tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

KEYS: trusted: improve scalability of trust source config

Enabling trusted keys requires at least one trust source implementation
(currently TPM, TEE or CAAM) to be enabled. Currently, this is
done by checking each trust source's config option individually.
This does not scale when more trust sources like the one for DCP
are added, because the condition will get long and hard to read.

Add config HAVE_TRUSTED_KEYS which is set to true by each trust source
once its enabled and adapt the check for having at least one active trust
source to use this option. Whenever a new trust source is added, it now
needs to select HAVE_TRUSTED_KEYS.

Signed-off-by: David Gstir <david@sigma-star.at>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org> # for TRUSTED_KEYS_TPM
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

authored by

David Gstir and committed by
Jarkko Sakkinen 633cb72f 3d16af0b

+8 -2
+8 -2
security/keys/trusted-keys/Kconfig
··· 1 + config HAVE_TRUSTED_KEYS 2 + bool 3 + 1 4 config TRUSTED_KEYS_TPM 2 5 bool "TPM-based trusted keys" 3 6 depends on TCG_TPM >= TRUSTED_KEYS ··· 12 9 select ASN1_ENCODER 13 10 select OID_REGISTRY 14 11 select ASN1 12 + select HAVE_TRUSTED_KEYS 15 13 help 16 14 Enable use of the Trusted Platform Module (TPM) as trusted key 17 15 backend. Trusted keys are random number symmetric keys, ··· 24 20 bool "TEE-based trusted keys" 25 21 depends on TEE >= TRUSTED_KEYS 26 22 default y 23 + select HAVE_TRUSTED_KEYS 27 24 help 28 25 Enable use of the Trusted Execution Environment (TEE) as trusted 29 26 key backend. ··· 34 29 depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS 35 30 select CRYPTO_DEV_FSL_CAAM_BLOB_GEN 36 31 default y 32 + select HAVE_TRUSTED_KEYS 37 33 help 38 34 Enable use of NXP's Cryptographic Accelerator and Assurance Module 39 35 (CAAM) as trusted key backend. 40 36 41 - if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM 42 - comment "No trust source selected!" 37 + if !HAVE_TRUSTED_KEYS 38 + comment "No trust source selected!" 43 39 endif