On 10/4/23 15:09, Fan Wu wrote: | diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig | index 7afb1ce0cb99..9dd5c4769d79 100644 | --- a/security/ipe/Kconfig | +++ b/security/ipe/Kconfig | @@ -30,6 +30,19 @@ config IPE_PROP_DM_VERITY | that was mounted with a signed root-hash or the volume's | root hash matches the supplied value in the policy. | | + If unsure, answer Y. | + | +config IPE_PROP_FS_VERITY | + bool "Enable property for fs-verity files" | + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES | + help | + This option enables the usage of properties "fsverity_signature" | + and "fsverity_digest". These properties evaluates to TRUE when evaluate | + a file is fsverity enabled and with a signed digest or its | + diegst matches the supplied value in the policy. digest | + | + if unsure, answer Y. | + | endmenu | | endif -- ~Randy -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
