diff options
author | Harald Freudenberger <freude@linux.vnet.ibm.com> | 2016-11-02 16:37:20 +0300 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2017-02-23 12:06:40 +0300 |
commit | e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 (patch) | |
tree | 551dffc1e632d0a2c49a04079be59350e6a7f15d /drivers/crypto | |
parent | a1d001e26d5386c934345dc91f16b530e352f8d7 (diff) | |
download | linux-e80d4af0a320972aac58e2004d0ba4e44ef4c5c7.tar.xz |
s390/pkey: Introduce pkey kernel module
This patch introcudes a new kernel module pkey which is providing
protected key handling and management functions. The pkey API is
available within the kernel for other s390 specific code to create
and manage protected keys. Additionally the functions are exported
to user space via IOCTL calls. The implementation makes extensive
use of functions provided by the zcrypt device driver. For
generating protected keys from secure keys there is also a CEX
coprocessor card needed.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/crypto')
-rw-r--r-- | drivers/crypto/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index ae20ec55ab58..57c2d434ea4b 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -73,6 +73,22 @@ config ZCRYPT + Crypto Express 2,3,4 or 5 Accelerator (CEXxA) + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP) +config PKEY + tristate "Kernel API for protected key handling" + depends on S390 + depends on ZCRYPT + help + With this option enabled the pkey kernel module provides an API + for creation and handling of protected keys. Other parts of the + kernel or userspace applications may use these functions. + + Select this option if you want to enable the kernel and userspace + API for proteced key handling. + + Please note that creation of protected keys from secure keys + requires to have at least one CEX card in coprocessor mode + available at runtime. + config CRYPTO_SHA1_S390 tristate "SHA1 digest algorithm" depends on S390 |