diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-10 14:18:59 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-10 14:18:59 -0500 |
commit | e0e736fc0d33861335e2a132e4f688f7fd380c61 (patch) | |
tree | d9febe9ca1ef1e24efc5e6e1e34e412316d246bd /security/Kconfig | |
parent | a08948812b30653eb2c536ae613b635a989feb6f (diff) | |
parent | aeda4ac3efc29e4d55989abd0a73530453aa69ba (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits)
MAINTAINERS: Add tomoyo-dev-en ML.
SELinux: define permissions for DCB netlink messages
encrypted-keys: style and other cleanup
encrypted-keys: verify datablob size before converting to binary
trusted-keys: kzalloc and other cleanup
trusted-keys: additional TSS return code and other error handling
syslog: check cap_syslog when dmesg_restrict
Smack: Transmute labels on specified directories
selinux: cache sidtab_context_to_sid results
SELinux: do not compute transition labels on mountpoint labeled filesystems
This patch adds a new security attribute to Smack called SMACK64EXEC. It defines label that is used while task is running.
SELinux: merge policydb_index_classes and policydb_index_others
selinux: convert part of the sym_val_to_name array to use flex_array
selinux: convert type_val_to_struct to flex_array
flex_array: fix flex_array_put_ptr macro to be valid C
SELinux: do not set automatic i_ino in selinuxfs
selinux: rework security_netlbl_secattr_to_sid
SELinux: standardize return code handling in selinuxfs.c
SELinux: standardize return code handling in selinuxfs.c
SELinux: standardize return code handling in policydb.c
...
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index e80da955e687..95accd442d55 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -21,6 +21,37 @@ config KEYS | |||
21 | 21 | ||
22 | If you are unsure as to whether this is required, answer N. | 22 | If you are unsure as to whether this is required, answer N. |
23 | 23 | ||
24 | config TRUSTED_KEYS | ||
25 | tristate "TRUSTED KEYS" | ||
26 | depends on KEYS && TCG_TPM | ||
27 | select CRYPTO | ||
28 | select CRYPTO_HMAC | ||
29 | select CRYPTO_SHA1 | ||
30 | help | ||
31 | This option provides support for creating, sealing, and unsealing | ||
32 | keys in the kernel. Trusted keys are random number symmetric keys, | ||
33 | generated and RSA-sealed by the TPM. The TPM only unseals the keys, | ||
34 | if the boot PCRs and other criteria match. Userspace will only ever | ||
35 | see encrypted blobs. | ||
36 | |||
37 | If you are unsure as to whether this is required, answer N. | ||
38 | |||
39 | config ENCRYPTED_KEYS | ||
40 | tristate "ENCRYPTED KEYS" | ||
41 | depends on KEYS && TRUSTED_KEYS | ||
42 | select CRYPTO_AES | ||
43 | select CRYPTO_CBC | ||
44 | select CRYPTO_SHA256 | ||
45 | select CRYPTO_RNG | ||
46 | help | ||
47 | This option provides support for create/encrypting/decrypting keys | ||
48 | in the kernel. Encrypted keys are kernel generated random numbers, | ||
49 | which are encrypted/decrypted with a 'master' symmetric key. The | ||
50 | 'master' key can be either a trusted-key or user-key type. | ||
51 | Userspace only ever sees/stores encrypted blobs. | ||
52 | |||
53 | If you are unsure as to whether this is required, answer N. | ||
54 | |||
24 | config KEYS_DEBUG_PROC_KEYS | 55 | config KEYS_DEBUG_PROC_KEYS |
25 | bool "Enable the /proc/keys file by which keys may be viewed" | 56 | bool "Enable the /proc/keys file by which keys may be viewed" |
26 | depends on KEYS | 57 | depends on KEYS |