Kconfig (cd3bc044af483422cc81a93f23c78c20c978b17c) | Kconfig (be07858fbf8115fc74528292c2ee8775fe49116f) |
---|---|
1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Key management configuration 4# 5 6config KEYS 7 bool "Enable access key retention support" 8 select ASSOCIATIVE_ARRAY --- 56 unchanged lines hidden (view full) --- 65 This option provides support for holding large keys within the kernel 66 (for example Kerberos ticket caches). The data may be stored out to 67 swapspace by tmpfs. 68 69 If you are unsure as to whether this is required, answer N. 70 71config TRUSTED_KEYS 72 tristate "TRUSTED KEYS" | 1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Key management configuration 4# 5 6config KEYS 7 bool "Enable access key retention support" 8 select ASSOCIATIVE_ARRAY --- 56 unchanged lines hidden (view full) --- 65 This option provides support for holding large keys within the kernel 66 (for example Kerberos ticket caches). The data may be stored out to 67 swapspace by tmpfs. 68 69 If you are unsure as to whether this is required, answer N. 70 71config TRUSTED_KEYS 72 tristate "TRUSTED KEYS" |
73 depends on KEYS && TCG_TPM 74 select CRYPTO 75 select CRYPTO_HMAC 76 select CRYPTO_SHA1 77 select CRYPTO_HASH_INFO 78 select ASN1_ENCODER 79 select OID_REGISTRY 80 select ASN1 | 73 depends on KEYS |
81 help 82 This option provides support for creating, sealing, and unsealing 83 keys in the kernel. Trusted keys are random number symmetric keys, | 74 help 75 This option provides support for creating, sealing, and unsealing 76 keys in the kernel. Trusted keys are random number symmetric keys, |
84 generated and RSA-sealed by the TPM. The TPM only unseals the keys, 85 if the boot PCRs and other criteria match. Userspace will only ever 86 see encrypted blobs. | 77 generated and sealed by a trust source selected at kernel boot-time. 78 Userspace will only ever see encrypted blobs. |
87 88 If you are unsure as to whether this is required, answer N. 89 | 79 80 If you are unsure as to whether this is required, answer N. 81 |
82if TRUSTED_KEYS 83source "security/keys/trusted-keys/Kconfig" 84endif 85 |
|
90config ENCRYPTED_KEYS 91 tristate "ENCRYPTED KEYS" 92 depends on KEYS 93 select CRYPTO 94 select CRYPTO_HMAC 95 select CRYPTO_AES 96 select CRYPTO_CBC 97 select CRYPTO_SHA256 --- 42 unchanged lines hidden --- | 86config ENCRYPTED_KEYS 87 tristate "ENCRYPTED KEYS" 88 depends on KEYS 89 select CRYPTO 90 select CRYPTO_HMAC 91 select CRYPTO_AES 92 select CRYPTO_CBC 93 select CRYPTO_SHA256 --- 42 unchanged lines hidden --- |