| config TRUSTED_KEYS_TPM |
| bool "TPM-based trusted keys" |
| depends on TCG_TPM >= TRUSTED_KEYS |
| default y |
| select CRYPTO |
| select CRYPTO_HMAC |
| select CRYPTO_SHA1 |
| select CRYPTO_HASH_INFO |
| select ASN1_ENCODER |
| select OID_REGISTRY |
| select ASN1 |
| help |
| Enable use of the Trusted Platform Module (TPM) as trusted key |
| backend. Trusted keys are random number symmetric keys, |
| which will be generated and RSA-sealed by the TPM. |
| The TPM only unseals the keys, if the boot PCRs and other |
| criteria match. |
| |
| config TRUSTED_KEYS_TEE |
| bool "TEE-based trusted keys" |
| depends on TEE >= TRUSTED_KEYS |
| default y |
| help |
| Enable use of the Trusted Execution Environment (TEE) as trusted |
| key backend. |
| |
| config TRUSTED_KEYS_CAAM |
| bool "CAAM-based trusted keys" |
| depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS |
| select CRYPTO_DEV_FSL_CAAM_BLOB_GEN |
| default y |
| help |
| Enable use of NXP's Cryptographic Accelerator and Assurance Module |
| (CAAM) as trusted key backend. |
| |
| if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM |
| comment "No trust source selected!" |
| endif |
