| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231215110639.45522-3-david@sigma-star.at> Date: Fri, 15 Dec 2023 12:06:29 +0100 From: David Gstir <david@...ma-star.at> To: Mimi Zohar <zohar@...ux.ibm.com>, James Bottomley <jejb@...ux.ibm.com>, Jarkko Sakkinen <jarkko@...nel.org>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> Cc: David Gstir <david@...ma-star.at>, Shawn Guo <shawnguo@...nel.org>, Jonathan Corbet <corbet@....net>, Sascha Hauer <s.hauer@...gutronix.de>, Pengutronix Kernel Team <kernel@...gutronix.de>, Fabio Estevam <festevam@...il.com>, NXP Linux Team <linux-imx@....com>, Ahmad Fatoum <a.fatoum@...gutronix.de>, sigma star Kernel Team <upstream+dcp@...ma-star.at>, David Howells <dhowells@...hat.com>, Li Yang <leoyang.li@....com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, Randy Dunlap <rdunlap@...radead.org>, Catalin Marinas <catalin.marinas@....com>, "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>, Tejun Heo <tj@...nel.org>, "Steven Rostedt (Google)" <rostedt@...dmis.org>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org, keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linuxppc-dev@...ts.ozlabs.org, linux-security-module@...r.kernel.org Subject: [PATCH v5 2/6] KEYS: trusted: improve scalability of trust source config Checking if at least one valid trust source is selected does not scale and becomes hard to read. This improves this in preparation for the DCP trust source. Signed-off-by: David Gstir <david@...ma-star.at> --- security/keys/trusted-keys/Kconfig | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig index dbfdd8536468..553dc117f385 100644 --- a/security/keys/trusted-keys/Kconfig +++ b/security/keys/trusted-keys/Kconfig @@ -1,3 +1,6 @@ +config HAVE_TRUSTED_KEYS + bool + config TRUSTED_KEYS_TPM bool "TPM-based trusted keys" depends on TCG_TPM >= TRUSTED_KEYS @@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM select ASN1_ENCODER select OID_REGISTRY select ASN1 + select HAVE_TRUSTED_KEYS help Enable use of the Trusted Platform Module (TPM) as trusted key backend. Trusted keys are random number symmetric keys, @@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE bool "TEE-based trusted keys" depends on TEE >= TRUSTED_KEYS default y + select HAVE_TRUSTED_KEYS help Enable use of the Trusted Execution Environment (TEE) as trusted key backend. @@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS select CRYPTO_DEV_FSL_CAAM_BLOB_GEN default y + select HAVE_TRUSTED_KEYS help Enable use of NXP's Cryptographic Accelerator and Assurance Module (CAAM) as trusted key backend. -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM -comment "No trust source selected!" +if !HAVE_TRUSTED_KEYS + comment "No trust source selected!" endif -- 2.35.3
Powered by blists - more mailing lists