39 lines
1.0 KiB
Plaintext
39 lines
1.0 KiB
Plaintext
config TRUSTED_KEYS_TPM
|
|
bool "TPM-based trusted keys"
|
|
depends on TCG_TPM >= TRUSTED_KEYS
|
|
default y
|
|
select CRYPTO
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_HASH_INFO
|
|
select ASN1_ENCODER
|
|
select OID_REGISTRY
|
|
select ASN1
|
|
help
|
|
Enable use of the Trusted Platform Module (TPM) as trusted key
|
|
backend. Trusted keys are random number symmetric keys,
|
|
which will be generated and RSA-sealed by the TPM.
|
|
The TPM only unseals the keys, if the boot PCRs and other
|
|
criteria match.
|
|
|
|
config TRUSTED_KEYS_TEE
|
|
bool "TEE-based trusted keys"
|
|
depends on TEE >= TRUSTED_KEYS
|
|
default y
|
|
help
|
|
Enable use of the Trusted Execution Environment (TEE) as trusted
|
|
key backend.
|
|
|
|
config TRUSTED_KEYS_CAAM
|
|
bool "CAAM-based trusted keys"
|
|
depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
|
|
select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
|
|
default y
|
|
help
|
|
Enable use of NXP's Cryptographic Accelerator and Assurance Module
|
|
(CAAM) as trusted key backend.
|
|
|
|
if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
|
|
comment "No trust source selected!"
|
|
endif
|