• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# Security configuration
3#
4
5menu "Security options"
6
7config KEYS
8	bool "Enable access key retention support"
9	help
10	  This option provides support for retaining authentication tokens and
11	  access keys in the kernel.
12
13	  It also includes provision of methods by which such keys might be
14	  associated with a process so that network filesystems, encryption
15	  support and the like can find them.
16
17	  Furthermore, a special type of key is available that acts as keyring:
18	  a searchable sequence of keys. Each process is equipped with access
19	  to five standard keyrings: UID-specific, GID-specific, session,
20	  process and thread.
21
22	  If you are unsure as to whether this is required, answer N.
23
24config TRUSTED_KEYS
25	tristate "TRUSTED KEYS"
26	depends on KEYS && TCG_TPM
27	select CRYPTO
28	select CRYPTO_HMAC
29	select CRYPTO_SHA1
30	help
31	  This option provides support for creating, sealing, and unsealing
32	  keys in the kernel. Trusted keys are random number symmetric keys,
33	  generated and RSA-sealed by the TPM. The TPM only unseals the keys,
34	  if the boot PCRs and other criteria match.  Userspace will only ever
35	  see encrypted blobs.
36
37	  If you are unsure as to whether this is required, answer N.
38
39config ENCRYPTED_KEYS
40	tristate "ENCRYPTED KEYS"
41	depends on KEYS
42	select CRYPTO
43	select CRYPTO_HMAC
44	select CRYPTO_AES
45	select CRYPTO_CBC
46	select CRYPTO_SHA256
47	select CRYPTO_RNG
48	help
49	  This option provides support for create/encrypting/decrypting keys
50	  in the kernel.  Encrypted keys are kernel generated random numbers,
51	  which are encrypted/decrypted with a 'master' symmetric key. The
52	  'master' key can be either a trusted-key or user-key type.
53	  Userspace only ever sees/stores encrypted blobs.
54
55	  If you are unsure as to whether this is required, answer N.
56
57config KEYS_DEBUG_PROC_KEYS
58	bool "Enable the /proc/keys file by which keys may be viewed"
59	depends on KEYS
60	help
61	  This option turns on support for the /proc/keys file - through which
62	  can be listed all the keys on the system that are viewable by the
63	  reading process.
64
65	  The only keys included in the list are those that grant View
66	  permission to the reading process whether or not it possesses them.
67	  Note that LSM security checks are still performed, and may further
68	  filter out keys that the current process is not authorised to view.
69
70	  Only key attributes are listed here; key payloads are not included in
71	  the resulting table.
72
73	  If you are unsure as to whether this is required, answer N.
74
75config SECURITY_DMESG_RESTRICT
76	bool "Restrict unprivileged access to the kernel syslog"
77	default n
78	help
79	  This enforces restrictions on unprivileged users reading the kernel
80	  syslog via dmesg(8).
81
82	  If this option is not selected, no restrictions will be enforced
83	  unless the dmesg_restrict sysctl is explicitly set to (1).
84
85	  If you are unsure how to answer this question, answer N.
86
87config SECURITY_PERF_EVENTS_RESTRICT
88	bool "Restrict unprivileged use of performance events"
89	depends on PERF_EVENTS
90	help
91	  If you say Y here, the kernel.perf_event_paranoid sysctl
92	  will be set to 3 by default, and no unprivileged use of the
93	  perf_event_open syscall will be permitted unless it is
94	  changed.
95
96config SECURITY
97	bool "Enable different security models"
98	depends on SYSFS
99	help
100	  This allows you to choose different security modules to be
101	  configured into your kernel.
102
103	  If this option is not selected, the default Linux security
104	  model will be used.
105
106	  If you are unsure how to answer this question, answer N.
107
108config SECURITYFS
109	bool "Enable the securityfs filesystem"
110	help
111	  This will build the securityfs filesystem.  It is currently used by
112	  the TPM bios character driver and IMA, an integrity provider.  It is
113	  not used by SELinux or SMACK.
114
115	  If you are unsure how to answer this question, answer N.
116
117config SECURITY_NETWORK
118	bool "Socket and Networking Security Hooks"
119	depends on SECURITY
120	help
121	  This enables the socket and networking security hooks.
122	  If enabled, a security module can use these hooks to
123	  implement socket and networking access controls.
