aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/linux
diff options
context:
space:
mode:
authorDaniel Golle <daniel@makrotopia.org>2020-12-09 12:43:57 +0000
committerDaniel Golle <daniel@makrotopia.org>2020-12-14 17:25:14 +0000
commitc74ae8957471ecf27bd8e70fb55f6841bcf3c618 (patch)
tree7d438e8e537fe70e9d3fee6117cbf27033f3458e /package/kernel/linux
parent7b85dd3788fd427ae95c6029b7a9177fd379ffea (diff)
downloadupstream-c74ae8957471ecf27bd8e70fb55f6841bcf3c618.tar.gz
upstream-c74ae8957471ecf27bd8e70fb55f6841bcf3c618.tar.bz2
upstream-c74ae8957471ecf27bd8e70fb55f6841bcf3c618.zip
kernel: package kmod-keys-encrypted and kmod-keys-trusted
Add kernel module packages for handling encrypted and TPM trusted keys on the kernel chain. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'package/kernel/linux')
-rw-r--r--package/kernel/linux/modules/other.mk41
1 files changed, 41 insertions, 0 deletions
diff --git a/package/kernel/linux/modules/other.mk b/package/kernel/linux/modules/other.mk
index 41de6ac2ba..421b1b536c 100644
--- a/package/kernel/linux/modules/other.mk
+++ b/package/kernel/linux/modules/other.mk
@@ -1103,6 +1103,47 @@ endef
$(eval $(call KernelPackage,echo))
+define KernelPackage/keys-encrypted
+ SUBMENU:=$(OTHER_MENU)
+ TITLE:=encrypted keys on kernel keyring
+ DEPENDS:=@KERNEL_KEYS +kmod-crypto-cbc +kmod-crypto-hmac +kmod-crypto-rng \
+ +kmod-crypto-sha256 +kmod-keys-trusted
+ KCONFIG:=CONFIG_ENCRYPTED_KEYS
+ FILES:=$(LINUX_DIR)/security/keys/encrypted-keys/encrypted-keys.ko
+ AUTOLOAD:=$(call AutoLoad,01,encrypted-keys,1)
+endef
+
+define KernelPackage/keys-encrypted/description
+ This module provides support for create/encrypting/decrypting keys
+ in the kernel. Encrypted keys are kernel generated random numbers,
+ which are encrypted/decrypted with a 'master' symmetric key. The
+ 'master' key can be either a trusted-key or user-key type.
+ Userspace only ever sees/stores encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-encrypted))
+
+
+define KernelPackage/keys-trusted
+ SUBMENU:=$(OTHER_MENU)
+ TITLE:=TPM trusted keys on kernel keyring
+ DEPENDS:=@KERNEL_KEYS +kmod-crypto-hash +kmod-crypto-hmac +kmod-crypto-sha1 +kmod-tpm
+ KCONFIG:=CONFIG_TRUSTED_KEYS
+ FILES:=$(LINUX_DIR)/security/keys/trusted.ko
+ AUTOLOAD:=$(call AutoLoad,01,trusted-keys,1)
+endef
+
+define KernelPackage/keys-trusted/description
+ This module provides support for creating, sealing, and unsealing
+ keys in the kernel. Trusted keys are random number symmetric keys,
+ generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+ if the boot PCRs and other criteria match. Userspace will only ever
+ see encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-trusted))
+
+
define KernelPackage/tpm
SUBMENU:=$(OTHER_MENU)
TITLE:=TPM Hardware Support