Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /crypto/asymmetric_keys/Kconfig 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# SPDX-License-Identifier: GPL-2.0
menuconfig CONFIG_ASYMMETRIC_KEY_TYPE
	bool "Asymmetric (public-key cryptographic) key type"
	depends on CONFIG_KEYS
	help
	  This option provides support for a key type that holds the data for
	  the asymmetric keys used for public key cryptographic operations such
	  as encryption, decryption, signature generation and signature
	  verification.

if CONFIG_ASYMMETRIC_KEY_TYPE

config CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	tristate "Asymmetric public-key crypto algorithm subtype"
	select CONFIG_MPILIB
	select CONFIG_CRYPTO_HASH_INFO
	select CONFIG_CRYPTO_AKCIPHER
	select CONFIG_CRYPTO_HASH
	help
	  This option provides support for asymmetric public key type handling.
	  If signature generation and/or verification are to be used,
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE
	tristate "Asymmetric TPM backed private key subtype"
	depends on CONFIG_TCG_TPM
	depends on CONFIG_TRUSTED_KEYS
	select CONFIG_CRYPTO_HMAC
	select CONFIG_CRYPTO_SHA1
	select CONFIG_CRYPTO_HASH_INFO
	help
	  This option provides support for TPM backed private key type handling.
	  Operations such as sign, verify, encrypt, decrypt are performed by
	  the TPM after the private key is loaded.

config CONFIG_X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select CONFIG_ASN1
	select CONFIG_OID_REGISTRY
	help
	  This option provides support for parsing X.509 format blobs for key
	  data and provides the ability to instantiate a crypto key from a
	  public key packet found inside the certificate.

config CONFIG_PKCS8_PRIVATE_KEY_PARSER
	tristate "PKCS#8 private key parser"
	depends on CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	select CONFIG_ASN1
	select CONFIG_OID_REGISTRY
	help
	  This option provides support for parsing PKCS#8 format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config CONFIG_TPM_KEY_PARSER
	tristate "TPM private key parser"
	depends on CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE
	select CONFIG_ASN1
	help
	  This option provides support for parsing TPM format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config CONFIG_PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on CONFIG_X509_CERTIFICATE_PARSER
	select CONFIG_CRYPTO_HASH
	select CONFIG_ASN1
	select CONFIG_OID_REGISTRY
	help
	  This option provides support for parsing PKCS#7 format messages for
	  signature data and provides the ability to verify the signature.

config CONFIG_PKCS7_TEST_KEY
	tristate "PKCS#7 testing key type"
	depends on CONFIG_SYSTEM_DATA_VERIFICATION
	help
	  This option provides a type of key that can be loaded up from a
	  PKCS#7 message - provided the message is signed by a trusted key.  If
	  it is, the PKCS#7 wrapper is discarded and reading the key returns
	  just the payload.  If it isn't, adding the key will fail with an
	  error.

	  This is intended for testing the PKCS#7 parser.

config CONFIG_SIGNED_PE_FILE_VERIFICATION
	bool "Support for PE file signature verification"
	depends on CONFIG_PKCS7_MESSAGE_PARSER=y
	depends on CONFIG_SYSTEM_DATA_VERIFICATION
	select CONFIG_CRYPTO_HASH
	select CONFIG_ASN1
	select CONFIG_OID_REGISTRY
	help
	  This option provides support for verifying the signature(s) on a
	  signed PE binary.

endif # CONFIG_ASYMMETRIC_KEY_TYPE