forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c 
 kernel/security/keys/Kconfig
....@@ -1,3 +1,4 @@
1
+# SPDX-License-Identifier: GPL-2.0-only
12 #
23 # Key management configuration
34 #
....@@ -20,9 +21,23 @@
2021 
2122 	  If you are unsure as to whether this is required, answer N.
2223 
23
-config KEYS_COMPAT
24
-	def_bool y
25
-	depends on COMPAT && KEYS
24
+config KEYS_REQUEST_CACHE
25
+	bool "Enable temporary caching of the last request_key() result"
26
+	depends on KEYS
27
+	help
28
+	  This option causes the result of the last successful request_key()
29
+	  call that didn't upcall to the kernel to be cached temporarily in the
30
+	  task_struct.  The cache is cleared by exit and just prior to the
31
+	  resumption of userspace.
32
+
33
+	  This allows the key used for multiple step processes where each step
34
+	  wants to request a key that is likely the same as the one requested
35
+	  by the last step to save on the searching.
36
+
37
+	  An example of such a process is a pathwalk through a network
38
+	  filesystem in which each method needs to request an authentication
39
+	  key.  Pathwalk will call multiple methods for each dentry traversed
40
+	  (permission, d_revalidate, lookup, getxattr, getacl, ...).
2641 
2742 config PERSISTENT_KEYRINGS
2843 	bool "Enable register of persistent per-UID keyrings"
....@@ -45,9 +60,7 @@
4560 	bool "Large payload keys"
4661 	depends on KEYS
4762 	depends on TMPFS
48
-	select CRYPTO
49
-	select CRYPTO_AES
50
-	select CRYPTO_GCM
63
+	depends on CRYPTO_LIB_CHACHA20POLY1305 = y
5164 	help
5265 	  This option provides support for holding large keys within the kernel
5366 	  (for example Kerberos ticket caches).  The data may be stored out to
....@@ -101,3 +114,12 @@
101114 	 in the kernel.
102115 
103116 	 If you are unsure as to whether this is required, answer N.
117
+
118
+config KEY_NOTIFICATIONS
119
+	bool "Provide key/keyring change notifications"
120
+	depends on KEYS && WATCH_QUEUE
121
+	help
122
+	  This option provides support for getting change notifications
123
+	  on keys and keyrings on which the caller has View permission.
124
+	  This makes use of pipes to handle the notification buffer and
125
+	  provides KEYCTL_WATCH_KEY to enable/disable watches.