On Wed Mar 27, 2024 at 10:24 AM EET, David Gstir wrote:
> Enabling trusted keys requires at least one trust source implementation
> (currently TPM, TEE or CAAM) to be enabled. Currently, this is
> done by checking each trust source's config option individually.
> This does not scale when more trust sources like the one for DCP
> are added, because the condition will get long and hard to read.
>
> Add config HAVE_TRUSTED_KEYS which is set to true by each trust source
> once its enabled and adapt the check for having at least one active trust
> source to use this option. Whenever a new trust source is added, it now
> needs to select HAVE_TRUSTED_KEYS.
>
> Signed-off-by: David Gstir <da...@sigma-star.at>
> ---
>  security/keys/trusted-keys/Kconfig | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/security/keys/trusted-keys/Kconfig 
> b/security/keys/trusted-keys/Kconfig
> index dbfdd8536468..553dc117f385 100644
> --- a/security/keys/trusted-keys/Kconfig
> +++ b/security/keys/trusted-keys/Kconfig
> @@ -1,3 +1,6 @@
> +config HAVE_TRUSTED_KEYS
> +     bool
> +
>  config TRUSTED_KEYS_TPM
>       bool "TPM-based trusted keys"
>       depends on TCG_TPM >= TRUSTED_KEYS
> @@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM
>       select ASN1_ENCODER
>       select OID_REGISTRY
>       select ASN1
> +     select HAVE_TRUSTED_KEYS
>       help
>         Enable use of the Trusted Platform Module (TPM) as trusted key
>         backend. Trusted keys are random number symmetric keys,
> @@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE
>       bool "TEE-based trusted keys"
>       depends on TEE >= TRUSTED_KEYS
>       default y
> +     select HAVE_TRUSTED_KEYS
>       help
>         Enable use of the Trusted Execution Environment (TEE) as trusted
>         key backend.
> @@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM
>       depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
>       select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
>       default y
> +     select HAVE_TRUSTED_KEYS
>       help
>         Enable use of NXP's Cryptographic Accelerator and Assurance Module
>         (CAAM) as trusted key backend.
>  
> -if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
> -comment "No trust source selected!"
> +if !HAVE_TRUSTED_KEYS
> +     comment "No trust source selected!"
>  endif

Tested-by: Jarkko Sakkinen <jar...@kernel.org> # for TRUSTED_KEYS_TPM
Reviewed-by: Jarkko Sakkinen <jar...@kernel.org>

BR, Jarkko

Reply via email to