Re: [RFC PATCH v11 16/19] ipe: enable support for fs-verity as a trust provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/4/23 15:09, Fan Wu wrote:

| diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
| index 7afb1ce0cb99..9dd5c4769d79 100644
| --- a/security/ipe/Kconfig
| +++ b/security/ipe/Kconfig
| @@ -30,6 +30,19 @@ config IPE_PROP_DM_VERITY
|  	  that was mounted with a signed root-hash or the volume's
|  	  root hash matches the supplied value in the policy.
|  
| +	  If unsure, answer Y.
| +
| +config IPE_PROP_FS_VERITY
| +	bool "Enable property for fs-verity files"
| +	depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
| +	help
| +	  This option enables the usage of properties "fsverity_signature"
| +	  and "fsverity_digest". These properties evaluates to TRUE when

	                                          evaluate

| +	  a file is fsverity enabled and with a signed digest or its
| +	  diegst matches the supplied value in the policy.

	  digest

| +
| +	  if unsure, answer Y.
| +
|  endmenu
|  
|  endif


-- 
~Randy

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux