summaryrefslogtreecommitdiff
path: root/crypto/asymmetric_keys/Kconfig
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2022-01-28 22:56:55 +0300
committerJarkko Sakkinen <jarkko@kernel.org>2022-03-08 14:55:52 +0300
commitd3cff4a95ed78ca192fc4bbb2743d13b7a6cc555 (patch)
treed09ae322133616769fd17d20608051effa9f0f2b /crypto/asymmetric_keys/Kconfig
parent7e0438f83dc769465ee663bb5dcf8cc154940712 (diff)
downloadlinux-d3cff4a95ed78ca192fc4bbb2743d13b7a6cc555.tar.xz
KEYS: remove support for asym_tpm keys
asym_tpm keys are tied to TPM v1.2, which uses outdated crypto and has been deprecated in favor of TPM v2.0 for over 7 years. A very quick look at this code also immediately found some memory safety bugs (https://lore.kernel.org/r/20220113235440.90439-2-ebiggers@kernel.org). Note that this code is reachable by unprivileged users. According to Jarkko (one of the keyrings subsystem maintainers), this code has no practical use cases, and he isn't willing to maintain it (https://lore.kernel.org/r/YfFZPbKkgYJGWu1Q@iki.fi). Therefore, let's remove it. Note that this feature didn't have any documentation or tests, so we don't need to worry about removing those. Cc: David Howells <dhowells@redhat.com> Cc: Denis Kenzior <denkenz@gmail.com> Cc: James Morris <jmorris@namei.org> Cc: Jarkko Sakkinen <jarkko@kernel.org> Cc: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'crypto/asymmetric_keys/Kconfig')
-rw-r--r--crypto/asymmetric_keys/Kconfig21
1 files changed, 0 insertions, 21 deletions
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 1f1f004dc757..460bc5d0a828 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -22,18 +22,6 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
-config ASYMMETRIC_TPM_KEY_SUBTYPE
- tristate "Asymmetric TPM backed private key subtype"
- depends on TCG_TPM
- depends on TRUSTED_KEYS
- select CRYPTO_HMAC
- select CRYPTO_SHA1
- select CRYPTO_HASH_INFO
- help
- This option provides support for TPM backed private key type handling.
- Operations such as sign, verify, encrypt, decrypt are performed by
- the TPM after the private key is loaded.
-
config X509_CERTIFICATE_PARSER
tristate "X.509 certificate parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -54,15 +42,6 @@ config PKCS8_PRIVATE_KEY_PARSER
private key data and provides the ability to instantiate a crypto key
from that data.
-config TPM_KEY_PARSER
- tristate "TPM private key parser"
- depends on ASYMMETRIC_TPM_KEY_SUBTYPE
- select ASN1
- help
- This option provides support for parsing TPM format blobs for
- private key data and provides the ability to instantiate a crypto key
- from that data.
-
config PKCS7_MESSAGE_PARSER
tristate "PKCS#7 message parser"
depends on X509_CERTIFICATE_PARSER