Require all keys on the integrity keyrings be signed
configname: CONFIG_INTEGRITY_TRUSTED_KEYRING
Linux Kernel Configuration
└─>Security options
└─>Require all keys on the integrity keyrings be signed
In linux kernel since version 3.10 (release Date: 2013-06-30)
This option requires that all keys added to the .ima and
.evm keyrings be signed by a key on the system trusted
keyring.
.evm keyrings be signed by a key on the system trusted
keyring.