* [PATCH] secuirty: integrity: ima: pedantic formatting
@ 2019-03-11 13:44 Enrico Weigelt, metux IT consult
0 siblings, 0 replies; only message in thread
From: Enrico Weigelt, metux IT consult @ 2019-03-11 13:44 UTC (permalink / raw)
To: linux-kernel; +Cc: linux-integrity, linux-security-module
Formatting of Kconfig files doesn't look so pretty, so let the
Great White Handkerchief come around and clean it up.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
security/integrity/ima/Kconfig | 64 +++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index a18f8c6..416b724 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -34,12 +34,12 @@ config IMA_KEXEC
depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
default n
help
- TPM PCRs are only reset on a hard reboot. In order to validate
- a TPM's quote after a soft boot, the IMA measurement list of the
- running kernel must be saved and restored on boot.
+ TPM PCRs are only reset on a hard reboot. In order to validate
+ a TPM's quote after a soft boot, the IMA measurement list of the
+ running kernel must be saved and restored on boot.
- Depending on the IMA policy, the measurement list can grow to
- be very large.
+ Depending on the IMA policy, the measurement list can grow to
+ be very large.
config IMA_MEASURE_PCR_IDX
int
@@ -91,10 +91,10 @@ choice
default IMA_DEFAULT_HASH_SHA1
depends on IMA
help
- Select the default hash algorithm used for the measurement
- list, integrity appraisal and audit log. The compiled default
- hash algorithm can be overwritten using the kernel command
- line 'ima_hash=' option.
+ Select the default hash algorithm used for the measurement
+ list, integrity appraisal and audit log. The compiled default
+ hash algorithm can be overwritten using the kernel command
+ line 'ima_hash=' option.
config IMA_DEFAULT_HASH_SHA1
bool "SHA1 (default)"
@@ -138,9 +138,9 @@ config IMA_READ_POLICY
default y if IMA_WRITE_POLICY
default n if !IMA_WRITE_POLICY
help
- It is often useful to be able to read back the IMA policy. It is
- even more important after introducing CONFIG_IMA_WRITE_POLICY.
- This option allows the root user to see the current policy rules.
+ It is often useful to be able to read back the IMA policy. It is
+ even more important after introducing CONFIG_IMA_WRITE_POLICY.
+ This option allows the root user to see the current policy rules.
config IMA_APPRAISE
bool "Appraise integrity measurements"
@@ -158,12 +158,12 @@ config IMA_APPRAISE
If unsure, say N.
config IMA_ARCH_POLICY
- bool "Enable loading an IMA architecture specific policy"
- depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
- default n
- help
- This option enables loading an IMA architecture specific policy
- based on run time secure boot flags.
+ bool "Enable loading an IMA architecture specific policy"
+ depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS
+ default n
+ help
+ This option enables loading an IMA architecture specific policy
+ based on run time secure boot flags.
config IMA_APPRAISE_BUILD_POLICY
bool "IMA build time configured policy rules"
@@ -238,10 +238,10 @@ config IMA_TRUSTED_KEYRING
select INTEGRITY_TRUSTED_KEYRING
default y
help
- This option requires that all keys added to the .ima
- keyring be signed by a key on the system trusted keyring.
+ This option requires that all keys added to the .ima
+ keyring be signed by a key on the system trusted keyring.
- This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
+ This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
@@ -266,32 +266,32 @@ config IMA_BLACKLIST_KEYRING
depends on IMA_TRUSTED_KEYRING
default n
help
- This option creates an IMA blacklist keyring, which contains all
- revoked IMA keys. It is consulted before any other keyring. If
- the search is successful the requested operation is rejected and
- an error is returned to the caller.
+ This option creates an IMA blacklist keyring, which contains all
+ revoked IMA keys. It is consulted before any other keyring. If
+ the search is successful the requested operation is rejected and
+ an error is returned to the caller.
config IMA_LOAD_X509
bool "Load X509 certificate onto the '.ima' trusted keyring"
depends on IMA_TRUSTED_KEYRING
default n
help
- File signature verification is based on the public keys
- loaded on the .ima trusted keyring. These public keys are
- X509 certificates signed by a trusted key on the
- .system keyring. This option enables X509 certificate
- loading from the kernel onto the '.ima' trusted keyring.
+ File signature verification is based on the public keys
+ loaded on the .ima trusted keyring. These public keys are
+ X509 certificates signed by a trusted key on the
+ .system keyring. This option enables X509 certificate
+ loading from the kernel onto the '.ima' trusted keyring.
config IMA_X509_PATH
string "IMA X509 certificate path"
depends on IMA_LOAD_X509
default "/etc/keys/x509_ima.der"
help
- This option defines IMA X509 certificate path.
+ This option defines IMA X509 certificate path.
config IMA_APPRAISE_SIGNED_INIT
bool "Require signed user-space initialization"
depends on IMA_LOAD_X509
default n
help
- This option requires user-space init to be signed.
+ This option requires user-space init to be signed.
--
1.9.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-03-11 13:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11 13:44 [PATCH] secuirty: integrity: ima: pedantic formatting Enrico Weigelt, metux IT consult
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.