~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,3 +1,4 @@
	1	+# SPDX-License-Identifier: GPL-2.0-only
1	2	#
2	3	config INTEGRITY
3	4	bool "Integrity subsystem"
..	..	@@ -17,8 +18,8 @@
17	18
18	19	config INTEGRITY_SIGNATURE
19	20	bool "Digital signature verification using multiple keyrings"
20		- depends on KEYS
21	21	default n
	22	+ select KEYS
22	23	select SIGNATURE
23	24	help
24	25	This option enables digital signature verification support
..	..	@@ -51,6 +52,35 @@
51	52	.evm keyrings be signed by a key on the system trusted
52	53	keyring.
53	54
	55	+config INTEGRITY_PLATFORM_KEYRING
	56	+ bool "Provide keyring for platform/firmware trusted keys"
	57	+ depends on INTEGRITY_ASYMMETRIC_KEYS
	58	+ depends on SYSTEM_BLACKLIST_KEYRING
	59	+ help
	60	+ Provide a separate, distinct keyring for platform trusted keys, which
	61	+ the kernel automatically populates during initialization from values
	62	+ provided by the platform for verifying the kexec'ed kerned image
	63	+ and, possibly, the initramfs signature.
	64	+
	65	+config LOAD_UEFI_KEYS
	66	+ depends on INTEGRITY_PLATFORM_KEYRING
	67	+ depends on EFI
	68	+ def_bool y
	69	+
	70	+config LOAD_IPL_KEYS
	71	+ depends on INTEGRITY_PLATFORM_KEYRING
	72	+ depends on S390
	73	+ def_bool y
	74	+
	75	+config LOAD_PPC_KEYS
	76	+ bool "Enable loading of platform and blacklisted keys for POWER"
	77	+ depends on INTEGRITY_PLATFORM_KEYRING
	78	+ depends on PPC_SECURE_BOOT
	79	+ default y
	80	+ help
	81	+ Enable loading of keys to the .platform keyring and blacklisted
	82	+ hashes to the .blacklist keyring for powerpc based platforms.
	83	+
54	84	config INTEGRITY_AUDIT
55	85	bool "Enables integrity auditing support "
56	86	depends on AUDIT
..	..	@@ -66,7 +96,7 @@
66	96	be enabled by specifying 'integrity_audit=1' on the kernel
67	97	command line.
68	98
69		-source security/integrity/ima/Kconfig
70		-source security/integrity/evm/Kconfig
	99	+source "security/integrity/ima/Kconfig"
	100	+source "security/integrity/evm/Kconfig"
71	101
72	102	endif # if INTEGRITY