| Kconfig (a2551df7ec568d87793d2eea4ca744e86318f205) | Kconfig (3c556e4198926b284ff5ff6756111a64e1e98cb0) |
|---|---|
| 1# 2# Security configuration 3# 4 5menu "Security options" 6 7config KEYS 8 bool "Enable access key retention support" --- 99 unchanged lines hidden (view full) --- 108 It prevents any programs running with egid == 0 if a specific 109 USB device is not present in the system. 110 111 See <http://www.linuxjournal.com/article.php?sid=6279> for 112 more information about this module. 113 114 If you are unsure how to answer this question, answer N. 115 | 1# 2# Security configuration 3# 4 5menu "Security options" 6 7config KEYS 8 bool "Enable access key retention support" --- 99 unchanged lines hidden (view full) --- 108 It prevents any programs running with egid == 0 if a specific 109 USB device is not present in the system. 110 111 See <http://www.linuxjournal.com/article.php?sid=6279> for 112 more information about this module. 113 114 If you are unsure how to answer this question, answer N. 115 |
| 116config LSM_MMAP_MIN_ADDR 117 int "Low address space for LSM to from user allocation" 118 depends on SECURITY && SECURITY_SELINUX 119 default 65535 | 116config INTEL_TXT 117 bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 118 depends on EXPERIMENTAL && X86 && DMAR && ACPI |
| 120 help | 119 help |
| 121 This is the portion of low virtual memory which should be protected 122 from userspace allocation. Keeping a user from writing to low pages 123 can help reduce the impact of kernel NULL pointer bugs. | 120 This option enables support for booting the kernel with the 121 Trusted Boot (tboot) module. This will utilize 122 Intel(R) Trusted Execution Technology to perform a measured launch 123 of the kernel. If the system does not support Intel(R) TXT, this 124 will have no effect. |
| 124 | 125 |
| 125 For most ia64, ppc64 and x86 users with lots of address space 126 a value of 65536 is reasonable and should cause no problems. 127 On arm and other archs it should not be higher than 32768. 128 Programs which use vm86 functionality or have some need to map 129 this low address space will need the permission specific to the 130 systems running LSM. | 126 Intel TXT will provide higher assurance of system configuration and 127 initial state as well as data reset protection. This is used to 128 create a robust initial kernel measurement and verification, which 129 helps to ensure that kernel security mechanisms are functioning 130 correctly. This level of protection requires a root of trust outside 131 of the kernel itself. |
| 131 | 132 |
| 133 Intel TXT also helps solve real end user concerns about having 134 confidence that their hardware is running the VMM or kernel that 135 it was configured with, especially since they may be responsible for 136 providing such assurances to VMs and services running on it. 137 138 See <http://www.intel.com/technology/security/> for more information 139 about Intel(R) TXT. 140 See <http://tboot.sourceforge.net> for more information about tboot. 141 See Documentation/intel_txt.txt for a description of how to enable 142 Intel TXT support in a kernel boot. 143 144 If you are unsure as to whether this is required, answer N. 145 |
|
| 132source security/selinux/Kconfig 133source security/smack/Kconfig 134source security/tomoyo/Kconfig 135 136source security/integrity/ima/Kconfig 137 138endmenu 139 | 146source security/selinux/Kconfig 147source security/smack/Kconfig 148source security/tomoyo/Kconfig 149 150source security/integrity/ima/Kconfig 151 152endmenu 153 |