1# 2# Security configuration 3# 4 5menu "Security options" 6 7config KEYS 8 bool "Enable access key retention support" 9 help 10 This option provides support for retaining authentication tokens and 11 access keys in the kernel. 12 13 It also includes provision of methods by which such keys might be 14 associated with a process so that network filesystems, encryption 15 support and the like can find them. 16 17 Furthermore, a special type of key is available that acts as keyring: 18 a searchable sequence of keys. Each process is equipped with access 19 to five standard keyrings: UID-specific, GID-specific, session, 20 process and thread. 21 22 If you are unsure as to whether this is required, answer N. 23 24config TRUSTED_KEYS 25 tristate "TRUSTED KEYS" 26 depends on KEYS && TCG_TPM 27 select CRYPTO 28 select CRYPTO_HMAC 29 select CRYPTO_SHA1 30 help 31 This option provides support for creating, sealing, and unsealing 32 keys in the kernel. Trusted keys are random number symmetric keys, 33 generated and RSA-sealed by the TPM. The TPM only unseals the keys, 34 if the boot PCRs and other criteria match. Userspace will only ever 35 see encrypted blobs. 36 37 If you are unsure as to whether this is required, answer N. 38 39config ENCRYPTED_KEYS 40 tristate "ENCRYPTED KEYS" 41 depends on KEYS 42 select CRYPTO 43 select CRYPTO_HMAC 44 select CRYPTO_AES 45 select CRYPTO_CBC 46 select CRYPTO_SHA256 47 select CRYPTO_RNG 48 help 49 This option provides support for create/encrypting/decrypting keys 50 in the kernel. Encrypted keys are kernel generated random numbers, 51 which are encrypted/decrypted with a 'master' symmetric key. The 52 'master' key can be either a trusted-key or user-key type. 53 Userspace only ever sees/stores encrypted blobs. 54 55 If you are unsure as to whether this is required, answer N. 56 57config KEYS_DEBUG_PROC_KEYS 58 bool "Enable the /proc/keys file by which keys may be viewed" 59 depends on KEYS 60 help 61 This option turns on support for the /proc/keys file - through which 62 can be listed all the keys on the system that are viewable by the 63 reading process. 64 65 The only keys included in the list are those that grant View 66 permission to the reading process whether or not it possesses them. 67 Note that LSM security checks are still performed, and may further 68 filter out keys that the current process is not authorised to view. 69 70 Only key attributes are listed here; key payloads are not included in 71 the resulting table. 72 73 If you are unsure as to whether this is required, answer N. 74 75config SECURITY_DMESG_RESTRICT 76 bool "Restrict unprivileged access to the kernel syslog" 77 default n 78 help 79 This enforces restrictions on unprivileged users reading the kernel 80 syslog via dmesg(8). 81 82 If this option is not selected, no restrictions will be enforced 83 unless the dmesg_restrict sysctl is explicitly set to (1). 84 85 If you are unsure how to answer this question, answer N. 86 87config SECURITY_PERF_EVENTS_RESTRICT 88 bool "Restrict unprivileged use of performance events" 89 depends on PERF_EVENTS 90 help 91 If you say Y here, the kernel.perf_event_paranoid sysctl 92 will be set to 3 by default, and no unprivileged use of the 93 perf_event_open syscall will be permitted unless it is 94 changed. 95 96config SECURITY 97 bool "Enable different security models" 98 depends on SYSFS 99 help 100 This allows you to choose different security modules to be 101 configured into your kernel. 102 103 If this option is not selected, the default Linux security 104 model will be used. 105 106 If you are unsure how to answer this question, answer N. 107 108config SECURITYFS 109 bool "Enable the securityfs filesystem" 110 help 111 This will build the securityfs filesystem. It is currently used by 112 the TPM bios character driver and IMA, an integrity provider. It is 113 not used by SELinux or SMACK. 114 115 If you are unsure how to answer this question, answer N. 116 117config SECURITY_NETWORK 118 bool "Socket and Networking Security Hooks" 119 depends on SECURITY 120 help 121 This enables the socket and networking security hooks. 122 If enabled, a security module can use these hooks to 123 implement socket and networking access controls. 124 If you are unsure how to answer this question, answer N. 125 126config SECURITY_NETWORK_XFRM 127 bool "XFRM (IPSec) Networking Security Hooks" 128 depends on XFRM && SECURITY_NETWORK 129 help 130 This enables the XFRM (IPSec) networking security hooks. 