1 # IBM Integrity Measurement Architecture
4 bool "Integrity Measurement Architecture(IMA)"
12 select TCG_TPM if !S390
13 select TCG_TIS if TCG_TPM
15 The Trusted Computing Group(TCG) runtime Integrity
16 Measurement Architecture(IMA) maintains a list of hash
17 values of executables and other sensitive system files,
18 as they are read or executed. If an attacker manages
19 to change the contents of an important system file
20 being measured, we can tell.
22 If your system has a TPM chip, then IMA also maintains
23 an aggregate integrity value over this list inside the
24 TPM hardware, so that the TPM can prove to a third party
25 whether or not critical system files have been modified.
26 Read <http://www.usenix.org/events/sec04/tech/sailer.html>
27 to learn more about IMA.
30 config IMA_MEASURE_PCR_IDX
36 IMA_MEASURE_PCR_IDX determines the TPM PCR register index
37 that IMA uses to maintain the integrity aggregate of the
38 measurement list. If unsure, use the default 10.
45 This option adds a kernel parameter 'ima_audit', which
46 allows informational auditing messages to be enabled
47 at boot. If this option is selected, informational integrity
48 auditing messages can be enabled with 'ima_audit=1' on
49 the kernel command line.
53 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
56 Disabling this option will disregard LSM based policy rules.