Patched in Tegra support.

author: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
committer: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
commit: 8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree: a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/Kconfig
parent: 406089d01562f1e2bf9f089fd7637009ebaad589 (diff)
1 files changed, 67 insertions, 8 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e9c6ac724fe..85923b649d1 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -4,7 +4,71 @@
 menu "Security options"
-source security/keys/Kconfig
+config KEYS
+        bool "Enable access key retention support"
+        help
+          This option provides support for retaining authentication tokens and
+          access keys in the kernel.
+          It also includes provision of methods by which such keys might be
+          associated with a process so that network filesystems, encryption
+          support and the like can find them.
+          Furthermore, a special type of key is available that acts as keyring:
+          a searchable sequence of keys. Each process is equipped with access
+          to five standard keyrings: UID-specific, GID-specific, session,
+          process and thread.
+          If you are unsure as to whether this is required, answer N.
+config TRUSTED_KEYS
+        tristate "TRUSTED KEYS"
+        depends on KEYS && TCG_TPM
+        select CRYPTO
+        select CRYPTO_HMAC
+        select CRYPTO_SHA1
+        help
+          This option provides support for creating, sealing, and unsealing
+          keys in the kernel. Trusted keys are random number symmetric keys,
+          generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+          if the boot PCRs and other criteria match.  Userspace will only ever
+          see encrypted blobs.
+          If you are unsure as to whether this is required, answer N.
+config ENCRYPTED_KEYS
+        tristate "ENCRYPTED KEYS"
+        depends on KEYS && TRUSTED_KEYS
+        select CRYPTO_AES
+        select CRYPTO_CBC
+        select CRYPTO_SHA256
+        select CRYPTO_RNG
+        help
+          This option provides support for create/encrypting/decrypting keys
+          in the kernel.  Encrypted keys are kernel generated random numbers,
+          which are encrypted/decrypted with a 'master' symmetric key. The
+          'master' key can be either a trusted-key or user-key type.
+          Userspace only ever sees/stores encrypted blobs.
+          If you are unsure as to whether this is required, answer N.
+config KEYS_DEBUG_PROC_KEYS
+        bool "Enable the /proc/keys file by which keys may be viewed"
+        depends on KEYS
+        help
+          This option turns on support for the /proc/keys file - through which
+          can be listed all the keys on the system that are viewable by the
+          reading process.
+          The only keys included in the list are those that grant View
+          permission to the reading process whether or not it possesses them.
+          Note that LSM security checks are still performed, and may further
+          filter out keys that the current process is not authorised to view.
+          Only key attributes are listed here; key payloads are not included in
+          the resulting table.
+          If you are unsure as to whether this is required, answer N.
 config SECURITY_DMESG_RESTRICT
        bool "Restrict unprivileged access to the kernel syslog"
@@ -121,9 +185,9 @@ source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig
 source security/apparmor/Kconfig
-source security/yama/Kconfig
+source security/tf_driver/Kconfig
-source security/integrity/Kconfig
+source security/integrity/ima/Kconfig
 choice
        prompt "Default security module"
@@ -131,7 +195,6 @@ choice
        default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
        default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
        default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
-        default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
        default DEFAULT_SECURITY_DAC
        help
@@ -150,9 +213,6 @@ choice
        config DEFAULT_SECURITY_APPARMOR
                bool "AppArmor" if SECURITY_APPARMOR=y
-        config DEFAULT_SECURITY_YAMA
-                bool "Yama" if SECURITY_YAMA=y
        config DEFAULT_SECURITY_DAC
                bool "Unix Discretionary Access Controls"
@@ -164,7 +224,6 @@ config DEFAULT_SECURITY
        default "smack" if DEFAULT_SECURITY_SMACK
        default "tomoyo" if DEFAULT_SECURITY_TOMOYO
        default "apparmor" if DEFAULT_SECURITY_APPARMOR
-        default "yama" if DEFAULT_SECURITY_YAMA
        default "" if DEFAULT_SECURITY_DAC
 endmenu
author	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
committer	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
commit	8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree	a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/Kconfig
parent	406089d01562f1e2bf9f089fd7637009ebaad589 (diff)

diff --git a/security/Kconfig b/security/Kconfig index e9c6ac724fe..85923b649d1 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -4,7 +4,71 @@
4		4
5	menu "Security options"	5	menu "Security options"
6		6
7	source security/keys/Kconfig	7	config KEYS
		8	bool "Enable access key retention support"
		9	help
		10	This option provides support for retaining authentication tokens and
		11	access keys in the kernel.
		12
		13	It also includes provision of methods by which such keys might be
		14	associated with a process so that network filesystems, encryption
		15	support and the like can find them.
