xref: /linux/security/keys/trusted-keys/Kconfig (revision 4d05e948cebe03974ab9927daee55273207fdc22) 
1config HAVE_TRUSTED_KEYS
2	bool
3
4config HAVE_TRUSTED_KEYS_DEBUG
5	bool
6
7config TRUSTED_KEYS_DEBUG
8	bool "Debug trusted keys"
9	depends on HAVE_TRUSTED_KEYS_DEBUG
10	default n
11	help
12	  Trusted key backends and core code that support debug traces can
13	  opt-in that feature here. Traces must only use debug level output, as
14	  sensitive data may pass by. In the kernel-command line traces can be
15	  enabled via trusted.dyndbg='+p'.
16
17	  SAFETY: Debug dumps are inactive at runtime until trusted.debug is set
18	  to a true value on the kernel command-line. Use at your utmost
19	  consideration when enabling this feature on a production build. The
20	  general advice is not to do this.
21
22config TRUSTED_KEYS_TPM
23	bool "TPM-based trusted keys"
24	depends on TCG_TPM >= TRUSTED_KEYS
25	default y
26	select HAVE_TRUSTED_KEYS_DEBUG
27	select CRYPTO_HASH_INFO
28	select CRYPTO_LIB_SHA1
29	select CRYPTO_LIB_UTILS
30	select ASN1_ENCODER
31	select OID_REGISTRY
32	select ASN1
33	select HAVE_TRUSTED_KEYS
34	help
35	  Enable use of the Trusted Platform Module (TPM) as trusted key
36	  backend. Trusted keys are random number symmetric keys,
37	  which will be generated and RSA-sealed by the TPM.
38	  The TPM only unseals the keys, if the boot PCRs and other
39	  criteria match.
40
41config TRUSTED_KEYS_TEE
42	bool "TEE-based trusted keys"
43	depends on TEE >= TRUSTED_KEYS
44	default y
45	select HAVE_TRUSTED_KEYS_DEBUG
46	select HAVE_TRUSTED_KEYS
47	help
48	  Enable use of the Trusted Execution Environment (TEE) as trusted
49	  key backend.
50
51config TRUSTED_KEYS_CAAM
52	bool "CAAM-based trusted keys"
53	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
54	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
55	default y
56	select HAVE_TRUSTED_KEYS_DEBUG
57	select HAVE_TRUSTED_KEYS
58	help
59	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
60	  (CAAM) as trusted key backend.
61
62config TRUSTED_KEYS_DCP
63	bool "DCP-based trusted keys"
64	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
65	default y
66	select HAVE_TRUSTED_KEYS_DEBUG
67	select HAVE_TRUSTED_KEYS
68	help
69	  Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
70
71config TRUSTED_KEYS_PKWM
72	bool "PKWM-based trusted keys"
73	depends on PSERIES_PLPKS >= TRUSTED_KEYS
74	default y
75	select HAVE_TRUSTED_KEYS_DEBUG
76	select HAVE_TRUSTED_KEYS
77	help
78	  Enable use of IBM PowerVM Key Wrapping Module (PKWM) as a trusted key backend.
79
80if !HAVE_TRUSTED_KEYS
81	comment "No trust source selected!"
82endif
83