1config HAVE_TRUSTED_KEYS 2 bool 3 4config TRUSTED_KEYS_TPM 5 bool "TPM-based trusted keys" 6 depends on TCG_TPM >= TRUSTED_KEYS 7 default y 8 select CRYPTO 9 select CRYPTO_HMAC 10 select CRYPTO_SHA1 11 select CRYPTO_HASH_INFO 12 select ASN1_ENCODER 13 select OID_REGISTRY 14 select ASN1 15 select HAVE_TRUSTED_KEYS 16 help 17 Enable use of the Trusted Platform Module (TPM) as trusted key 18 backend. Trusted keys are random number symmetric keys, 19 which will be generated and RSA-sealed by the TPM. 20 The TPM only unseals the keys, if the boot PCRs and other 21 criteria match. 22 23config TRUSTED_KEYS_TEE 24 bool "TEE-based trusted keys" 25 depends on TEE >= TRUSTED_KEYS 26 default y 27 select HAVE_TRUSTED_KEYS 28 help 29 Enable use of the Trusted Execution Environment (TEE) as trusted 30 key backend. 31 32config TRUSTED_KEYS_CAAM 33 bool "CAAM-based trusted keys" 34 depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 35 select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 36 default y 37 select HAVE_TRUSTED_KEYS 38 help 39 Enable use of NXP's Cryptographic Accelerator and Assurance Module 40 (CAAM) as trusted key backend. 41 42if !HAVE_TRUSTED_KEYS 43 comment "No trust source selected!" 44endif 45