1 files changed, 31 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e80da955e687..95accd442d55 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -21,6 +21,37 @@ config KEYS
          If you are unsure as to whether this is required, answer N.
+config TRUSTED_KEYS
+        tristate "TRUSTED KEYS"
+        depends on KEYS && TCG_TPM
+        select CRYPTO
+        select CRYPTO_HMAC
+        select CRYPTO_SHA1
+        help
+          This option provides support for creating, sealing, and unsealing
+          keys in the kernel. Trusted keys are random number symmetric keys,
+          generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+          if the boot PCRs and other criteria match.  Userspace will only ever
+          see encrypted blobs.
+          If you are unsure as to whether this is required, answer N.
+config ENCRYPTED_KEYS
+        tristate "ENCRYPTED KEYS"
+        depends on KEYS && TRUSTED_KEYS
+        select CRYPTO_AES
+        select CRYPTO_CBC
+        select CRYPTO_SHA256
+        select CRYPTO_RNG
+        help
+          This option provides support for create/encrypting/decrypting keys
+          in the kernel.  Encrypted keys are kernel generated random numbers,
+          which are encrypted/decrypted with a 'master' symmetric key. The
+          'master' key can be either a trusted-key or user-key type.
+          Userspace only ever sees/stores encrypted blobs.
+          If you are unsure as to whether this is required, answer N.
 config KEYS_DEBUG_PROC_KEYS
        bool "Enable the /proc/keys file by which keys may be viewed"
        depends on KEYS

diff --git a/security/Kconfig b/security/Kconfig index e80da955e687..95accd442d55 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -21,6 +21,37 @@ config KEYS
21		21
22	If you are unsure as to whether this is required, answer N.	22	If you are unsure as to whether this is required, answer N.
23		23
		24	config TRUSTED_KEYS
		25	tristate "TRUSTED KEYS"
		26	depends on KEYS && TCG_TPM
		27	select CRYPTO
		28	select CRYPTO_HMAC
		29	select CRYPTO_SHA1
		30	help
		31	This option provides support for creating, sealing, and unsealing
		32	keys in the kernel. Trusted keys are random number symmetric keys,
		33	generated and RSA-sealed by the TPM. The TPM only unseals the keys,
		34	if the boot PCRs and other criteria match. Userspace will only ever
		35	see encrypted blobs.
		36
		37	If you are unsure as to whether this is required, answer N.
		38
		39	config ENCRYPTED_KEYS
		40	tristate "ENCRYPTED KEYS"
		41	depends on KEYS && TRUSTED_KEYS
		42	select CRYPTO_AES
		43	select CRYPTO_CBC
		44	select CRYPTO_SHA256
		45	select CRYPTO_RNG
		46	help
		47	This option provides support for create/encrypting/decrypting keys
		48	in the kernel. Encrypted keys are kernel generated random numbers,
		49	which are encrypted/decrypted with a 'master' symmetric key. The
		50	'master' key can be either a trusted-key or user-key type.
		51	Userspace only ever sees/stores encrypted blobs.
		52
		53	If you are unsure as to whether this is required, answer N.
		54
24	config KEYS_DEBUG_PROC_KEYS	55	config KEYS_DEBUG_PROC_KEYS
25	bool "Enable the /proc/keys file by which keys may be viewed"	56	bool "Enable the /proc/keys file by which keys may be viewed"
26	depends on KEYS	57	depends on KEYS