LXR linux/security/Kconfig

   1#
   2# Security configuration
   3#
   4
   5menu "Security options"
   6
   7config KEYS
   8        bool "Enable access key retention support"
   9        help
  10          This option provides support for retaining authentication tokens and
  11          access keys in the kernel.
  12
  13          It also includes provision of methods by which such keys might be
  14          associated with a process so that network filesystems, encryption
  15          support and the like can find them.
  16
  17          Furthermore, a special type of key is available that acts as keyring:
  18          a searchable sequence of keys. Each process is equipped with access
  19          to five standard keyrings: UID-specific, GID-specific, session,
  20          process and thread.
  21
  22          If you are unsure as to whether this is required, answer N.
  23
  24config TRUSTED_KEYS
  25        tristate "TRUSTED KEYS"
  26        depends on KEYS && TCG_TPM
  27        select CRYPTO
  28        select CRYPTO_HMAC
  29        select CRYPTO_SHA1
  30        help
  31          This option provides support for creating, sealing, and unsealing
  32          keys in the kernel. Trusted keys are random number symmetric keys,
  33          generated and RSA-sealed by the TPM. The TPM only unseals the keys,
  34          if the boot PCRs and other criteria match.  Userspace will only ever
  35          see encrypted blobs.
  36
  37          If you are unsure as to whether this is required, answer N.
  38
  39config ENCRYPTED_KEYS
  40        tristate "ENCRYPTED KEYS"
  41        depends on KEYS
  42        select CRYPTO
  43        select CRYPTO_HMAC
  44        select CRYPTO_AES
  45        select CRYPTO_CBC
  46        select CRYPTO_SHA256
  47        select CRYPTO_RNG
  48        help
  49          This option provides support for create/encrypting/decrypting keys
  50          in the kernel.  Encrypted keys are kernel generated random numbers,
  51          which are encrypted/decrypted with a 'master' symmetric key. The
  52          'master' key can be either a trusted-key or user-key type.
  53          Userspace only ever sees/stores encrypted blobs.
  54
  55          If you are unsure as to whether this is required, answer N.
  56
  57config KEYS_DEBUG_PROC_KEYS
  58        bool "Enable the /proc/keys file by which keys may be viewed"
  59        depends on KEYS
  60        help
  61          This option turns on support for the /proc/keys file - through which
  62          can be listed all the keys on the system that are viewable by the
  63          reading process.
  64
  65          The only keys included in the list are those that grant View
  66          permission to the reading process whether or not it possesses them.
  67          Note that LSM security checks are still performed, and may further
  68          filter out keys that the current process is not authorised to view.
  69
  70          Only key attributes are listed here; key payloads are not included in
  71          the resulting table.
  72
  73          If you are unsure as to whether this is required, answer N.
  74
  75config SECURITY_DMESG_RESTRICT
  76        bool "Restrict unprivileged access to the kernel syslog"
  77        default n
  78        help
  79          This enforces restrictions on unprivileged users reading the kernel
  80          syslog via dmesg(8).
  81
  82          If this option is not selected, no restrictions will be enforced
  83          unless the dmesg_restrict sysctl is explicitly set to (1).
  84
  85          If you are unsure how to answer this question, answer N.
  86
  87config SECURITY
  88        bool "Enable different security models"
  89        depends on SYSFS
  90        help
  91          This allows you to choose different security modules to be
  92          configured into your kernel.
  93
  94          If this option is not selected, the default Linux security
  95          model will be used.
  96
  97          If you are unsure how to answer this question, answer N.
  98
  99config SECURITYFS
 100        bool "Enable the securityfs filesystem"
 101        help
 102          This will build the securityfs filesystem.  It is currently used by
 103          the TPM bios character driver and IMA, an integrity provider.  It is
 104          not used by SELinux or SMACK.
 105
 106          If you are unsure how to answer this question, answer N.
 107
 108config SECURITY_NETWORK
 109        bool "Socket and Networking Security Hooks"
 110        depends on SECURITY
 111        help
 112          This enables the socket and networking security hooks.
 113          If enabled, a security module can use these hooks to
 114          implement socket and networking access controls.
