1633cb72fSDavid Gstirconfig HAVE_TRUSTED_KEYS 2633cb72fSDavid Gstir bool 3633cb72fSDavid Gstir 4be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TPM 5be07858fSAhmad Fatoum bool "TPM-based trusted keys" 6be07858fSAhmad Fatoum depends on TCG_TPM >= TRUSTED_KEYS 7be07858fSAhmad Fatoum default y 8be07858fSAhmad Fatoum select CRYPTO_HASH_INFO 9*366284cfSEric Biggers select CRYPTO_LIB_SHA1 10*366284cfSEric Biggers select CRYPTO_LIB_UTILS 11be07858fSAhmad Fatoum select ASN1_ENCODER 12be07858fSAhmad Fatoum select OID_REGISTRY 13be07858fSAhmad Fatoum select ASN1 14633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 15be07858fSAhmad Fatoum help 16be07858fSAhmad Fatoum Enable use of the Trusted Platform Module (TPM) as trusted key 17be07858fSAhmad Fatoum backend. Trusted keys are random number symmetric keys, 18be07858fSAhmad Fatoum which will be generated and RSA-sealed by the TPM. 19be07858fSAhmad Fatoum The TPM only unseals the keys, if the boot PCRs and other 20be07858fSAhmad Fatoum criteria match. 21be07858fSAhmad Fatoum 22be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TEE 23be07858fSAhmad Fatoum bool "TEE-based trusted keys" 24be07858fSAhmad Fatoum depends on TEE >= TRUSTED_KEYS 25be07858fSAhmad Fatoum default y 26633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 27be07858fSAhmad Fatoum help 28be07858fSAhmad Fatoum Enable use of the Trusted Execution Environment (TEE) as trusted 29be07858fSAhmad Fatoum key backend. 30be07858fSAhmad Fatoum 31e9c5048cSAhmad Fatoumconfig TRUSTED_KEYS_CAAM 32e9c5048cSAhmad Fatoum bool "CAAM-based trusted keys" 33e9c5048cSAhmad Fatoum depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 34e9c5048cSAhmad Fatoum select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 35e9c5048cSAhmad Fatoum default y 36633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 37e9c5048cSAhmad Fatoum help 38e9c5048cSAhmad Fatoum Enable use of NXP's Cryptographic Accelerator and Assurance Module 39e9c5048cSAhmad Fatoum (CAAM) as trusted key backend. 40e9c5048cSAhmad Fatoum 412e8a0f40SDavid Gstirconfig TRUSTED_KEYS_DCP 422e8a0f40SDavid Gstir bool "DCP-based trusted keys" 432e8a0f40SDavid Gstir depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS 442e8a0f40SDavid Gstir default y 452e8a0f40SDavid Gstir select HAVE_TRUSTED_KEYS 462e8a0f40SDavid Gstir help 472e8a0f40SDavid Gstir Enable use of NXP's DCP (Data Co-Processor) as trusted key backend. 482e8a0f40SDavid Gstir 49633cb72fSDavid Gstirif !HAVE_TRUSTED_KEYS 50be07858fSAhmad Fatoum comment "No trust source selected!" 51be07858fSAhmad Fatoumendif 52