1*be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TPM 2*be07858fSAhmad Fatoum bool "TPM-based trusted keys" 3*be07858fSAhmad Fatoum depends on TCG_TPM >= TRUSTED_KEYS 4*be07858fSAhmad Fatoum default y 5*be07858fSAhmad Fatoum select CRYPTO 6*be07858fSAhmad Fatoum select CRYPTO_HMAC 7*be07858fSAhmad Fatoum select CRYPTO_SHA1 8*be07858fSAhmad Fatoum select CRYPTO_HASH_INFO 9*be07858fSAhmad Fatoum select ASN1_ENCODER 10*be07858fSAhmad Fatoum select OID_REGISTRY 11*be07858fSAhmad Fatoum select ASN1 12*be07858fSAhmad Fatoum help 13*be07858fSAhmad Fatoum Enable use of the Trusted Platform Module (TPM) as trusted key 14*be07858fSAhmad Fatoum backend. Trusted keys are random number symmetric keys, 15*be07858fSAhmad Fatoum which will be generated and RSA-sealed by the TPM. 16*be07858fSAhmad Fatoum The TPM only unseals the keys, if the boot PCRs and other 17*be07858fSAhmad Fatoum criteria match. 18*be07858fSAhmad Fatoum 19*be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TEE 20*be07858fSAhmad Fatoum bool "TEE-based trusted keys" 21*be07858fSAhmad Fatoum depends on TEE >= TRUSTED_KEYS 22*be07858fSAhmad Fatoum default y 23*be07858fSAhmad Fatoum help 24*be07858fSAhmad Fatoum Enable use of the Trusted Execution Environment (TEE) as trusted 25*be07858fSAhmad Fatoum key backend. 26*be07858fSAhmad Fatoum 27*be07858fSAhmad Fatoumif !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE 28*be07858fSAhmad Fatoumcomment "No trust source selected!" 29*be07858fSAhmad Fatoumendif 30