config INTEL_TXT
bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
- depends on EXPERIMENTAL && X86 && DMAR && ACPI
+ depends on HAVE_INTEL_TXT
help
This option enables support for booting the kernel with the
Trusted Boot (tboot) module. This will utilize
of the kernel. If the system does not support Intel(R) TXT, this
will have no effect.
- Intel TXT will provide higher assurance of sysem configuration and
+ Intel TXT will provide higher assurance of system configuration and
initial state as well as data reset protection. This is used to
create a robust initial kernel measurement and verification, which
helps to ensure that kernel security mechanisms are functioning
Intel TXT also helps solve real end user concerns about having
confidence that their hardware is running the VMM or kernel that
- it was conigured with, especially since they may be responsible for
+ it was configured with, especially since they may be responsible for
providing such assurances to VMs and services running on it.
See <http://www.intel.com/technology/security/> for more information
If you are unsure as to whether this is required, answer N.
+config LSM_MMAP_MIN_ADDR
+ int "Low address space for LSM to protect from user allocation"
+ depends on SECURITY && SECURITY_SELINUX
+ default 65536
+ help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
+ can help reduce the impact of kernel NULL pointer bugs.
+
+ For most ia64, ppc64 and x86 users with lots of address space
+ a value of 65536 is reasonable and should cause no problems.
+ On arm and other archs it should not be higher than 32768.
+ Programs which use vm86 functionality or have some need to map
+ this low address space will need the permission specific to the
+ systems running LSM.
+
source security/selinux/Kconfig
source security/smack/Kconfig
source security/tomoyo/Kconfig
Code Review / linux-3.10.git / blobdiff