From 4a4699674f58e72604f8eb1f74f23f253d19b801 Mon Sep 17 00:00:00 2001 From: Nils Freydank Date: Tue, 29 Jun 2021 15:28:09 +0200 Subject: [PATCH] pygoscelis: Trust the TPM for my GPG keys :-O For background information see the following blog entry: https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html This needs >=app-crypt/gnupg-2.3.0::gentoo. --- pygoscelis-config | 67 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 4 deletions(-) diff --git a/pygoscelis-config b/pygoscelis-config index 41c260e..bea9aff 100644 --- a/pygoscelis-config +++ b/pygoscelis-config @@ -661,6 +661,7 @@ CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_WERROR=y CONFIG_KVM_AMD=m +CONFIG_KVM_AMD_SEV=y # CONFIG_KVM_XEN is not set CONFIG_AS_AVX512=y CONFIG_AS_SHA1_NI=y @@ -2108,7 +2109,13 @@ CONFIG_SERIAL_MCTRL_GPIO=y # CONFIG_TTY_PRINTK is not set # CONFIG_VIRTIO_CONSOLE is not set # CONFIG_IPMI_HANDLER is not set -# CONFIG_HW_RANDOM is not set +CONFIG_HW_RANDOM=m +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=m +# CONFIG_HW_RANDOM_XIPHERA is not set # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set # CONFIG_DEVMEM is not set @@ -2119,7 +2126,23 @@ CONFIG_HPET=y CONFIG_HPET_MMAP=y CONFIG_HPET_MMAP_DEFAULT=y # CONFIG_HANGCHECK_TIMER is not set -# CONFIG_TCG_TPM is not set +CONFIG_TCG_TPM=m +CONFIG_HW_RANDOM_TPM=y +CONFIG_TCG_TIS_CORE=m +CONFIG_TCG_TIS=m +CONFIG_TCG_TIS_SPI=m +CONFIG_TCG_TIS_SPI_CR50=y +CONFIG_TCG_TIS_I2C_CR50=m +# CONFIG_TCG_TIS_I2C_ATMEL is not set +# CONFIG_TCG_TIS_I2C_INFINEON is not set +# CONFIG_TCG_TIS_I2C_NUVOTON is not set +# CONFIG_TCG_NSC is not set +# CONFIG_TCG_ATMEL is not set +# CONFIG_TCG_INFINEON is not set +CONFIG_TCG_CRB=m +# CONFIG_TCG_VTPM_PROXY is not set +# CONFIG_TCG_TIS_ST33ZP24_I2C is not set +# CONFIG_TCG_TIS_ST33ZP24_SPI is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set # end of Character devices @@ -3879,6 +3902,7 @@ CONFIG_LOGIWHEELS_FF=y # CONFIG_HID_THINGM is not set # CONFIG_HID_THRUSTMASTER is not set # CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_U2FZERO is not set # CONFIG_HID_WACOM is not set # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_XINMO is not set @@ -4095,6 +4119,7 @@ CONFIG_USB_SERIAL_CP210X=m # CONFIG_USB_HSIC_USB3503 is not set # CONFIG_USB_HSIC_USB4604 is not set # CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set # # USB Physical Layer drivers @@ -4317,6 +4342,7 @@ CONFIG_DMADEVICES=y # # DMA Devices # +CONFIG_DMA_ENGINE=y CONFIG_DMA_ACPI=y # CONFIG_ALTERA_MSGDMA is not set # CONFIG_INTEL_IDMA64 is not set @@ -4332,6 +4358,12 @@ CONFIG_DMA_ACPI=y # CONFIG_SF_PDMA is not set # CONFIG_INTEL_LDMA is not set +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set + # # DMABUF options # @@ -4587,7 +4619,14 @@ CONFIG_NVMEM_SYSFS=y # end of HW tracing support # CONFIG_FPGA is not set -# CONFIG_TEE is not set +CONFIG_TEE=m + +# +# TEE drivers +# +CONFIG_AMDTEE=m +# end of TEE drivers + # CONFIG_UNISYS_VISORBUS is not set # CONFIG_SIOX is not set # CONFIG_SLIMBUS is not set @@ -4866,6 +4905,7 @@ CONFIG_IO_WQ=y CONFIG_KEYS=y # CONFIG_KEYS_REQUEST_CACHE is not set # CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_TRUSTED_KEYS is not set # CONFIG_ENCRYPTED_KEYS is not set CONFIG_KEY_DH_OPERATIONS=y CONFIG_KEY_NOTIFICATIONS=y @@ -5119,7 +5159,26 @@ CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m CONFIG_CRYPTO_LIB_POLY1305=m CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y -# CONFIG_CRYPTO_HW is not set +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_PADLOCK is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +CONFIG_CRYPTO_DEV_CCP=y +CONFIG_CRYPTO_DEV_CCP_DD=m +CONFIG_CRYPTO_DEV_SP_CCP=y +CONFIG_CRYPTO_DEV_CCP_CRYPTO=m +CONFIG_CRYPTO_DEV_SP_PSP=y +# CONFIG_CRYPTO_DEV_CCP_DEBUGFS is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_X509_CERTIFICATE_PARSER=y