2018-08-27 15:14:01 +02:00
|
|
|
#
|
|
|
|
# For a description of the syntax of this configuration file,
|
|
|
|
# see the file kconfig-language.txt in the NuttX tools repository.
|
|
|
|
#
|
|
|
|
|
|
|
|
config ARCH_HAVE_RNG
|
|
|
|
bool
|
|
|
|
|
|
|
|
config DEV_RANDOM
|
|
|
|
bool "Enable /dev/random"
|
|
|
|
default y
|
|
|
|
depends on ARCH_HAVE_RNG
|
|
|
|
---help---
|
|
|
|
Enable support for /dev/random provided by a hardware TRNG.
|
|
|
|
|
|
|
|
config DEV_URANDOM
|
|
|
|
bool "Enable /dev/urandom"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable support for /dev/urandom provided by either a hardware TRNG or
|
|
|
|
by a software PRNG implementation.
|
|
|
|
|
|
|
|
NOTE: This option may not be cryptographially secure and should not
|
|
|
|
be enabled if you are concerned about cyptographically secure
|
|
|
|
pseudo-random numbers (CPRNG) and do not know the characteristics
|
|
|
|
of the software PRNG implementation!
|
|
|
|
|
|
|
|
if DEV_URANDOM
|
|
|
|
|
|
|
|
choice
|
|
|
|
prompt "/dev/urandom algorithm"
|
|
|
|
default DEV_URANDOM_ARCH if ARCH_HAVE_RNG
|
|
|
|
default DEV_URANDOM_XORSHIFT128 if !ARCH_HAVE_RNG
|
|
|
|
|
|
|
|
config DEV_URANDOM_XORSHIFT128
|
|
|
|
bool "xorshift128"
|
|
|
|
---help---
|
|
|
|
xorshift128 is a pseudorandom number generator that is simple,
|
|
|
|
portable, and can also be used on 8-bit and 16-bit MCUs.
|
|
|
|
|
|
|
|
NOTE: Not cyptographically secure
|
|
|
|
|
|
|
|
config DEV_URANDOM_CONGRUENTIAL
|
|
|
|
bool "Congruential"
|
|
|
|
---help---
|
|
|
|
Use the same congruential general used with srand(). This algorithm
|
|
|
|
is computationally more intense and uses double precision floating
|
|
|
|
point. NOTE: Good randomness from the congruential generator also
|
2021-08-01 09:27:08 +02:00
|
|
|
requires that you also select CONFIG_LIBC_RAND_ORDER > 2
|
2018-08-27 15:14:01 +02:00
|
|
|
|
|
|
|
NOTE: Not cyptographically secure
|
|
|
|
|
|
|
|
config DEV_URANDOM_RANDOM_POOL
|
|
|
|
bool "Entropy pool"
|
|
|
|
depends on CRYPTO_RANDOM_POOL
|
|
|
|
---help---
|
|
|
|
Use the entropy pool CPRNG output for urandom algorithm.
|
|
|
|
|
|
|
|
NOTE: May or may not be cyptographically secure, depending upon the
|
|
|
|
quality entropy available to entropy pool.
|
|
|
|
|
|
|
|
config DEV_URANDOM_ARCH
|
|
|
|
bool "Architecture-specific"
|
|
|
|
depends on ARCH_HAVE_RNG
|
|
|
|
---help---
|
|
|
|
The implementation of /dev/urandom is provided in archtecture-
|
|
|
|
specific logic using hardware TRNG logic. architecture-specific
|
|
|
|
logic must provide the whole implementation in this case, including
|
|
|
|
the function devurandom_register(). In this case, /dev/urandom may
|
|
|
|
refer to the same driver as /dev/random.
|
|
|
|
|
|
|
|
NOTE: May or may not be cyptographically secure, depending upon the
|
|
|
|
implementation.
|
|
|
|
|
|
|
|
endchoice # /dev/urandom algorithm
|
|
|
|
endif # DEV_URANDOM
|
2023-05-12 10:43:26 +02:00
|
|
|
|
|
|
|
menuconfig DEV_SE05X
|
|
|
|
bool "Enable secure element (SE05X)"
|
|
|
|
depends on I2C
|
|
|
|
depends on CRYPTO
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Enable support for /dev/se05x secure element provided by NXP SE050
|
|
|
|
or SE051
|
|
|
|
|
|
|
|
if DEV_SE05X
|
|
|
|
|
|
|
|
choice
|
|
|
|
prompt "Channel communication interface"
|
|
|
|
default DEV_SE05X_PLAIN
|
|
|
|
---help---
|
|
|
|
Select authentication method
|
|
|
|
|
|
|
|
config DEV_SE05X_SCP03
|
|
|
|
bool "SCP03 secure channel (TBI)"
|
|
|
|
select CRYPTO_RANDOM_POOL
|
|
|
|
select CRYPTO_AES
|
|
|
|
|
|
|
|
config DEV_SE05X_PLAIN
|
|
|
|
bool "plain communication"
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
config DEV_SE05X_SCP03_KEY_FILE
|
|
|
|
string "SCP03 keys"
|
|
|
|
depends on DEV_SE05X_SCP03
|
|
|
|
default "/host/path/to/key_file"
|
|
|
|
---help---
|
|
|
|
Specify file containing the keys needed with SCP03 channel authentication.
|
|
|
|
Location may be relative to the NuttX root folder. File should contain
|
|
|
|
the definitions for SCP03_ENC_KEY, SCP03_MAC_KEY and SCP03_DEK_KEY as
|
|
|
|
byte array initializers.
|
|
|
|
|
|
|
|
choice SE05X_LOG_LEVEL
|
|
|
|
prompt "SE05x debug log level"
|
|
|
|
default SE05X_LOG_NONE
|
|
|
|
---help---
|
|
|
|
The SE05x log is divided into the following levels: ERROR,WARNING,INFO,DEBUG.
|
|
|
|
|
|
|
|
config SE05X_LOG_NONE
|
|
|
|
bool "No output"
|
|
|
|
config SE05X_LOG_ERROR
|
|
|
|
bool "Error"
|
|
|
|
config SE05X_LOG_WARNING
|
|
|
|
bool "Warning"
|
|
|
|
config SE05X_LOG_INFO
|
|
|
|
bool "Info"
|
|
|
|
config SE05X_LOG_DEBUG
|
|
|
|
bool "Debug"
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
endif #DEV_SE05X
|