# # For a description of the syntax of this configuration file, # see the file kconfig-language.txt in the NuttX tools repository. # config ARCH_HAVE_RNG bool config DEV_RANDOM bool "Enable /dev/random" default y depends on ARCH_HAVE_RNG ---help--- Enable support for /dev/random provided by a hardware TRNG. config DEV_URANDOM bool "Enable /dev/urandom" default n ---help--- Enable support for /dev/urandom provided by either a hardware TRNG or by a software PRNG implementation. NOTE: This option may not be cryptographially secure and should not be enabled if you are concerned about cyptographically secure pseudo-random numbers (CPRNG) and do not know the characteristics of the software PRNG implementation! if DEV_URANDOM choice prompt "/dev/urandom algorithm" default DEV_URANDOM_ARCH if ARCH_HAVE_RNG default DEV_URANDOM_XORSHIFT128 if !ARCH_HAVE_RNG config DEV_URANDOM_XORSHIFT128 bool "xorshift128" ---help--- xorshift128 is a pseudorandom number generator that is simple, portable, and can also be used on 8-bit and 16-bit MCUs. NOTE: Not cyptographically secure config DEV_URANDOM_CONGRUENTIAL bool "Congruential" ---help--- Use the same congruential general used with srand(). This algorithm is computationally more intense and uses double precision floating point. NOTE: Good randomness from the congruential generator also requires that you also select CONFIG_LIBC_RAND_ORDER > 2 NOTE: Not cyptographically secure config DEV_URANDOM_RANDOM_POOL bool "Entropy pool" depends on CRYPTO_RANDOM_POOL ---help--- Use the entropy pool CPRNG output for urandom algorithm. NOTE: May or may not be cyptographically secure, depending upon the quality entropy available to entropy pool. config DEV_URANDOM_ARCH bool "Architecture-specific" depends on ARCH_HAVE_RNG ---help--- The implementation of /dev/urandom is provided in archtecture- specific logic using hardware TRNG logic. architecture-specific logic must provide the whole implementation in this case, including the function devurandom_register(). In this case, /dev/urandom may refer to the same driver as /dev/random. NOTE: May or may not be cyptographically secure, depending upon the implementation. endchoice # /dev/urandom algorithm endif # DEV_URANDOM menuconfig DEV_SE05X bool "Enable secure element (SE05X)" depends on I2C depends on CRYPTO default n ---help--- Enable support for /dev/se05x secure element provided by NXP SE050 or SE051 if DEV_SE05X choice prompt "Channel communication interface" default DEV_SE05X_PLAIN ---help--- Select authentication method config DEV_SE05X_SCP03 bool "SCP03 secure channel (TBI)" select CRYPTO_RANDOM_POOL select CRYPTO_AES config DEV_SE05X_PLAIN bool "plain communication" endchoice config DEV_SE05X_SCP03_KEY_FILE string "SCP03 keys" depends on DEV_SE05X_SCP03 default "/host/path/to/key_file" ---help--- Specify file containing the keys needed with SCP03 channel authentication. Location may be relative to the NuttX root folder. File should contain the definitions for SCP03_ENC_KEY, SCP03_MAC_KEY and SCP03_DEK_KEY as byte array initializers. choice SE05X_LOG_LEVEL prompt "SE05x debug log level" default SE05X_LOG_NONE ---help--- The SE05x log is divided into the following levels: ERROR,WARNING,INFO,DEBUG. config SE05X_LOG_NONE bool "No output" config SE05X_LOG_ERROR bool "Error" config SE05X_LOG_WARNING bool "Warning" config SE05X_LOG_INFO bool "Info" config SE05X_LOG_DEBUG bool "Debug" endchoice endif #DEV_SE05X