mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 00:48:50 +00:00
b07067627c
We have a need in the TPM2 trusted keys to return the ASN.1 form of the TPM key blob so it can be operated on by tools outside of the kernel. The specific tools are the openssl_tpm2_engine, openconnect and the Intel tpm2-tss-engine. To do that, we have to be able to read and write the same binary key format the tools use. The current ASN.1 decoder does fine for reading, but we need pieces of an ASN.1 encoder to write the key blob in binary compatible form. For backwards compatibility, the trusted key reader code will still accept the two TPM2B quantities that it uses today, but the writer will only output the ASN.1 form. The current implementation only encodes the ASN.1 bits we actually need. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: David Howells <dhowells@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
706 lines
16 KiB
Text
706 lines
16 KiB
Text
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
# Library configuration
|
|
#
|
|
|
|
config BINARY_PRINTF
|
|
def_bool n
|
|
|
|
menu "Library routines"
|
|
|
|
config RAID6_PQ
|
|
tristate
|
|
|
|
config RAID6_PQ_BENCHMARK
|
|
bool "Automatically choose fastest RAID6 PQ functions"
|
|
depends on RAID6_PQ
|
|
default y
|
|
help
|
|
Benchmark all available RAID6 PQ functions on init and choose the
|
|
fastest one.
|
|
|
|
config LINEAR_RANGES
|
|
tristate
|
|
|
|
config PACKING
|
|
bool "Generic bitfield packing and unpacking"
|
|
default n
|
|
help
|
|
This option provides the packing() helper function, which permits
|
|
converting bitfields between a CPU-usable representation and a
|
|
memory representation that can have any combination of these quirks:
|
|
- Is little endian (bytes are reversed within a 32-bit group)
|
|
- The least-significant 32-bit word comes first (within a 64-bit
|
|
group)
|
|
- The most significant bit of a byte is at its right (bit 0 of a
|
|
register description is numerically 2^7).
|
|
Drivers may use these helpers to match the bit indices as described
|
|
in the data sheets of the peripherals they are in control of.
|
|
|
|
When in doubt, say N.
|
|
|
|
config BITREVERSE
|
|
tristate
|
|
|
|
config HAVE_ARCH_BITREVERSE
|
|
bool
|
|
default n
|
|
depends on BITREVERSE
|
|
help
|
|
This option enables the use of hardware bit-reversal instructions on
|
|
architectures which support such operations.
|
|
|
|
config GENERIC_STRNCPY_FROM_USER
|
|
bool
|
|
|
|
config GENERIC_STRNLEN_USER
|
|
bool
|
|
|
|
config GENERIC_NET_UTILS
|
|
bool
|
|
|
|
config GENERIC_FIND_FIRST_BIT
|
|
bool
|
|
|
|
source "lib/math/Kconfig"
|
|
|
|
config NO_GENERIC_PCI_IOPORT_MAP
|
|
bool
|
|
|
|
config GENERIC_PCI_IOMAP
|
|
bool
|
|
|
|
config GENERIC_IOMAP
|
|
bool
|
|
select GENERIC_PCI_IOMAP
|
|
|
|
config STMP_DEVICE
|
|
bool
|
|
|
|
config ARCH_USE_CMPXCHG_LOCKREF
|
|
bool
|
|
|
|
config ARCH_HAS_FAST_MULTIPLIER
|
|
bool
|
|
|
|
config ARCH_USE_SYM_ANNOTATIONS
|
|
bool
|
|
|
|
config INDIRECT_PIO
|
|
bool "Access I/O in non-MMIO mode"
|
|
depends on ARM64
|
|
help
|
|
On some platforms where no separate I/O space exists, there are I/O
|
|
hosts which can not be accessed in MMIO mode. Using the logical PIO
|
|
mechanism, the host-local I/O resource can be mapped into system
|
|
logic PIO space shared with MMIO hosts, such as PCI/PCIe, then the
|
|
system can access the I/O devices with the mapped-logic PIO through
|
|
I/O accessors.
|
|
|
|
This way has relatively little I/O performance cost. Please make
|
|
sure your devices really need this configure item enabled.
|
|
|
|
When in doubt, say N.
|
|
|
|
config CRC_CCITT
|
|
tristate "CRC-CCITT functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC-CCITT functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC-CCITT
|
|
functions require M here.
|
|
|
|
config CRC16
|
|
tristate "CRC16 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC16 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC16
|
|
functions require M here.
