summaryrefslogtreecommitdiff
path: root/security/keys/trusted-keys/Kconfig
blob: 1fb8aa0019953bed705eca818176a8820d29af39 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
config HAVE_TRUSTED_KEYS
	bool

config TRUSTED_KEYS_TPM
	bool "TPM-based trusted keys"
	depends on TCG_TPM >= TRUSTED_KEYS
	default y
	select CRYPTO
	select CRYPTO_HMAC
	select CRYPTO_SHA1
	select CRYPTO_HASH_INFO
	select ASN1_ENCODER
	select OID_REGISTRY
	select ASN1
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of the Trusted Platform Module (TPM) as trusted key
	  backend. Trusted keys are random number symmetric keys,
	  which will be generated and RSA-sealed by the TPM.
	  The TPM only unseals the keys, if the boot PCRs and other
	  criteria match.

config TRUSTED_KEYS_TEE
	bool "TEE-based trusted keys"
	depends on TEE >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of the Trusted Execution Environment (TEE) as trusted
	  key backend.

config TRUSTED_KEYS_CAAM
	bool "CAAM-based trusted keys"
	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
	default y
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
	  (CAAM) as trusted key backend.

config TRUSTED_KEYS_DCP
	bool "DCP-based trusted keys"
	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.

if !HAVE_TRUSTED_KEYS
	comment "No trust source selected!"
endif