131 If enabled, a security module can use these hooks to 132 implement per-packet access controls based on labels 133 derived from IPSec policy. Non-IPSec communications are 134 designated as unlabelled, and only sockets authorized 135 to communicate unlabelled data can send without using 136 IPSec. 137 If you are unsure how to answer this question, answer N. 138 139config SECURITY_PATH 140 bool "Security hooks for pathname based access control" 141 depends on SECURITY 142 help 143 This enables the security hooks for pathname based access control. 144 If enabled, a security module can use these hooks to 145 implement pathname based access controls. 146 If you are unsure how to answer this question, answer N. 147 148config INTEL_TXT 149 bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 150 depends on HAVE_INTEL_TXT 151 help 152 This option enables support for booting the kernel with the 153 Trusted Boot (tboot) module. This will utilize 154 Intel(R) Trusted Execution Technology to perform a measured launch 155 of the kernel. If the system does not support Intel(R) TXT, this 156 will have no effect. 157 158 Intel TXT will provide higher assurance of system configuration and 159 initial state as well as data reset protection. This is used to 160 create a robust initial kernel measurement and verification, which 161 helps to ensure that kernel security mechanisms are functioning 162 correctly. This level of protection requires a root of trust outside 163 of the kernel itself. 164 165 Intel TXT also helps solve real end user concerns about having 166 confidence that their hardware is running the VMM or kernel that 167 it was configured with, especially since they may be responsible for 168 providing such assurances to VMs and services running on it. 169 170 See <http://www.intel.com/technology/security/> for more information 171 about Intel(R) TXT. 172 See <http://tboot.sourceforge.net> for more information about tboot. 173 See Documentation/intel_txt.txt for a description of how to enable 174 Intel TXT support in a kernel boot. 175 176 If you are unsure as to whether this is required, answer N. 177 178config LSM_MMAP_MIN_ADDR 179 int "Low address space for LSM to protect from user allocation" 180 depends on SECURITY && SECURITY_SELINUX 181 default 32768 if ARM 182 default 65536 183 help 184 This is the portion of low virtual memory which should be protected 185 from userspace allocation. Keeping a user from writing to low pages 186 can help reduce the impact of kernel NULL pointer bugs. 187 188 For most ia64, ppc64 and x86 users with lots of address space 189 a value of 65536 is reasonable and should cause no problems. 190 On arm and other archs it should not be higher than 32768. 191 Programs which use vm86 functionality or have some need to map 192 this low address space will need the permission specific to the 193 systems running LSM. 194 195source security/selinux/Kconfig 196source security/smack/Kconfig 197source security/tomoyo/Kconfig 198source security/apparmor/Kconfig 199source security/yama/Kconfig 200 201source security/integrity/Kconfig 202 203choice 204 prompt "Default security module" 205 default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 206 default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 207 default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 208 default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 209 default DEFAULT_SECURITY_YAMA if SECURITY_YAMA 210 default DEFAULT_SECURITY_DAC 211 212 help 213 Select the security module that will be used by default if the 214 kernel parameter security= is not specified. 215 216 config DEFAULT_SECURITY_SELINUX 217 bool "SELinux" if SECURITY_SELINUX=y 218 219 config DEFAULT_SECURITY_SMACK 220 bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 221 222 config DEFAULT_SECURITY_TOMOYO 223 bool "TOMOYO" if SECURITY_TOMOYO=y 224 225 config DEFAULT_SECURITY_APPARMOR 226 bool "AppArmor" if SECURITY_APPARMOR=y 227 228 config DEFAULT_SECURITY_YAMA 229 bool "Yama" if SECURITY_YAMA=y 230 231 config DEFAULT_SECURITY_DAC 232 bool "Unix Discretionary Access Controls" 233 234endchoice 235 236config DEFAULT_SECURITY 237 string 238 default "selinux" if DEFAULT_SECURITY_SELINUX 239 default "smack" if DEFAULT_SECURITY_SMACK 240 default "tomoyo" if DEFAULT_SECURITY_TOMOYO 241 default "apparmor" if DEFAULT_SECURITY_APPARMOR 242 default "yama" if DEFAULT_SECURITY_YAMA 243 default "" if DEFAULT_SECURITY_DAC 244 245endmenu 246 247