diff options
Diffstat (limited to 'security/Kconfig')
| -rw-r--r-- | security/Kconfig | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index e80da955e687..24b8f9b491b8 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -21,6 +21,21 @@ config KEYS | |||
| 21 | 21 | ||
| 22 | If you are unsure as to whether this is required, answer N. | 22 | If you are unsure as to whether this is required, answer N. |
| 23 | 23 | ||
| 24 | config TRUSTED_KEYS | ||
| 25 | tristate "TRUSTED KEYS" | ||
| 26 | depends on KEYS && TCG_TPM | ||
| 27 | select CRYPTO | ||
| 28 | select CRYPTO_HMAC | ||
| 29 | select CRYPTO_SHA1 | ||
| 30 | help | ||
| 31 | This option provides support for creating, sealing, and unsealing | ||
| 32 | keys in the kernel. Trusted keys are random number symmetric keys, | ||
| 33 | generated and RSA-sealed by the TPM. The TPM only unseals the keys, | ||
| 34 | if the boot PCRs and other criteria match. Userspace will only ever | ||
| 35 | see encrypted blobs. | ||
| 36 | |||
| 37 | If you are unsure as to whether this is required, answer N. | ||
| 38 | |||
| 24 | config KEYS_DEBUG_PROC_KEYS | 39 | config KEYS_DEBUG_PROC_KEYS |
| 25 | bool "Enable the /proc/keys file by which keys may be viewed" | 40 | bool "Enable the /proc/keys file by which keys may be viewed" |
| 26 | depends on KEYS | 41 | depends on KEYS |