 115          If you are unsure how to answer this question, answer N.
 116
 117config SECURITY_NETWORK_XFRM
 118        bool "XFRM (IPSec) Networking Security Hooks"
 119        depends on XFRM && SECURITY_NETWORK
 120        help
 121          This enables the XFRM (IPSec) networking security hooks.
 122          If enabled, a security module can use these hooks to
 123          implement per-packet access controls based on labels
 124          derived from IPSec policy.  Non-IPSec communications are
 125          designated as unlabelled, and only sockets authorized
 126          to communicate unlabelled data can send without using
 127          IPSec.
 128          If you are unsure how to answer this question, answer N.
 129
 130config SECURITY_PATH
 131        bool "Security hooks for pathname based access control"
 132        depends on SECURITY
 133        help
 134          This enables the security hooks for pathname based access control.
 135          If enabled, a security module can use these hooks to
 136          implement pathname based access controls.
 137          If you are unsure how to answer this question, answer N.
 138
 139config INTEL_TXT
 140        bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
 141        depends on HAVE_INTEL_TXT
 142        help
 143          This option enables support for booting the kernel with the
 144          Trusted Boot (tboot) module. This will utilize
 145          Intel(R) Trusted Execution Technology to perform a measured launch
 146          of the kernel. If the system does not support Intel(R) TXT, this
 147          will have no effect.
 148
 149          Intel TXT will provide higher assurance of system configuration and
 150          initial state as well as data reset protection.  This is used to
 151          create a robust initial kernel measurement and verification, which
 152          helps to ensure that kernel security mechanisms are functioning
 153          correctly. This level of protection requires a root of trust outside
 154          of the kernel itself.
 155
 156          Intel TXT also helps solve real end user concerns about having
 157          confidence that their hardware is running the VMM or kernel that
 158          it was configured with, especially since they may be responsible for
 159          providing such assurances to VMs and services running on it.
 160
 161          See <http://www.intel.com/technology/security/> for more information
 162          about Intel(R) TXT.
 163          See <http://tboot.sourceforge.net> for more information about tboot.
 164          See Documentation/intel_txt.txt for a description of how to enable
 165          Intel TXT support in a kernel boot.
 166
 167          If you are unsure as to whether this is required, answer N.
 168
 169config LSM_MMAP_MIN_ADDR
 170        int "Low address space for LSM to protect from user allocation"
 171        depends on SECURITY && SECURITY_SELINUX
 172        default 32768 if ARM
 173        default 65536
 174        help
 175          This is the portion of low virtual memory which should be protected
 176          from userspace allocation.  Keeping a user from writing to low pages
 177          can help reduce the impact of kernel NULL pointer bugs.
 178
 179          For most ia64, ppc64 and x86 users with lots of address space
 180          a value of 65536 is reasonable and should cause no problems.
 181          On arm and other archs it should not be higher than 32768.
 182          Programs which use vm86 functionality or have some need to map
 183          this low address space will need the permission specific to the
 184          systems running LSM.
 185
 186source security/selinux/Kconfig
 187source security/smack/Kconfig
 188source security/tomoyo/Kconfig
 189source security/apparmor/Kconfig
 190
 191source security/integrity/Kconfig
 192
 193choice
 194        prompt "Default security module"
 195        default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
 196        default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
 197        default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
 198        default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
 199        default DEFAULT_SECURITY_DAC
 200
 201        help
 202          Select the security module that will be used by default if the
 203          kernel parameter security= is not specified.
 204
 205        config DEFAULT_SECURITY_SELINUX
 206                bool "SELinux" if SECURITY_SELINUX=y
 207
 208        config DEFAULT_SECURITY_SMACK
 209                bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
 210
 211        config DEFAULT_SECURITY_TOMOYO
 212                bool "TOMOYO" if SECURITY_TOMOYO=y
 213
 214        config DEFAULT_SECURITY_APPARMOR
 215                bool "AppArmor" if SECURITY_APPARMOR=y
 216
 217        config DEFAULT_SECURITY_DAC
 218                bool "Unix Discretionary Access Controls"
 219
 220endchoice
 221
 222config DEFAULT_SECURITY
 223        string
 224        default "selinux" if DEFAULT_SECURITY_SELINUX
 225        default "smack" if DEFAULT_SECURITY_SMACK
 226        default "tomoyo" if DEFAULT_SECURITY_TOMOYO
 227        default "apparmor" if DEFAULT_SECURITY_APPARMOR
 228        default "" if DEFAULT_SECURITY_DAC
 229
 230endmenu
 231
 232