Merge tag 'v2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

[mv-sheeva.git] / security / Kconfig

diff --git a/security/Kconfig b/security/Kconfig
index e80da955e6876aeb550bec75d3d99643020034eb..95accd442d55eeb5c81f6bcd39b63fc12e5a6f25 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -21,6 +21,37 @@ config KEYS
 
          If you are unsure as to whether this is required, answer N.
 
+config TRUSTED_KEYS
+       tristate "TRUSTED KEYS"
+       depends on KEYS && TCG_TPM
+       select CRYPTO
+       select CRYPTO_HMAC
+       select CRYPTO_SHA1
+       help
+         This option provides support for creating, sealing, and unsealing
+         keys in the kernel. Trusted keys are random number symmetric keys,
+         generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+         if the boot PCRs and other criteria match.  Userspace will only ever
+         see encrypted blobs.
+
+         If you are unsure as to whether this is required, answer N.
+
+config ENCRYPTED_KEYS
+       tristate "ENCRYPTED KEYS"
+       depends on KEYS && TRUSTED_KEYS
+       select CRYPTO_AES
+       select CRYPTO_CBC
+       select CRYPTO_SHA256
+       select CRYPTO_RNG
+       help
+         This option provides support for create/encrypting/decrypting keys
+         in the kernel.  Encrypted keys are kernel generated random numbers,
+         which are encrypted/decrypted with a 'master' symmetric key. The
+         'master' key can be either a trusted-key or user-key type.
+         Userspace only ever sees/stores encrypted blobs.
+
+         If you are unsure as to whether this is required, answer N.
+
 config KEYS_DEBUG_PROC_KEYS
        bool "Enable the /proc/keys file by which keys may be viewed"
        depends on KEYS