security/keys/trusted-keys/Kconfig - pub/scm/linux/kernel/git/next/linux-next - Git at Google

 config HAVE_TRUSTED_KEYS
 	bool

 config HAVE_TRUSTED_KEYS_DEBUG
 	bool

 config TRUSTED_KEYS_DEBUG
 	bool "Debug trusted keys"
 	depends on HAVE_TRUSTED_KEYS_DEBUG
 	default n
 	help
 	  Trusted key backends and core code that support debug traces can
 	  opt-in that feature here. Traces must only use debug level output, as
 	  sensitive data may pass by. In the kernel-command line traces can be
 	  enabled via trusted.dyndbg='+p'.

 	  SAFETY: Debug dumps are inactive at runtime until trusted.debug is set
 	  to a true value on the kernel command-line. Use at your utmost
 	  consideration when enabling this feature on a production build. The
 	  general advice is not to do this.

 config TRUSTED_KEYS_TPM
 	bool "TPM-based trusted keys"
 	depends on TCG_TPM >= TRUSTED_KEYS
 	default y
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select CRYPTO_HASH_INFO
 	select CRYPTO_LIB_SHA1
 	select CRYPTO_LIB_UTILS
 	select ASN1_ENCODER
 	select OID_REGISTRY
 	select ASN1
 	select HAVE_TRUSTED_KEYS
 	help
 	  Enable use of the Trusted Platform Module (TPM) as trusted key
 	  backend. Trusted keys are random number symmetric keys,
 	  which will be generated and RSA-sealed by the TPM.
 	  The TPM only unseals the keys, if the boot PCRs and other
 	  criteria match.

 config TRUSTED_KEYS_TEE
 	bool "TEE-based trusted keys"
 	depends on TEE >= TRUSTED_KEYS
 	default y
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select HAVE_TRUSTED_KEYS
 	help
 	  Enable use of the Trusted Execution Environment (TEE) as trusted
 	  key backend.

 config TRUSTED_KEYS_CAAM
 	bool "CAAM-based trusted keys"
 	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
 	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
 	default y
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select HAVE_TRUSTED_KEYS
 	help
 	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
 	  (CAAM) as trusted key backend.

 config TRUSTED_KEYS_DCP
 	bool "DCP-based trusted keys"
 	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
 	default y
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select HAVE_TRUSTED_KEYS
 	help
 	  Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.

 config TRUSTED_KEYS_PKWM
 	bool "PKWM-based trusted keys"
 	depends on PSERIES_PLPKS >= TRUSTED_KEYS
 	default y
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select HAVE_TRUSTED_KEYS
 	help
 	  Enable use of IBM PowerVM Key Wrapping Module (PKWM) as a trusted key backend.

 if !HAVE_TRUSTED_KEYS
 	comment "No trust source selected!"
 endif
	config HAVE_TRUSTED_KEYS
	bool

	config HAVE_TRUSTED_KEYS_DEBUG
	bool

	config TRUSTED_KEYS_DEBUG
	bool "Debug trusted keys"
	depends on HAVE_TRUSTED_KEYS_DEBUG
	default n
	help
	Trusted key backends and core code that support debug traces can
	opt-in that feature here. Traces must only use debug level output, as
	sensitive data may pass by. In the kernel-command line traces can be
	enabled via trusted.dyndbg='+p'.

	SAFETY: Debug dumps are inactive at runtime until trusted.debug is set
	to a true value on the kernel command-line. Use at your utmost
	consideration when enabling this feature on a production build. The
	general advice is not to do this.

	config TRUSTED_KEYS_TPM
	bool "TPM-based trusted keys"
	depends on TCG_TPM >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select CRYPTO_HASH_INFO
	select CRYPTO_LIB_SHA1
	select CRYPTO_LIB_UTILS
	select ASN1_ENCODER
	select OID_REGISTRY
	select ASN1
	select HAVE_TRUSTED_KEYS
	help
	Enable use of the Trusted Platform Module (TPM) as trusted key
	backend. Trusted keys are random number symmetric keys,
	which will be generated and RSA-sealed by the TPM.
	The TPM only unseals the keys, if the boot PCRs and other
	criteria match.

	config TRUSTED_KEYS_TEE
	bool "TEE-based trusted keys"
	depends on TEE >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	Enable use of the Trusted Execution Environment (TEE) as trusted
	key backend.

	config TRUSTED_KEYS_CAAM
	bool "CAAM-based trusted keys"
	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	Enable use of NXP's Cryptographic Accelerator and Assurance Module
	(CAAM) as trusted key backend.

	config TRUSTED_KEYS_DCP
	bool "DCP-based trusted keys"
	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.

	config TRUSTED_KEYS_PKWM
	bool "PKWM-based trusted keys"
	depends on PSERIES_PLPKS >= TRUSTED_KEYS
	default y
	select HAVE_TRUSTED_KEYS_DEBUG
	select HAVE_TRUSTED_KEYS
	help
	Enable use of IBM PowerVM Key Wrapping Module (PKWM) as a trusted key backend.

	if !HAVE_TRUSTED_KEYS
	comment "No trust source selected!"
	endif