcement can be carried out on kernel
|
|
boot parameters that are otherwise parsed before the security
|
|
subsystem is fully initialised. If enabled, lockdown will
|
|
unconditionally be called before any other LSMs.
|
|
|
|
config LOCK_DOWN_IN_SECURE_BOOT
|
|
bool "Lock down the kernel in Secure Boot mode"
|
|
default n
|
|
depends on (EFI || S390 || PPC) && SECURITY_LOCKDOWN_LSM_EARLY
|
|
help
|
|
Secure Boot provides a mechanism for ensuring that the firmware will
|
|
only load signed bootloaders and kernels. Secure boot mode
|
|
determination is platform-specific; examples include EFI secure boot
|
|
and SIPL on s390.
|
|
|
|
Enabling this option results in kernel lockdown being triggered if
|
|
booted under secure boot.
|
|
|
|
choice
|
|
prompt "Kernel default lockdown mode"
|
|
default LOCK_DOWN_KERNEL_FORCE_NONE
|
|
depends on SECURITY_LOCKDOWN_LSM
|
|
help
|
|
The kernel can be configured to default to differing levels of
|
|
lockdown.
|
|
|
|
config LOCK_DOWN_KERNEL_FORCE_NONE
|
|
bool "None"
|
|
help
|
|
No lockdown functionality is enabled by default. Lockdown may be
|
|
enabled via the kernel commandline or /sys/kernel/security/lockdown.
|
|
|
|
config LOCK_DOWN_KERNEL_FORCE_INTEGRITY
|
|
bool "Integrity"
|
|
help
|
|
The kernel runs in integrity mode by default. Features that allow
|
|
the kernel to be modified at runtime are disabled.
|
|
|
|
config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY
|
|
bool "Confidentiality"
|
|
help
|
|
The kernel runs in confidentiality mode by default. Features that
|
|
allow the kernel to be modified at runtime or that permit userland
|
|
code to read confidential material held inside the kernel are
|
|
disabled.
|
|
|
|
endchoice
|