1633cb72fSDavid Gstirconfig HAVE_TRUSTED_KEYS 2633cb72fSDavid Gstir bool 3633cb72fSDavid Gstir 4be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TPM 5be07858fSAhmad Fatoum bool "TPM-based trusted keys" 6be07858fSAhmad Fatoum depends on TCG_TPM >= TRUSTED_KEYS 7be07858fSAhmad Fatoum default y 8be07858fSAhmad Fatoum select CRYPTO 9be07858fSAhmad Fatoum select CRYPTO_HMAC 10be07858fSAhmad Fatoum select CRYPTO_SHA1 11be07858fSAhmad Fatoum select CRYPTO_HASH_INFO 12be07858fSAhmad Fatoum select ASN1_ENCODER 13be07858fSAhmad Fatoum select OID_REGISTRY 14be07858fSAhmad Fatoum select ASN1 15633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 16be07858fSAhmad Fatoum help 17be07858fSAhmad Fatoum Enable use of the Trusted Platform Module (TPM) as trusted key 18be07858fSAhmad Fatoum backend. Trusted keys are random number symmetric keys, 19be07858fSAhmad Fatoum which will be generated and RSA-sealed by the TPM. 20be07858fSAhmad Fatoum The TPM only unseals the keys, if the boot PCRs and other 21be07858fSAhmad Fatoum criteria match. 22be07858fSAhmad Fatoum 23be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TEE 24be07858fSAhmad Fatoum bool "TEE-based trusted keys" 25be07858fSAhmad Fatoum depends on TEE >= TRUSTED_KEYS 26be07858fSAhmad Fatoum default y 27633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 28be07858fSAhmad Fatoum help 29be07858fSAhmad Fatoum Enable use of the Trusted Execution Environment (TEE) as trusted 30be07858fSAhmad Fatoum key backend. 31be07858fSAhmad Fatoum 32e9c5048cSAhmad Fatoumconfig TRUSTED_KEYS_CAAM 33e9c5048cSAhmad Fatoum bool "CAAM-based trusted keys" 34e9c5048cSAhmad Fatoum depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 35e9c5048cSAhmad Fatoum select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 36e9c5048cSAhmad Fatoum default y 37633cb72fSDavid Gstir select HAVE_TRUSTED_KEYS 38e9c5048cSAhmad Fatoum help 39e9c5048cSAhmad Fatoum Enable use of NXP's Cryptographic Accelerator and Assurance Module 40e9c5048cSAhmad Fatoum (CAAM) as trusted key backend. 41e9c5048cSAhmad Fatoum 42*2e8a0f40SDavid Gstirconfig TRUSTED_KEYS_DCP 43*2e8a0f40SDavid Gstir bool "DCP-based trusted keys" 44*2e8a0f40SDavid Gstir depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS 45*2e8a0f40SDavid Gstir default y 46*2e8a0f40SDavid Gstir select HAVE_TRUSTED_KEYS 47*2e8a0f40SDavid Gstir help 48*2e8a0f40SDavid Gstir Enable use of NXP's DCP (Data Co-Processor) as trusted key backend. 49*2e8a0f40SDavid Gstir 50633cb72fSDavid Gstirif !HAVE_TRUSTED_KEYS 51be07858fSAhmad Fatoum comment "No trust source selected!" 52be07858fSAhmad Fatoumendif 53