From e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger Date: Wed, 2 Nov 2016 14:37:20 +0100 Subject: s390/pkey: Introduce pkey kernel module This patch introcudes a new kernel module pkey which is providing protected key handling and management functions. The pkey API is available within the kernel for other s390 specific code to create and manage protected keys. Additionally the functions are exported to user space via IOCTL calls. The implementation makes extensive use of functions provided by the zcrypt device driver. For generating protected keys from secure keys there is also a CEX coprocessor card needed. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky --- drivers/crypto/Kconfig | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'drivers/crypto/Kconfig') diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index ae20ec5..57c2d43 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -73,6 +73,22 @@ config ZCRYPT + Crypto Express 2,3,4 or 5 Accelerator (CEXxA) + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP) +config PKEY + tristate "Kernel API for protected key handling" + depends on S390 + depends on ZCRYPT + help + With this option enabled the pkey kernel module provides an API + for creation and handling of protected keys. Other parts of the + kernel or userspace applications may use these functions. + + Select this option if you want to enable the kernel and userspace + API for proteced key handling. + + Please note that creation of protected keys from secure keys + requires to have at least one CEX card in coprocessor mode + available at runtime. + config CRYPTO_SHA1_S390 tristate "SHA1 digest algorithm" depends on S390 -- cgit v1.1