Diffstat (limited to 'security/integrity/ima/Kconfig')
1 files changed, 12 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 5487827fa86c..370eb2f4dd37 100644
@@ -27,6 +27,18 @@ config IMA
to learn more about IMA.
If unsure, say N.
+ bool "Enable carrying the IMA measurement list across a soft boot"
+ depends on IMA && TCG_TPM && HAVE_IMA_KEXEC
+ default n
+ TPM PCRs are only reset on a hard reboot. In order to validate
+ a TPM's quote after a soft boot, the IMA measurement list of the
+ running kernel must be saved and restored on boot.
+ Depending on the IMA policy, the measurement list can grow to
+ be very large.
depends on IMA