124	  If you are unsure how to answer this question, answer N.
125
126config SECURITY_NETWORK_XFRM
127	bool "XFRM (IPSec) Networking Security Hooks"
128	depends on XFRM && SECURITY_NETWORK
129	help
130	  This enables the XFRM (IPSec) networking security hooks.
131	  If enabled, a security module can use these hooks to
132	  implement per-packet access controls based on labels
133	  derived from IPSec policy.  Non-IPSec communications are
134	  designated as unlabelled, and only sockets authorized
135	  to communicate unlabelled data can send without using
136	  IPSec.
137	  If you are unsure how to answer this question, answer N.
138
139config SECURITY_PATH
140	bool "Security hooks for pathname based access control"
141	depends on SECURITY
142	help
143	  This enables the security hooks for pathname based access control.
144	  If enabled, a security module can use these hooks to
145	  implement pathname based access controls.
146	  If you are unsure how to answer this question, answer N.
147
148config INTEL_TXT
149	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
150	depends on HAVE_INTEL_TXT
151	help
152	  This option enables support for booting the kernel with the
153	  Trusted Boot (tboot) module. This will utilize
154	  Intel(R) Trusted Execution Technology to perform a measured launch
155	  of the kernel. If the system does not support Intel(R) TXT, this
156	  will have no effect.
157
158	  Intel TXT will provide higher assurance of system configuration and
159	  initial state as well as data reset protection.  This is used to
160	  create a robust initial kernel measurement and verification, which
161	  helps to ensure that kernel security mechanisms are functioning
162	  correctly. This level of protection requires a root of trust outside
163	  of the kernel itself.
164
165	  Intel TXT also helps solve real end user concerns about having
166	  confidence that their hardware is running the VMM or kernel that
167	  it was configured with, especially since they may be responsible for
168	  providing such assurances to VMs and services running on it.
169
170	  See <http://www.intel.com/technology/security/> for more information
171	  about Intel(R) TXT.
172	  See <http://tboot.sourceforge.net> for more information about tboot.
173	  See Documentation/intel_txt.txt for a description of how to enable
174	  Intel TXT support in a kernel boot.
175
176	  If you are unsure as to whether this is required, answer N.
177
178config LSM_MMAP_MIN_ADDR
179	int "Low address space for LSM to protect from user allocation"
180	depends on SECURITY && SECURITY_SELINUX
181	default 32768 if ARM
182	default 65536
183	help
184	  This is the portion of low virtual memory which should be protected
185	  from userspace allocation.  Keeping a user from writing to low pages
186	  can help reduce the impact of kernel NULL pointer bugs.
187
188	  For most ia64, ppc64 and x86 users with lots of address space
189	  a value of 65536 is reasonable and should cause no problems.
190	  On arm and other archs it should not be higher than 32768.
191	  Programs which use vm86 functionality or have some need to map
192	  this low address space will need the permission specific to the
193	  systems running LSM.
194
195source security/selinux/Kconfig
196source security/smack/Kconfig
197source security/tomoyo/Kconfig
198source security/apparmor/Kconfig
199source security/yama/Kconfig
200
201source security/integrity/Kconfig
202
203choice
204	prompt "Default security module"
205	default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
206	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
207	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
208	default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
209	default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
210	default DEFAULT_SECURITY_DAC
211
212	help
213	  Select the security module that will be used by default if the
214	  kernel parameter security= is not specified.
215
216	config DEFAULT_SECURITY_SELINUX
217		bool "SELinux" if SECURITY_SELINUX=y
218
219	config DEFAULT_SECURITY_SMACK
220		bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
221
222	config DEFAULT_SECURITY_TOMOYO
223		bool "TOMOYO" if SECURITY_TOMOYO=y
224
225	config DEFAULT_SECURITY_APPARMOR
226		bool "AppArmor" if SECURITY_APPARMOR=y
227
228	config DEFAULT_SECURITY_YAMA
229		bool "Yama" if SECURITY_YAMA=y
230
231	config DEFAULT_SECURITY_DAC
232		bool "Unix Discretionary Access Controls"
233
234endchoice
235
236config DEFAULT_SECURITY
237	string
238	default "selinux" if DEFAULT_SECURITY_SELINUX
239	default "smack" if DEFAULT_SECURITY_SMACK
240	default "tomoyo" if DEFAULT_SECURITY_TOMOYO
241	default "apparmor" if DEFAULT_SECURITY_APPARMOR
242	default "yama" if DEFAULT_SECURITY_YAMA
243	default "" if DEFAULT_SECURITY_DAC
244
245endmenu
246
247