1be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TPM 2be07858fSAhmad Fatoum bool "TPM-based trusted keys" 3be07858fSAhmad Fatoum depends on TCG_TPM >= TRUSTED_KEYS 4be07858fSAhmad Fatoum default y 5be07858fSAhmad Fatoum select CRYPTO 6be07858fSAhmad Fatoum select CRYPTO_HMAC 7be07858fSAhmad Fatoum select CRYPTO_SHA1 8be07858fSAhmad Fatoum select CRYPTO_HASH_INFO 9be07858fSAhmad Fatoum select ASN1_ENCODER 10be07858fSAhmad Fatoum select OID_REGISTRY 11be07858fSAhmad Fatoum select ASN1 12be07858fSAhmad Fatoum help 13be07858fSAhmad Fatoum Enable use of the Trusted Platform Module (TPM) as trusted key 14be07858fSAhmad Fatoum backend. Trusted keys are random number symmetric keys, 15be07858fSAhmad Fatoum which will be generated and RSA-sealed by the TPM. 16be07858fSAhmad Fatoum The TPM only unseals the keys, if the boot PCRs and other 17be07858fSAhmad Fatoum criteria match. 18be07858fSAhmad Fatoum 19be07858fSAhmad Fatoumconfig TRUSTED_KEYS_TEE 20be07858fSAhmad Fatoum bool "TEE-based trusted keys" 21be07858fSAhmad Fatoum depends on TEE >= TRUSTED_KEYS 22be07858fSAhmad Fatoum default y 23be07858fSAhmad Fatoum help 24be07858fSAhmad Fatoum Enable use of the Trusted Execution Environment (TEE) as trusted 25be07858fSAhmad Fatoum key backend. 26be07858fSAhmad Fatoum 27*e9c5048cSAhmad Fatoumconfig TRUSTED_KEYS_CAAM 28*e9c5048cSAhmad Fatoum bool "CAAM-based trusted keys" 29*e9c5048cSAhmad Fatoum depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 30*e9c5048cSAhmad Fatoum select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 31*e9c5048cSAhmad Fatoum default y 32*e9c5048cSAhmad Fatoum help 33*e9c5048cSAhmad Fatoum Enable use of NXP's Cryptographic Accelerator and Assurance Module 34*e9c5048cSAhmad Fatoum (CAAM) as trusted key backend. 35*e9c5048cSAhmad Fatoum 36*e9c5048cSAhmad Fatoumif !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM 37be07858fSAhmad Fatoumcomment "No trust source selected!" 38be07858fSAhmad Fatoumendif 39