Kconfig (cd3bc044af483422cc81a93f23c78c20c978b17c) Kconfig (be07858fbf8115fc74528292c2ee8775fe49116f)
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Key management configuration
4#
5
6config KEYS
7 bool "Enable access key retention support"
8 select ASSOCIATIVE_ARRAY

--- 56 unchanged lines hidden (view full) ---

65 This option provides support for holding large keys within the kernel
66 (for example Kerberos ticket caches). The data may be stored out to
67 swapspace by tmpfs.
68
69 If you are unsure as to whether this is required, answer N.
70
71config TRUSTED_KEYS
72 tristate "TRUSTED KEYS"
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Key management configuration
4#
5
6config KEYS
7 bool "Enable access key retention support"
8 select ASSOCIATIVE_ARRAY

--- 56 unchanged lines hidden (view full) ---

65 This option provides support for holding large keys within the kernel
66 (for example Kerberos ticket caches). The data may be stored out to
67 swapspace by tmpfs.
68
69 If you are unsure as to whether this is required, answer N.
70
71config TRUSTED_KEYS
72 tristate "TRUSTED KEYS"
73 depends on KEYS && TCG_TPM
74 select CRYPTO
75 select CRYPTO_HMAC
76 select CRYPTO_SHA1
77 select CRYPTO_HASH_INFO
78 select ASN1_ENCODER
79 select OID_REGISTRY
80 select ASN1
73 depends on KEYS
81 help
82 This option provides support for creating, sealing, and unsealing
83 keys in the kernel. Trusted keys are random number symmetric keys,
74 help
75 This option provides support for creating, sealing, and unsealing
76 keys in the kernel. Trusted keys are random number symmetric keys,
84 generated and RSA-sealed by the TPM. The TPM only unseals the keys,
85 if the boot PCRs and other criteria match. Userspace will only ever
86 see encrypted blobs.
77 generated and sealed by a trust source selected at kernel boot-time.
78 Userspace will only ever see encrypted blobs.
87
88 If you are unsure as to whether this is required, answer N.
89
79
80 If you are unsure as to whether this is required, answer N.
81
82if TRUSTED_KEYS
83source "security/keys/trusted-keys/Kconfig"
84endif
85
90config ENCRYPTED_KEYS
91 tristate "ENCRYPTED KEYS"
92 depends on KEYS
93 select CRYPTO
94 select CRYPTO_HMAC
95 select CRYPTO_AES
96 select CRYPTO_CBC
97 select CRYPTO_SHA256

--- 42 unchanged lines hidden ---
86config ENCRYPTED_KEYS
87 tristate "ENCRYPTED KEYS"
88 depends on KEYS
89 select CRYPTO
90 select CRYPTO_HMAC
91 select CRYPTO_AES
92 select CRYPTO_CBC
93 select CRYPTO_SHA256

--- 42 unchanged lines hidden ---