		16
		17	Furthermore, a special type of key is available that acts as keyring:
		18	a searchable sequence of keys. Each process is equipped with access
		19	to five standard keyrings: UID-specific, GID-specific, session,
		20	process and thread.
		21
		22	If you are unsure as to whether this is required, answer N.
		23
		24	config TRUSTED_KEYS
		25	tristate "TRUSTED KEYS"
		26	depends on KEYS && TCG_TPM
		27	select CRYPTO
		28	select CRYPTO_HMAC
		29	select CRYPTO_SHA1
		30	help
		31	This option provides support for creating, sealing, and unsealing
		32	keys in the kernel. Trusted keys are random number symmetric keys,
		33	generated and RSA-sealed by the TPM. The TPM only unseals the keys,
		34	if the boot PCRs and other criteria match. Userspace will only ever
		35	see encrypted blobs.
		36
		37	If you are unsure as to whether this is required, answer N.
		38
		39	config ENCRYPTED_KEYS
		40	tristate "ENCRYPTED KEYS"
		41	depends on KEYS && TRUSTED_KEYS
		42	select CRYPTO_AES
		43	select CRYPTO_CBC
		44	select CRYPTO_SHA256
		45	select CRYPTO_RNG
		46	help
		47	This option provides support for create/encrypting/decrypting keys
		48	in the kernel. Encrypted keys are kernel generated random numbers,
		49	which are encrypted/decrypted with a 'master' symmetric key. The
		50	'master' key can be either a trusted-key or user-key type.
		51	Userspace only ever sees/stores encrypted blobs.
		52
		53	If you are unsure as to whether this is required, answer N.
		54
		55	config KEYS_DEBUG_PROC_KEYS
		56	bool "Enable the /proc/keys file by which keys may be viewed"
		57	depends on KEYS
		58	help
		59	This option turns on support for the /proc/keys file - through which
		60	can be listed all the keys on the system that are viewable by the
		61	reading process.
		62
		63	The only keys included in the list are those that grant View
		64	permission to the reading process whether or not it possesses them.
		65	Note that LSM security checks are still performed, and may further
		66	filter out keys that the current process is not authorised to view.
		67
		68	Only key attributes are listed here; key payloads are not included in
		69	the resulting table.
		70
		71	If you are unsure as to whether this is required, answer N.
8		72
9	config SECURITY_DMESG_RESTRICT	73	config SECURITY_DMESG_RESTRICT
10	bool "Restrict unprivileged access to the kernel syslog"	74	bool "Restrict unprivileged access to the kernel syslog"
@@ -121,9 +185,9 @@ source security/selinux/Kconfig
121	source security/smack/Kconfig	185	source security/smack/Kconfig
122	source security/tomoyo/Kconfig	186	source security/tomoyo/Kconfig
123	source security/apparmor/Kconfig	187	source security/apparmor/Kconfig
124	source security/yama/Kconfig	188	source security/tf_driver/Kconfig
125		189
126	source security/integrity/Kconfig	190	source security/integrity/ima/Kconfig
127		191
128	choice	192	choice
129	prompt "Default security module"	193	prompt "Default security module"
@@ -131,7 +195,6 @@ choice
131	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK	195	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
132	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO	196	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
133	default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR	197	default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
134	default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
135	default DEFAULT_SECURITY_DAC	198	default DEFAULT_SECURITY_DAC
136		199
137	help	200	help
@@ -150,9 +213,6 @@ choice
150	config DEFAULT_SECURITY_APPARMOR	213	config DEFAULT_SECURITY_APPARMOR
151	bool "AppArmor" if SECURITY_APPARMOR=y	214	bool "AppArmor" if SECURITY_APPARMOR=y
152		215
153	config DEFAULT_SECURITY_YAMA
154	bool "Yama" if SECURITY_YAMA=y
155
156	config DEFAULT_SECURITY_DAC	216	config DEFAULT_SECURITY_DAC
157	bool "Unix Discretionary Access Controls"	217	bool "Unix Discretionary Access Controls"
158		218
@@ -164,7 +224,6 @@ config DEFAULT_SECURITY
164	default "smack" if DEFAULT_SECURITY_SMACK	224	default "smack" if DEFAULT_SECURITY_SMACK
165	default "tomoyo" if DEFAULT_SECURITY_TOMOYO	225	default "tomoyo" if DEFAULT_SECURITY_TOMOYO
166	default "apparmor" if DEFAULT_SECURITY_APPARMOR	226	default "apparmor" if DEFAULT_SECURITY_APPARMOR
167	default "yama" if DEFAULT_SECURITY_YAMA
168	default "" if DEFAULT_SECURITY_DAC	227	default "" if DEFAULT_SECURITY_DAC
169		228
170	endmenu	229	endmenu