~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/keys/Kconfig (Version linux-6.12-rc7) and /security/keys/Kconfig (Version policy-sample)


  1 # SPDX-License-Identifier: GPL-2.0-only           
  2 #                                                 
  3 # Key management configuration                    
  4 #                                                 
  5                                                   
  6 config KEYS                                       
  7         bool "Enable access key retention supp    
  8         select ASSOCIATIVE_ARRAY                  
  9         help                                      
 10           This option provides support for ret    
 11           access keys in the kernel.              
 12                                                   
 13           It also includes provision of method    
 14           associated with a process so that ne    
 15           support and the like can find them.     
 16                                                   
 17           Furthermore, a special type of key i    
 18           a searchable sequence of keys. Each     
 19           to five standard keyrings: UID-speci    
 20           process and thread.                     
 21                                                   
 22           If you are unsure as to whether this    
 23                                                   
 24 config KEYS_REQUEST_CACHE                         
 25         bool "Enable temporary caching of the     
 26         depends on KEYS                           
 27         help                                      
 28           This option causes the result of the    
 29           call that didn't upcall to the kerne    
 30           task_struct.  The cache is cleared b    
 31           resumption of userspace.                
 32                                                   
 33           This allows the key used for multipl    
 34           wants to request a key that is likel    
 35           by the last step to save on the sear    
 36                                                   
 37           An example of such a process is a pa    
 38           filesystem in which each method need    
 39           key.  Pathwalk will call multiple me    
 40           (permission, d_revalidate, lookup, g    
 41                                                   
 42 config PERSISTENT_KEYRINGS                        
 43         bool "Enable register of persistent pe    
 44         depends on KEYS                           
 45         help                                      
 46           This option provides a register of p    
 47           primarily aimed at Kerberos key stor    
 48           in the sense that they stay around a    
 49           have exited, not that they survive t    
 50                                                   
 51           A particular keyring may be accessed    
 52           it is or by a process with administr    
 53           LSMs gets to rule on which admin-lev    
 54           cache.                                  
 55                                                   
 56           Keyrings are created and added into     
 57           removed if they expire (a default ti    
 58                                                   
 59 config BIG_KEYS                                   
 60         bool "Large payload keys"                 
 61         depends on KEYS                           
 62         depends on TMPFS                          
 63         depends on CRYPTO_LIB_CHACHA20POLY1305    
 64         help                                      
 65           This option provides support for hol    
 66           (for example Kerberos ticket caches)    
 67           swapspace by tmpfs.                     
 68                                                   
 69           If you are unsure as to whether this    
 70                                                   
 71 config TRUSTED_KEYS                               
 72         tristate "TRUSTED KEYS"                   
 73         depends on KEYS                           
 74         help                                      
 75           This option provides support for cre    
 76           keys in the kernel. Trusted keys are    
 77           generated and sealed by a trust sour    
 78           Userspace will only ever see encrypt    
 79                                                   
 80           If you are unsure as to whether this    
 81                                                   
 82 if TRUSTED_KEYS                                   
 83 source "security/keys/trusted-keys/Kconfig"       
 84 endif                                             
 85                                                   
 86 config ENCRYPTED_KEYS                             
 87         tristate "ENCRYPTED KEYS"                 
 88         depends on KEYS                           
 89         select CRYPTO                             
 90         select CRYPTO_HMAC                        
 91         select CRYPTO_AES                         
 92         select CRYPTO_CBC                         
 93         select CRYPTO_SHA256                      
 94         select CRYPTO_RNG                         
 95         help                                      
 96           This option provides support for cre    
 97           in the kernel.  Encrypted keys are i    
 98           generated random numbers or provided    
 99           encrypted/decrypted with a 'master'     
100           key can be either a trusted-key or u    
101           blobs are ever output to Userspace.     
102                                                   
103           If you are unsure as to whether this    
104                                                   
105 config USER_DECRYPTED_DATA                        
106         bool "Allow encrypted keys with user d    
107         depends on ENCRYPTED_KEYS                 
108         help                                      
109           This option provides support for ins    
110           user-provided decrypted data.  The d    
111           encoded.                                
112                                                   
113           If you are unsure as to whether this    
114                                                   
115 config KEY_DH_OPERATIONS                          
116        bool "Diffie-Hellman operations on reta    
117        depends on KEYS                            
118        select CRYPTO                              
119        select CRYPTO_KDF800108_CTR                
120        select CRYPTO_DH                           
121        help                                       
122          This option provides support for calc    
123          public keys and shared secrets using     
124          in the kernel.                           
125                                                   
126          If you are unsure as to whether this     
127                                                   
128 config KEY_NOTIFICATIONS                          
129         bool "Provide key/keyring change notif    
130         depends on KEYS && WATCH_QUEUE            
131         help                                      
132           This option provides support for get    
133           on keys and keyrings on which the ca    
134           This makes use of pipes to handle th    
135           provides KEYCTL_WATCH_KEY to enable/    
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php