security/keys/trusted-keys/Kconfig
Source file repositories/reference/linux-study-clean/security/keys/trusted-keys/Kconfig
File Facts
- System
- Linux kernel
- Corpus path
security/keys/trusted-keys/Kconfig- Extension
[no extension]- Size
- 2373 bytes
- Lines
- 83
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: build/configuration rule
- Status
- atlas-only
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
Dependency Surface
- No C-style include directives detected by the generator.
Detected Declarations
- No top-level syscall, struct, function, initcall, or export declaration detected by the generator.
Annotated Snippet
config HAVE_TRUSTED_KEYS
bool
config HAVE_TRUSTED_KEYS_DEBUG
bool
config TRUSTED_KEYS_DEBUG
bool "Debug trusted keys"
depends on HAVE_TRUSTED_KEYS_DEBUG
default n
help
Trusted key backends and core code that support debug traces can
opt-in that feature here. Traces must only use debug level output, as
sensitive data may pass by. In the kernel-command line traces can be
enabled via trusted.dyndbg='+p'.
SAFETY: Debug dumps are inactive at runtime until trusted.debug is set
to a true value on the kernel command-line. Use at your utmost
consideration when enabling this feature on a production build. The
general advice is not to do this.
config TRUSTED_KEYS_TPM
bool "TPM-based trusted keys"
depends on TCG_TPM >= TRUSTED_KEYS
default y
select HAVE_TRUSTED_KEYS_DEBUG
select CRYPTO_HASH_INFO
select CRYPTO_LIB_SHA1
select CRYPTO_LIB_UTILS
select ASN1_ENCODER
select OID_REGISTRY
select ASN1
select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Platform Module (TPM) as trusted key
backend. Trusted keys are random number symmetric keys,
which will be generated and RSA-sealed by the TPM.
The TPM only unseals the keys, if the boot PCRs and other
criteria match.
config TRUSTED_KEYS_TEE
bool "TEE-based trusted keys"
depends on TEE >= TRUSTED_KEYS
default y
select HAVE_TRUSTED_KEYS_DEBUG
select HAVE_TRUSTED_KEYS
help
Enable use of the Trusted Execution Environment (TEE) as trusted
key backend.
config TRUSTED_KEYS_CAAM
bool "CAAM-based trusted keys"
depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
default y
select HAVE_TRUSTED_KEYS_DEBUG
select HAVE_TRUSTED_KEYS
help
Enable use of NXP's Cryptographic Accelerator and Assurance Module
(CAAM) as trusted key backend.
config TRUSTED_KEYS_DCP
bool "DCP-based trusted keys"
depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
default y
select HAVE_TRUSTED_KEYS_DEBUG
select HAVE_TRUSTED_KEYS
help
Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
Annotation
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: atlas-only.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.