| Zhen Kong | ee7bdc6 | 2019-03-14 10:55:19 -0700 | [diff] [blame^] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| 2 | menu "Qualcomm Technologies, Inc Per File Encryption security device drivers" |
| 3 | depends on ARCH_QCOM |
| 4 | |
| 5 | config PFT |
| 6 | bool "Per-File-Tagger driver" |
| 7 | depends on SECURITY |
| 8 | default n |
| 9 | help |
| 10 | This driver is used for tagging enterprise files. |
| 11 | It is part of the Per-File-Encryption (PFE) feature. |
| 12 | The driver is tagging files when created by |
| 13 | registered application. |
| 14 | Tagged files are encrypted using the dm-req-crypt driver. |
| 15 | |
| 16 | config PFK |
| 17 | bool "Per-File-Key driver" |
| 18 | depends on SECURITY |
| 19 | depends on SECURITY_SELINUX |
| 20 | default n |
| 21 | help |
| 22 | This driver is used for storing eCryptfs information |
| 23 | in file node. |
| 24 | This is part of eCryptfs hardware enhanced solution |
| 25 | provided by Qualcomm Technologies, Inc. |
| 26 | Information is used when file is encrypted later using |
| 27 | ICE or dm crypto engine |
| 28 | |
| 29 | config PFK_WRAPPED_KEY_SUPPORTED |
| 30 | bool "Per-File-Key driver with wrapped key support" |
| 31 | depends on SECURITY |
| 32 | depends on SECURITY_SELINUX |
| 33 | depends on QSEECOM |
| 34 | depends on PFK |
| 35 | default n |
| 36 | help |
| 37 | Adds wrapped key support in PFK driver. Instead of setting |
| 38 | the key directly in ICE, it unwraps the key and sets the key |
| 39 | in ICE. |
| 40 | It ensures the key is protected within a secure environment |
| 41 | and only the wrapped key is present in the kernel. |
| 42 | endmenu |