Ahmad Fatoum | be07858fb | 2022-05-13 16:56:59 +0200 | [diff] [blame] | 1 | config TRUSTED_KEYS_TPM |
| 2 | bool "TPM-based trusted keys" |
| 3 | depends on TCG_TPM >= TRUSTED_KEYS |
| 4 | default y |
| 5 | select CRYPTO |
| 6 | select CRYPTO_HMAC |
| 7 | select CRYPTO_SHA1 |
| 8 | select CRYPTO_HASH_INFO |
| 9 | select ASN1_ENCODER |
| 10 | select OID_REGISTRY |
| 11 | select ASN1 |
| 12 | help |
| 13 | Enable use of the Trusted Platform Module (TPM) as trusted key |
| 14 | backend. Trusted keys are random number symmetric keys, |
| 15 | which will be generated and RSA-sealed by the TPM. |
| 16 | The TPM only unseals the keys, if the boot PCRs and other |
| 17 | criteria match. |
| 18 | |
| 19 | config TRUSTED_KEYS_TEE |
| 20 | bool "TEE-based trusted keys" |
| 21 | depends on TEE >= TRUSTED_KEYS |
| 22 | default y |
| 23 | help |
| 24 | Enable use of the Trusted Execution Environment (TEE) as trusted |
| 25 | key backend. |
| 26 | |
Ahmad Fatoum | e9c5048 | 2022-05-13 16:57:03 +0200 | [diff] [blame] | 27 | config TRUSTED_KEYS_CAAM |
| 28 | bool "CAAM-based trusted keys" |
| 29 | depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS |
| 30 | select CRYPTO_DEV_FSL_CAAM_BLOB_GEN |
| 31 | default y |
| 32 | help |
| 33 | Enable use of NXP's Cryptographic Accelerator and Assurance Module |
| 34 | (CAAM) as trusted key backend. |
| 35 | |
| 36 | if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM |
Ahmad Fatoum | be07858fb | 2022-05-13 16:56:59 +0200 | [diff] [blame] | 37 | comment "No trust source selected!" |
| 38 | endif |