On 2/28/24 16:54, Fan Wu wrote: > diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig > index 7afb1ce0cb99..9dd5c4769d79 100644 > --- a/security/ipe/Kconfig > +++ b/security/ipe/Kconfig > @@ -30,6 +30,19 @@ config IPE_PROP_DM_VERITY > that was mounted with a signed root-hash or the volume's > root hash matches the supplied value in the policy. > > + If unsure, answer Y. > + > +config IPE_PROP_FS_VERITY > + bool "Enable property for fs-verity files" > + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES > + help > + This option enables the usage of properties "fsverity_signature" > + and "fsverity_digest". These properties evaluates to TRUE when > + a file is fsverity enabled and with a signed digest or its > + diegst matches the supplied value in the policy. digest > + > + if unsure, answer Y. -- #Randy
