KEYS: trusted: improve scalability of trust source config

Enabling trusted keys requires at least one trust source implementation
(currently TPM, TEE or CAAM) to be enabled. Currently, this is
done by checking each trust source's config option individually.
This does not scale when more trust sources like the one for DCP
are added, because the condition will get long and hard to read.

Add config HAVE_TRUSTED_KEYS which is set to true by each trust source
once its enabled and adapt the check for having at least one active trust
source to use this option. Whenever a new trust source is added, it now
needs to select HAVE_TRUSTED_KEYS.

Signed-off-by: David Gstir <david@sigma-star.at>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org> # for TRUSTED_KEYS_TPM
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index dbfdd8536468da6ae09646bca5068a06c770d777..553dc117f38573ed99896bf831915abfcdf32789 100644 (file)
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -1,3 +1,6 @@
+config HAVE_TRUSTED_KEYS
+       bool
+
 config TRUSTED_KEYS_TPM
        bool "TPM-based trusted keys"
        depends on TCG_TPM >= TRUSTED_KEYS
@@ -9,6 +12,7 @@ config TRUSTED_KEYS_TPM
        select ASN1_ENCODER
        select OID_REGISTRY
        select ASN1
+       select HAVE_TRUSTED_KEYS
        help
          Enable use of the Trusted Platform Module (TPM) as trusted key
          backend. Trusted keys are random number symmetric keys,
@@ -20,6 +24,7 @@ config TRUSTED_KEYS_TEE
        bool "TEE-based trusted keys"
        depends on TEE >= TRUSTED_KEYS
        default y
+       select HAVE_TRUSTED_KEYS
        help
          Enable use of the Trusted Execution Environment (TEE) as trusted
          key backend.
@@ -29,10 +34,11 @@ config TRUSTED_KEYS_CAAM
        depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
        select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
        default y
+       select HAVE_TRUSTED_KEYS
        help
          Enable use of NXP's Cryptographic Accelerator and Assurance Module
          (CAAM) as trusted key backend.
 
-if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
-comment "No trust source selected!"
+if !HAVE_TRUSTED_KEYS
+       comment "No trust source selected!"
 endif