Commit 633cb72f authored by David Gstir's avatar David Gstir Committed by Jarkko Sakkinen
Browse files

KEYS: trusted: improve scalability of trust source config 



Enabling trusted keys requires at least one trust source implementation
(currently TPM, TEE or CAAM) to be enabled. Currently, this is
done by checking each trust source's config option individually.
This does not scale when more trust sources like the one for DCP
are added, because the condition will get long and hard to read.

Add config HAVE_TRUSTED_KEYS which is set to true by each trust source
once its enabled and adapt the check for having at least one active trust
source to use this option. Whenever a new trust source is added, it now
needs to select HAVE_TRUSTED_KEYS.

Signed-off-by: default avatarDavid Gstir <david@sigma-star.at>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org> # for TRUSTED_KEYS_TPM
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
parent 3d16af0b

security/keys/trusted-keys/Kconfig

+8 −2
Original line number Diff line number Diff line 
config HAVE_TRUSTED_KEYS

	bool



config TRUSTED_KEYS_TPM

	bool "TPM-based trusted keys"

	depends on TCG_TPM >= TRUSTED_KEYS
@@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM 
	select ASN1_ENCODER

	select OID_REGISTRY

	select ASN1

	select HAVE_TRUSTED_KEYS

	help

	  Enable use of the Trusted Platform Module (TPM) as trusted key

	  backend. Trusted keys are random number symmetric keys,
@@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE 
	bool "TEE-based trusted keys"

	depends on TEE >= TRUSTED_KEYS

	default y

	select HAVE_TRUSTED_KEYS

	help

	  Enable use of the Trusted Execution Environment (TEE) as trusted

	  key backend.
@@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM 
	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS

	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN

	default y

	select HAVE_TRUSTED_KEYS

	help

	  Enable use of NXP's Cryptographic Accelerator and Assurance Module

	  (CAAM) as trusted key backend.



if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM

if !HAVE_TRUSTED_KEYS

	comment "No trust source selected!"

endif