xref: /linux/security/keys/trusted-keys/Kconfig (revision ea04ef19ebdcd22e8a21054a19c2c8fefae011ce)
1config HAVE_TRUSTED_KEYS
2	bool
3
4config TRUSTED_KEYS_TPM
5	bool "TPM-based trusted keys"
6	depends on TCG_TPM >= TRUSTED_KEYS
7	default y
8	select CRYPTO
9	select CRYPTO_HMAC
10	select CRYPTO_SHA1
11	select CRYPTO_HASH_INFO
12	select ASN1_ENCODER
13	select OID_REGISTRY
14	select ASN1
15	select HAVE_TRUSTED_KEYS
16	help
17	  Enable use of the Trusted Platform Module (TPM) as trusted key
18	  backend. Trusted keys are random number symmetric keys,
19	  which will be generated and RSA-sealed by the TPM.
20	  The TPM only unseals the keys, if the boot PCRs and other
21	  criteria match.
22
23config TRUSTED_KEYS_TEE
24	bool "TEE-based trusted keys"
25	depends on TEE >= TRUSTED_KEYS
26	default y
27	select HAVE_TRUSTED_KEYS
28	help
29	  Enable use of the Trusted Execution Environment (TEE) as trusted
30	  key backend.
31
32config TRUSTED_KEYS_CAAM
33	bool "CAAM-based trusted keys"
34	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
35	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
36	default y
37	select HAVE_TRUSTED_KEYS
38	help
39	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
40	  (CAAM) as trusted key backend.
41
42config TRUSTED_KEYS_DCP
43	bool "DCP-based trusted keys"
44	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
45	default y
46	select HAVE_TRUSTED_KEYS
47	help
48	  Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
49
50if !HAVE_TRUSTED_KEYS
51	comment "No trust source selected!"
52endif
53