162306a36Sopenharmony_ciconfig TRUSTED_KEYS_TPM 262306a36Sopenharmony_ci bool "TPM-based trusted keys" 362306a36Sopenharmony_ci depends on TCG_TPM >= TRUSTED_KEYS 462306a36Sopenharmony_ci default y 562306a36Sopenharmony_ci select CRYPTO 662306a36Sopenharmony_ci select CRYPTO_HMAC 762306a36Sopenharmony_ci select CRYPTO_SHA1 862306a36Sopenharmony_ci select CRYPTO_HASH_INFO 962306a36Sopenharmony_ci select ASN1_ENCODER 1062306a36Sopenharmony_ci select OID_REGISTRY 1162306a36Sopenharmony_ci select ASN1 1262306a36Sopenharmony_ci help 1362306a36Sopenharmony_ci Enable use of the Trusted Platform Module (TPM) as trusted key 1462306a36Sopenharmony_ci backend. Trusted keys are random number symmetric keys, 1562306a36Sopenharmony_ci which will be generated and RSA-sealed by the TPM. 1662306a36Sopenharmony_ci The TPM only unseals the keys, if the boot PCRs and other 1762306a36Sopenharmony_ci criteria match. 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ciconfig TRUSTED_KEYS_TEE 2062306a36Sopenharmony_ci bool "TEE-based trusted keys" 2162306a36Sopenharmony_ci depends on TEE >= TRUSTED_KEYS 2262306a36Sopenharmony_ci default y 2362306a36Sopenharmony_ci help 2462306a36Sopenharmony_ci Enable use of the Trusted Execution Environment (TEE) as trusted 2562306a36Sopenharmony_ci key backend. 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ciconfig TRUSTED_KEYS_CAAM 2862306a36Sopenharmony_ci bool "CAAM-based trusted keys" 2962306a36Sopenharmony_ci depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 3062306a36Sopenharmony_ci select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 3162306a36Sopenharmony_ci default y 3262306a36Sopenharmony_ci help 3362306a36Sopenharmony_ci Enable use of NXP's Cryptographic Accelerator and Assurance Module 3462306a36Sopenharmony_ci (CAAM) as trusted key backend. 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ciif !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM 3762306a36Sopenharmony_cicomment "No trust source selected!" 3862306a36Sopenharmony_ciendif 39