|
|
|
|
config CRC_T10DIF
|
|
tristate "CRC calculation for the T10 Data Integrity Field"
|
|
select CRYPTO
|
|
select CRYPTO_CRCT10DIF
|
|
help
|
|
This option is only needed if a module that's not in the
|
|
kernel tree needs to calculate CRC checks for use with the
|
|
SCSI data integrity subsystem.
|
|
|
|
config CRC_ITU_T
|
|
tristate "CRC ITU-T V.41 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC ITU-T V.41 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC ITU-T V.41
|
|
functions require M here.
|
|
|
|
config CRC32
|
|
tristate "CRC32/CRC32c functions"
|
|
default y
|
|
select BITREVERSE
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32/CRC32c functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC32/CRC32c
|
|
functions require M here.
|
|
|
|
config CRC32_SELFTEST
|
|
tristate "CRC32 perform self test on init"
|
|
depends on CRC32
|
|
help
|
|
This option enables the CRC32 library functions to perform a
|
|
self test on initialization. The self test computes crc32_le
|
|
and crc32_be over byte strings with random alignment and length
|
|
and computes the total elapsed time and number of bytes processed.
|
|
|
|
choice
|
|
prompt "CRC32 implementation"
|
|
depends on CRC32
|
|
default CRC32_SLICEBY8
|
|
help
|
|
This option allows a kernel builder to override the default choice
|
|
of CRC32 algorithm. Choose the default ("slice by 8") unless you
|
|
know that you need one of the others.
|
|
|
|
config CRC32_SLICEBY8
|
|
bool "Slice by 8 bytes"
|
|
help
|
|
Calculate checksum 8 bytes at a time with a clever slicing algorithm.
|
|
This is the fastest algorithm, but comes with a 8KiB lookup table.
|
|
Most modern processors have enough cache to hold this table without
|
|
thrashing the cache.
|
|
|
|
This is the default implementation choice. Choose this one unless
|
|
you have a good reason not to.
|
|
|
|
config CRC32_SLICEBY4
|
|
bool "Slice by 4 bytes"
|
|
help
|
|
Calculate checksum 4 bytes at a time with a clever slicing algorithm.
|
|
This is a bit slower than slice by 8, but has a smaller 4KiB lookup
|
|
table.
|
|
|
|
Only choose this option if you know what you are doing.
|
|
|
|
config CRC32_SARWATE
|
|
bool "Sarwate's Algorithm (one byte at a time)"
|
|
help
|
|
Calculate checksum a byte at a time using Sarwate's algorithm. This
|
|
is not particularly fast, but has a small 256 byte lookup table.
|
|
|
|
Only choose this option if you know what you are doing.
|
|
|
|
config CRC32_BIT
|
|
bool "Classic Algorithm (one bit at a time)"
|
|
help
|
|
Calculate checksum one bit at a time. This is VERY slow, but has
|
|
no lookup table. This is provided as a debugging option.
|
|
|
|
Only choose this option if you are debugging crc32.
|
|
|
|
endchoice
|
|
|
|
config CRC64
|
|
tristate "CRC64 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC64 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC64
|
|
functions require M here.
|
|
|
|
config CRC4
|
|
tristate "CRC4 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC4 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC4
|
|
functions require M here.
|
|
|
|
config CRC7
|
|
tristate "CRC7 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC7 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC7
|
|
functions require M here.
|
|
|
|
config LIBCRC32C
|
|
tristate "CRC32c (Castagnoli, et al) Cyclic Redundancy-Check"
|
|
select CRYPTO
|
|
select CRYPTO_CRC32C
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32c functions, but a module built outside the
|
|
kernel tree does. Such modules that use library CRC32c functions
|
|
require M here. See Castagnoli93.
|
|
Module will be libcrc32c.
|
|
|
|
config CRC8
|
|
tristate "CRC8 function"
|
|
help
|
|
This option provides CRC8 function. Drivers may select this
|
|
when they need to do cyclic redundancy check according CRC8
|
|
algorithm. Module will be called crc8.
|
|
|
|
config XXHASH
|
|
tristate
|
|
|
|
config AUDIT_GENERIC
|
|
bool
|
|
depends on AUDIT && !AUDIT_ARCH
|
|
default y
|
|
|
|
config AUDIT_ARCH_COMPAT_GENERIC
|
|
bool
|
|
default n
|
|
|
|
config AUDIT_COMPAT_GENERIC
|
|
bool
|
|
depends on AUDIT_GENERIC && AUDIT_ARCH_COMPAT_GENERIC && COMPAT
|
|
default y
|
|
|
|
config RANDOM32_SELFTEST
|
|
bool "PRNG perform self test on init"
|
|
help
|
|
This option enables the 32 bit PRNG library functions to perform a
|
|
self test on initialization.
