config HAVE_TRUSTED_KEYS
	bool

config HAVE_TRUSTED_KEYS_DEBUG
	bool

config TRUSTED_KEYS_DEBUG
	bool "Debug trusted keys"
	depends on HAVE_TRUSTED_KEYS_DEBUG
	default n
	help
	  Trusted key backends and core code that support debug traces can
	  opt-in that feature here. Traces must only use debug level output, as
	  sensitive data may pass by. In the kernel-command line traces can be
	  enabled via trusted.dyndbg='+p'.

	  SAFETY: Debug dumps are inactive at runtime until trusted.debug is set
	  to a true value on the kernel command-line. Use at your utmost
	  consideration when enabling this feature on a production build. The
	  general advice is not to do this.

config TRUSTED_KEYS_TPM
	bool "TPM-based trusted keys"
	depends on TCG_TPM >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select CRYPTO_HASH_INFO
	select CRYPTO_LIB_SHA1
	select CRYPTO_LIB_UTILS
	select ASN1_ENCODER
	select OID_REGISTRY
	select ASN1
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of the Trusted Platform Module (TPM) as trusted key
	  backend. Trusted keys are random number symmetric keys,
	  which will be generated and RSA-sealed by the TPM.
	  The TPM only unseals the keys, if the boot PCRs and other
	  criteria match.

config TRUSTED_KEYS_TEE
	bool "TEE-based trusted keys"
	depends on TEE >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of the Trusted Execution Environment (TEE) as trusted
	  key backend.

config TRUSTED_KEYS_CAAM
	bool "CAAM-based trusted keys"
	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
	  (CAAM) as trusted key backend.

config TRUSTED_KEYS_DCP
	bool "DCP-based trusted keys"
	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.

config TRUSTED_KEYS_PKWM
	bool "PKWM-based trusted keys"
	depends on PSERIES_PLPKS >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	  Enable use of IBM PowerVM Key Wrapping Module (PKWM) as a trusted key backend.

if !HAVE_TRUSTED_KEYS
	comment "No trust source selected!"
endif