2 # Security configuration
5 menu "Security options"
8 bool "Enable access key retention support"
10 This option provides support for retaining authentication tokens and
11 access keys in the kernel.
13 It also includes provision of methods by which such keys might be
14 associated with a process so that network filesystems, encryption
15 support and the like can find them.
17 Furthermore, a special type of key is available that acts as keyring:
18 a searchable sequence of keys. Each process is equipped with access
19 to five standard keyrings: UID-specific, GID-specific, session,
22 If you are unsure as to whether this is required, answer N.
25 tristate "TRUSTED KEYS"
26 depends on KEYS && TCG_TPM
31 This option provides support for creating, sealing, and unsealing
32 keys in the kernel. Trusted keys are random number symmetric keys,
33 generated and RSA-sealed by the TPM. The TPM only unseals the keys,
34 if the boot PCRs and other criteria match. Userspace will only ever
37 If you are unsure as to whether this is required, answer N.
40 tristate "ENCRYPTED KEYS"
49 This option provides support for create/encrypting/decrypting keys
50 in the kernel. Encrypted keys are kernel generated random numbers,
51 which are encrypted/decrypted with a 'master' symmetric key. The
52 'master' key can be either a trusted-key or user-key type.
53 Userspace only ever sees/stores encrypted blobs.
55 If you are unsure as to whether this is required, answer N.
57 config KEYS_DEBUG_PROC_KEYS
58 bool "Enable the /proc/keys file by which keys may be viewed"
61 This option turns on support for the /proc/keys file - through which
62 can be listed all the keys on the system that are viewable by the
65 The only keys included in the list are those that grant View
66 permission to the reading process whether or not it possesses them.
67 Note that LSM security checks are still performed, and may further
68 filter out keys that the current process is not authorised to view.
70 Only key attributes are listed here; key payloads are not included in
73 If you are unsure as to whether this is required, answer N.
75 config SECURITY_DMESG_RESTRICT
76 bool "Restrict unprivileged access to the kernel syslog"
79 This enforces restrictions on unprivileged users reading the kernel
82 If this option is not selected, no restrictions will be enforced
83 unless the dmesg_restrict sysctl is explicitly set to (1).
85 If you are unsure how to answer this question, answer N.
88 bool "Enable different security models"
91 This allows you to choose different security modules to be
92 configured into your kernel.
94 If this option is not selected, the default Linux security
97 If you are unsure how to answer this question, answer N.
99 config PAGE_TABLE_ISOLATION
100 bool "Remove the kernel mapping in user mode"
102 depends on X86_64 && SMP
104 This enforces a strict kernel and user space isolation, in order
105 to close hardware side channels on kernel address information.
107 If you are unsure how to answer this question, answer Y.
110 bool "Enable the securityfs filesystem"
112 This will build the securityfs filesystem. It is currently used by
113 the TPM bios character driver and IMA, an integrity provider. It is
114 not used by SELinux or SMACK.
116 If you are unsure how to answer this question, answer N.
118 config SECURITY_NETWORK
119 bool "Socket and Networking Security Hooks"
122 This enables the socket and networking security hooks.
123 If enabled, a security module can use these hooks to
124 implement socket and networking access controls.
125 If you are unsure how to answer this question, answer N.
127 config SECURITY_NETWORK_XFRM
128 bool "XFRM (IPSec) Networking Security Hooks"
129 depends on XFRM && SECURITY_NETWORK
131 This enables the XFRM (IPSec) networking security hooks.
132 If enabled, a security module can use these hooks to
133 implement per-packet access controls based on labels
134 derived from IPSec policy. Non-IPSec communications are
135 designated as unlabelled, and only sockets authorized
136 to communicate unlabelled data can send without using
138 If you are unsure how to answer this question, answer N.
141 bool "Security hooks for pathname based access control"
144 This enables the security hooks for pathname based access control.
145 If enabled, a security module can use these hooks to
146 implement pathname based access controls.
147 If you are unsure how to answer this question, answer N.
150 bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
151 depends on HAVE_INTEL_TXT
153 This option enables support for booting the kernel with the
154 Trusted Boot (tboot) module. This will utilize
155 Intel(R) Trusted Execution Technology to perform a measured launch
156 of the kernel. If the system does not support Intel(R) TXT, this
159 Intel TXT will provide higher assurance of system configuration and
160 initial state as well as data reset protection. This is used to
161 create a robust initial kernel measurement and verification, which
162 helps to ensure that kernel security mechanisms are functioning
163 correctly. This level of protection requires a root of trust outside
164 of the kernel itself.
166 Intel TXT also helps solve real end user concerns about having
167 confidence that their hardware is running the VMM or kernel that
168 it was configured with, especially since they may be responsible for
169 providing such assurances to VMs and services running on it.
171 See <http://www.intel.com/technology/security/> for more information
173 See <http://tboot.sourceforge.net> for more information about tboot.
174 See Documentation/intel_txt.txt for a description of how to enable
175 Intel TXT support in a kernel boot.
177 If you are unsure as to whether this is required, answer N.
179 config LSM_MMAP_MIN_ADDR
180 int "Low address space for LSM to protect from user allocation"
181 depends on SECURITY && SECURITY_SELINUX
185 This is the portion of low virtual memory which should be protected
186 from userspace allocation. Keeping a user from writing to low pages
187 can help reduce the impact of kernel NULL pointer bugs.
189 For most ia64, ppc64 and x86 users with lots of address space
190 a value of 65536 is reasonable and should cause no problems.
191 On arm and other archs it should not be higher than 32768.
192 Programs which use vm86 functionality or have some need to map
193 this low address space will need the permission specific to the
196 source security/selinux/Kconfig
197 source security/smack/Kconfig
198 source security/tomoyo/Kconfig
199 source security/apparmor/Kconfig
201 source security/integrity/Kconfig
204 prompt "Default security module"
205 default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
206 default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
207 default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
208 default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
209 default DEFAULT_SECURITY_DAC
212 Select the security module that will be used by default if the
213 kernel parameter security= is not specified.
215 config DEFAULT_SECURITY_SELINUX
216 bool "SELinux" if SECURITY_SELINUX=y
218 config DEFAULT_SECURITY_SMACK
219 bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
221 config DEFAULT_SECURITY_TOMOYO
222 bool "TOMOYO" if SECURITY_TOMOYO=y
224 config DEFAULT_SECURITY_APPARMOR
225 bool "AppArmor" if SECURITY_APPARMOR=y
227 config DEFAULT_SECURITY_DAC
228 bool "Unix Discretionary Access Controls"
232 config DEFAULT_SECURITY
234 default "selinux" if DEFAULT_SECURITY_SELINUX
235 default "smack" if DEFAULT_SECURITY_SMACK
236 default "tomoyo" if DEFAULT_SECURITY_TOMOYO
237 default "apparmor" if DEFAULT_SECURITY_APPARMOR
238 default "" if DEFAULT_SECURITY_DAC