|
|
|
|
#
|
|
# compression support is select'ed if needed
|
|
#
|
|
config 842_COMPRESS
|
|
select CRC32
|
|
tristate
|
|
|
|
config 842_DECOMPRESS
|
|
select CRC32
|
|
tristate
|
|
|
|
config ZLIB_INFLATE
|
|
tristate
|
|
|
|
config ZLIB_DEFLATE
|
|
tristate
|
|
select BITREVERSE
|
|
|
|
config ZLIB_DFLTCC
|
|
def_bool y
|
|
depends on S390
|
|
prompt "Enable s390x DEFLATE CONVERSION CALL support for kernel zlib"
|
|
help
|
|
Enable s390x hardware support for zlib in the kernel.
|
|
|
|
config LZO_COMPRESS
|
|
tristate
|
|
|
|
config LZO_DECOMPRESS
|
|
tristate
|
|
|
|
config LZ4_COMPRESS
|
|
tristate
|
|
|
|
config LZ4HC_COMPRESS
|
|
tristate
|
|
|
|
config LZ4_DECOMPRESS
|
|
tristate
|
|
|
|
config ZSTD_COMPRESS
|
|
select XXHASH
|
|
tristate
|
|
|
|
config ZSTD_DECOMPRESS
|
|
select XXHASH
|
|
tristate
|
|
|
|
source "lib/xz/Kconfig"
|
|
|
|
#
|
|
# These all provide a common interface (hence the apparent duplication with
|
|
# ZLIB_INFLATE; DECOMPRESS_GZIP is just a wrapper.)
|
|
#
|
|
config DECOMPRESS_GZIP
|
|
select ZLIB_INFLATE
|
|
tristate
|
|
|
|
config DECOMPRESS_BZIP2
|
|
tristate
|
|
|
|
config DECOMPRESS_LZMA
|
|
tristate
|
|
|
|
config DECOMPRESS_XZ
|
|
select XZ_DEC
|
|
tristate
|
|
|
|
config DECOMPRESS_LZO
|
|
select LZO_DECOMPRESS
|
|
tristate
|
|
|
|
config DECOMPRESS_LZ4
|
|
select LZ4_DECOMPRESS
|
|
tristate
|
|
|
|
config DECOMPRESS_ZSTD
|
|
select ZSTD_DECOMPRESS
|
|
tristate
|
|
|
|
#
|
|
# Generic allocator support is selected if needed
|
|
#
|
|
config GENERIC_ALLOCATOR
|
|
bool
|
|
|
|
#
|
|
# reed solomon support is select'ed if needed
|
|
#
|
|
config REED_SOLOMON
|
|
tristate
|
|
|
|
config REED_SOLOMON_ENC8
|
|
bool
|
|
|
|
config REED_SOLOMON_DEC8
|
|
bool
|
|
|
|
config REED_SOLOMON_ENC16
|
|
bool
|
|
|
|
config REED_SOLOMON_DEC16
|
|
bool
|
|
|
|
#
|
|
# BCH support is selected if needed
|
|
#
|
|
config BCH
|
|
tristate
|
|
|
|
config BCH_CONST_PARAMS
|
|
bool
|
|
help
|
|
Drivers may select this option to force specific constant
|
|
values for parameters 'm' (Galois field order) and 't'
|
|
(error correction capability). Those specific values must
|
|
be set by declaring default values for symbols BCH_CONST_M
|
|
and BCH_CONST_T.
|
|
Doing so will enable extra compiler optimizations,
|
|
improving encoding and decoding performance up to 2x for
|
|
usual (m,t) values (typically such that m*t < 200).
|
|
When this option is selected, the BCH library supports
|
|
only a single (m,t) configuration. This is mainly useful
|
|
for NAND flash board drivers requiring known, fixed BCH
|
|
parameters.
