aboutsummaryrefslogtreecommitdiffstats
path: root/security/Kconfig
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-01-10 14:18:59 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-01-10 14:18:59 -0500
commite0e736fc0d33861335e2a132e4f688f7fd380c61 (patch)
treed9febe9ca1ef1e24efc5e6e1e34e412316d246bd /security/Kconfig
parenta08948812b30653eb2c536ae613b635a989feb6f (diff)
parentaeda4ac3efc29e4d55989abd0a73530453aa69ba (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits) MAINTAINERS: Add tomoyo-dev-en ML. SELinux: define permissions for DCB netlink messages encrypted-keys: style and other cleanup encrypted-keys: verify datablob size before converting to binary trusted-keys: kzalloc and other cleanup trusted-keys: additional TSS return code and other error handling syslog: check cap_syslog when dmesg_restrict Smack: Transmute labels on specified directories selinux: cache sidtab_context_to_sid results SELinux: do not compute transition labels on mountpoint labeled filesystems This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running. SELinux: merge policydb_index_classes and policydb_index_others selinux: convert part of the sym_val_to_name array to use flex_array selinux: convert type_val_to_struct to flex_array flex_array: fix flex_array_put_ptr macro to be valid C SELinux: do not set automatic i_ino in selinuxfs selinux: rework security_netlbl_secattr_to_sid SELinux: standardize return code handling in selinuxfs.c SELinux: standardize return code handling in selinuxfs.c SELinux: standardize return code handling in policydb.c ...
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig31
1 files changed, 31 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e80da955e687..95accd442d55 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -21,6 +21,37 @@ config KEYS
21 21
22 If you are unsure as to whether this is required, answer N. 22 If you are unsure as to whether this is required, answer N.
23 23
24config TRUSTED_KEYS
25 tristate "TRUSTED KEYS"
26 depends on KEYS && TCG_TPM
27 select CRYPTO
28 select CRYPTO_HMAC
29 select CRYPTO_SHA1
30 help
31 This option provides support for creating, sealing, and unsealing
32 keys in the kernel. Trusted keys are random number symmetric keys,
33 generated and RSA-sealed by the TPM. The TPM only unseals the keys,
34 if the boot PCRs and other criteria match. Userspace will only ever
35 see encrypted blobs.
36
37 If you are unsure as to whether this is required, answer N.
38
39config ENCRYPTED_KEYS
40 tristate "ENCRYPTED KEYS"
41 depends on KEYS && TRUSTED_KEYS
42 select CRYPTO_AES
43 select CRYPTO_CBC
44 select CRYPTO_SHA256
45 select CRYPTO_RNG
46 help
47 This option provides support for create/encrypting/decrypting keys
48 in the kernel. Encrypted keys are kernel generated random numbers,
49 which are encrypted/decrypted with a 'master' symmetric key. The
50 'master' key can be either a trusted-key or user-key type.
51 Userspace only ever sees/stores encrypted blobs.
52
53 If you are unsure as to whether this is required, answer N.
54
24config KEYS_DEBUG_PROC_KEYS 55config KEYS_DEBUG_PROC_KEYS
25 bool "Enable the /proc/keys file by which keys may be viewed" 56 bool "Enable the /proc/keys file by which keys may be viewed"
26 depends on KEYS 57 depends on KEYS