xref: /linux/security/keys/trusted-keys/Kconfig (revision dec1c62e91ba268ab2a6e339d4d7a59287d5eba1)
1config TRUSTED_KEYS_TPM
2	bool "TPM-based trusted keys"
3	depends on TCG_TPM >= TRUSTED_KEYS
4	default y
5	select CRYPTO
6	select CRYPTO_HMAC
7	select CRYPTO_SHA1
8	select CRYPTO_HASH_INFO
9	select ASN1_ENCODER
10	select OID_REGISTRY
11	select ASN1
12	help
13	  Enable use of the Trusted Platform Module (TPM) as trusted key
14	  backend. Trusted keys are random number symmetric keys,
15	  which will be generated and RSA-sealed by the TPM.
16	  The TPM only unseals the keys, if the boot PCRs and other
17	  criteria match.
18
19config TRUSTED_KEYS_TEE
20	bool "TEE-based trusted keys"
21	depends on TEE >= TRUSTED_KEYS
22	default y
23	help
24	  Enable use of the Trusted Execution Environment (TEE) as trusted
25	  key backend.
26
27config TRUSTED_KEYS_CAAM
28	bool "CAAM-based trusted keys"
29	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
30	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
31	default y
32	help
33	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
34	  (CAAM) as trusted key backend.
35
36if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
37comment "No trust source selected!"
38endif
39