|
|
|
|
config BCH_CONST_M
|
|
int
|
|
range 5 15
|
|
help
|
|
Constant value for Galois field order 'm'. If 'k' is the
|
|
number of data bits to protect, 'm' should be chosen such
|
|
that (k + m*t) <= 2**m - 1.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
config BCH_CONST_T
|
|
int
|
|
help
|
|
Constant value for error correction capability in bits 't'.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
#
|
|
# Textsearch support is select'ed if needed
|
|
#
|
|
config TEXTSEARCH
|
|
bool
|
|
|
|
config TEXTSEARCH_KMP
|
|
tristate
|
|
|
|
config TEXTSEARCH_BM
|
|
tristate
|
|
|
|
config TEXTSEARCH_FSM
|
|
tristate
|
|
|
|
config BTREE
|
|
bool
|
|
|
|
config INTERVAL_TREE
|
|
bool
|
|
help
|
|
Simple, embeddable, interval-tree. Can find the start of an
|
|
overlapping range in log(n) time and then iterate over all
|
|
overlapping nodes. The algorithm is implemented as an
|
|
augmented rbtree.
|
|
|
|
See:
|
|
|
|
Documentation/core-api/rbtree.rst
|
|
|
|
for more information.
|
|
|
|
config XARRAY_MULTI
|
|
bool
|
|
help
|
|
Support entries which occupy multiple consecutive indices in the
|
|
XArray.
|
|
|
|
config ASSOCIATIVE_ARRAY
|
|
bool
|
|
help
|
|
Generic associative array. Can be searched and iterated over whilst
|
|
it is being modified. It is also reasonably quick to search and
|
|
modify. The algorithms are non-recursive, and the trees are highly
|
|
capacious.
|
|
|
|
See:
|
|
|
|
Documentation/core-api/assoc_array.rst
|
|
|
|
for more information.
|
|
|
|
config HAS_IOMEM
|
|
bool
|
|
depends on !NO_IOMEM
|
|
default y
|
|
|
|
config HAS_IOPORT_MAP
|
|
bool
|
|
depends on HAS_IOMEM && !NO_IOPORT_MAP
|
|
default y
|
|
|
|
source "kernel/dma/Kconfig"
|
|
|
|
config SGL_ALLOC
|
|
bool
|
|
default n
|
|
|
|
config IOMMU_HELPER
|
|
bool
|
|
|
|
config CHECK_SIGNATURE
|
|
bool
|
|
|
|
config CPUMASK_OFFSTACK
|
|
bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS
|
|
help
|
|
Use dynamic allocation for cpumask_var_t, instead of putting
|
|
them on the stack. This is a bit more expensive, but avoids
|
|
stack overflow.
|
|
|
|
config CPU_RMAP
|
|
bool
|
|
depends on SMP
|
|
|
|
config DQL
|
|
bool
|
|
|
|
config GLOB
|
|
bool
|
|
# This actually supports modular compilation, but the module overhead
|
|
# is ridiculous for the amount of code involved. Until an out-of-tree
|
|
# driver asks for it, we'll just link it directly it into the kernel
|
|
# when required. Since we're ignoring out-of-tree users, there's also
|
|
# no need bother prompting for a manual decision:
|
|
# prompt "glob_match() function"
|
|
help
|
|
This option provides a glob_match function for performing
|
|
simple text pattern matching. It originated in the ATA code
|
|
to blacklist particular drive models, but other device drivers
|
|
may need similar functionality.
|
|
|
|
All drivers in the Linux kernel tree that require this function
|
|
should automatically select this option. Say N unless you
|
|
are compiling an out-of tree driver which tells you that it
|
|
depends on this.
|
|
|
|
config GLOB_SELFTEST
|
|
tristate "glob self-test on init"
|
|
depends on GLOB
|
|
help
|
|
This option enables a simple self-test of the glob_match
|
|
function on startup. It is primarily useful for people
|
|
working on the code to ensure they haven't introduced any
|
|
regressions.
|
|
|
|
It only adds a little bit of code and slows kernel boot (or
|
|
module load) by a small amount, so you're welcome to play with
|
|
it, but you probably don't need it.
|
|
|
|
#
|
|
# Netlink attribute parsing support is select'ed if needed
|
|
#
|
|
config NLATTR
|
|
bool
|
|
|
|
#
|
|
# Generic 64-bit atomic support is selected if needed
|
|
#
|
|
config GENERIC_ATOMIC64
|
|
bool
|
|
|
|
config LRU_CACHE
|
|
tristate
|
|
|
|
config CLZ_TAB
|
|
bool
|
|
|
|
config IRQ_POLL
|
|
bool "IRQ polling library"
|
|
help
|
|
Helper library to poll interrupt mitigation using polling.
|
|
|
|
config MPILIB
|
|
tristate
|
|
select CLZ_TAB
|
|
help
|
|
Multiprecision maths library from GnuPG.
