1config TRUSTED_KEYS_TPM 2 bool "TPM-based trusted keys" 3 depends on TCG_TPM >= TRUSTED_KEYS 4 default y 5 select CRYPTO 6 select CRYPTO_HMAC 7 select CRYPTO_SHA1 8 select CRYPTO_HASH_INFO 9 select ASN1_ENCODER 10 select OID_REGISTRY 11 select ASN1 12 help 13 Enable use of the Trusted Platform Module (TPM) as trusted key 14 backend. Trusted keys are random number symmetric keys, 15 which will be generated and RSA-sealed by the TPM. 16 The TPM only unseals the keys, if the boot PCRs and other 17 criteria match. 18 19config TRUSTED_KEYS_TEE 20 bool "TEE-based trusted keys" 21 depends on TEE >= TRUSTED_KEYS 22 default y 23 help 24 Enable use of the Trusted Execution Environment (TEE) as trusted 25 key backend. 26 27if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE 28comment "No trust source selected!" 29endif 30