git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
keys: add new trusted key-type
[sfrench/cifs-2.6.git] / security / Kconfig
diff --git a/security/Kconfig b/security/Kconfig
index e80da955e6876aeb550bec75d3d99643020034eb..24b8f9b491b8308033484030764adc5fccb40594 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -21,6 +21,21 @@ config KEYS
 
          If you are unsure as to whether this is required, answer N.
 
+config TRUSTED_KEYS
+       tristate "TRUSTED KEYS"
+       depends on KEYS && TCG_TPM
+       select CRYPTO
+       select CRYPTO_HMAC
+       select CRYPTO_SHA1
+       help
+         This option provides support for creating, sealing, and unsealing
+         keys in the kernel. Trusted keys are random number symmetric keys,
+         generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+         if the boot PCRs and other criteria match.  Userspace will only ever
+         see encrypted blobs.
+
+         If you are unsure as to whether this is required, answer N.
+
 config KEYS_DEBUG_PROC_KEYS
        bool "Enable the /proc/keys file by which keys may be viewed"
        depends on KEYS
Unnamed repository; edit this file 'description' to name the repository.