|
|
It is used to implement RSA digital signature verification,
|
|
which is used by IMA/EVM digital signature extension.
|
|
|
|
config SIGNATURE
|
|
tristate
|
|
depends on KEYS
|
|
select CRYPTO
|
|
select CRYPTO_SHA1
|
|
select MPILIB
|
|
help
|
|
Digital signature verification. Currently only RSA is supported.
|
|
Implementation is done using GnuPG MPI library
|
|
|
|
config DIMLIB
|
|
bool
|
|
help
|
|
Dynamic Interrupt Moderation library.
|
|
Implements an algorithm for dynamically changing CQ moderation values
|
|
according to run time performance.
|
|
|
|
#
|
|
# libfdt files, only selected if needed.
|
|
#
|
|
config LIBFDT
|
|
bool
|
|
|
|
config OID_REGISTRY
|
|
tristate
|
|
help
|
|
Enable fast lookup object identifier registry.
|
|
|
|
config UCS2_STRING
|
|
tristate
|
|
|
|
#
|
|
# generic vdso
|
|
#
|
|
source "lib/vdso/Kconfig"
|
|
|
|
source "lib/fonts/Kconfig"
|
|
|
|
config SG_SPLIT
|
|
def_bool n
|
|
help
|
|
Provides a helper to split scatterlists into chunks, each chunk being
|
|
a scatterlist. This should be selected by a driver or an API which
|
|
whishes to split a scatterlist amongst multiple DMA channels.
|
|
|
|
config SG_POOL
|
|
def_bool n
|
|
help
|
|
Provides a helper to allocate chained scatterlists. This should be
|
|
selected by a driver or an API which whishes to allocate chained
|
|
scatterlist.
|
|
|
|
#
|
|
# sg chaining option
|
|
#
|
|
|
|
config ARCH_NO_SG_CHAIN
|
|
def_bool n
|
|
|
|
config ARCH_HAS_PMEM_API
|
|
bool
|
|
|
|
config MEMREGION
|
|
bool
|
|
|
|
config ARCH_HAS_MEMREMAP_COMPAT_ALIGN
|
|
bool
|
|
|
|
# use memcpy to implement user copies for nommu architectures
|
|
config UACCESS_MEMCPY
|
|
bool
|
|
|
|
config ARCH_HAS_UACCESS_FLUSHCACHE
|
|
bool
|
|
|
|
# arch has a concept of a recoverable synchronous exception due to a
|
|
# memory-read error like x86 machine-check or ARM data-abort, and
|
|
# implements copy_mc_to_{user,kernel} to abort and report
|
|
# 'bytes-transferred' if that exception fires when accessing the source
|
|
# buffer.
|
|
config ARCH_HAS_COPY_MC
|
|
bool
|
|
|
|
# Temporary. Goes away when all archs are cleaned up
|
|
config ARCH_STACKWALK
|
|
bool
|
|
|
|
config STACKDEPOT
|
|
bool
|
|
select STACKTRACE
|
|
|
|
config STACK_HASH_ORDER
|
|
int "stack depot hash size (12 => 4KB, 20 => 1024KB)"
|
|
range 12 20
|
|
default 20
|
|
depends on STACKDEPOT
|
|
help
|
|
Select the hash size as a power of 2 for the stackdepot hash table.
|
|
Choose a lower value to reduce the memory impact.
|
|
|
|
config SBITMAP
|
|
bool
|
|
|
|
config PARMAN
|
|
tristate "parman" if COMPILE_TEST
|
|
|
|
config OBJAGG
|
|
tristate "objagg" if COMPILE_TEST
|
|
|
|
config STRING_SELFTEST
|
|
tristate "Test string functions"
|
|
|
|
endmenu
|
|
|
|
config GENERIC_IOREMAP
|
|
bool
|
|
|
|
config GENERIC_LIB_ASHLDI3
|
|
bool
|
|
|
|
config GENERIC_LIB_ASHRDI3
|
|
bool
|
|
|
|
config GENERIC_LIB_LSHRDI3
|
|
bool
|
|
|
|
config GENERIC_LIB_MULDI3
|
|
bool
|
|
|
|
config GENERIC_LIB_CMPDI2
|
|
bool
|
|
|
|
config GENERIC_LIB_UCMPDI2
|
|
bool
|
|
|
|
config GENERIC_LIB_DEVMEM_IS_ALLOWED
|
|
bool
|
|
|
|
config PLDMFW
|
|
bool
|
|
default n
|
|
|
|
config ASN1_ENCODER
|
|
tristate
|