| # |
| # For a description of the syntax of this configuration file, |
| # see the file kconfig-language.txt in the NuttX tools repository. |
| # |
| |
| config ARCH_HAVE_RNG |
| bool |
| |
| config DEV_RANDOM |
| bool "Enable /dev/random" |
| default y |
| depends on ARCH_HAVE_RNG |
| ---help--- |
| Enable support for /dev/random provided by a hardware TRNG. |
| |
| config DEV_URANDOM |
| bool "Enable /dev/urandom" |
| default n |
| ---help--- |
| Enable support for /dev/urandom provided by either a hardware TRNG or |
| by a software PRNG implementation. |
| |
| NOTE: This option may not be cryptographially secure and should not |
| be enabled if you are concerned about cyptographically secure |
| pseudo-random numbers (CPRNG) and do not know the characteristics |
| of the software PRNG implementation! |
| |
| if DEV_URANDOM |
| |
| choice |
| prompt "/dev/urandom algorithm" |
| default DEV_URANDOM_ARCH if ARCH_HAVE_RNG |
| default DEV_URANDOM_XORSHIFT128 if !ARCH_HAVE_RNG |
| |
| config DEV_URANDOM_XORSHIFT128 |
| bool "xorshift128" |
| ---help--- |
| xorshift128 is a pseudorandom number generator that is simple, |
| portable, and can also be used on 8-bit and 16-bit MCUs. |
| |
| NOTE: Not cyptographically secure |
| |
| config DEV_URANDOM_CONGRUENTIAL |
| bool "Congruential" |
| ---help--- |
| Use the same congruential general used with srand(). This algorithm |
| is computationally more intense and uses double precision floating |
| point. NOTE: Good randomness from the congruential generator also |
| requires that you also select CONFIG_LIBC_RAND_ORDER > 2 |
| |
| NOTE: Not cyptographically secure |
| |
| config DEV_URANDOM_RANDOM_POOL |
| bool "Entropy pool" |
| depends on CRYPTO_RANDOM_POOL |
| ---help--- |
| Use the entropy pool CPRNG output for urandom algorithm. |
| |
| NOTE: May or may not be cyptographically secure, depending upon the |
| quality entropy available to entropy pool. |
| |
| config DEV_URANDOM_ARCH |
| bool "Architecture-specific" |
| depends on ARCH_HAVE_RNG |
| ---help--- |
| The implementation of /dev/urandom is provided in archtecture- |
| specific logic using hardware TRNG logic. architecture-specific |
| logic must provide the whole implementation in this case, including |
| the function devurandom_register(). In this case, /dev/urandom may |
| refer to the same driver as /dev/random. |
| |
| NOTE: May or may not be cyptographically secure, depending upon the |
| implementation. |
| |
| endchoice # /dev/urandom algorithm |
| |
| endif # DEV_URANDOM |
| |
| menuconfig DEV_SE05X |
| bool "Enable secure element (SE05X)" |
| depends on I2C |
| depends on CRYPTO |
| default n |
| ---help--- |
| Enable support for /dev/se05x secure element provided by NXP SE050 |
| or SE051 |
| |
| if DEV_SE05X |
| |
| choice |
| prompt "Channel communication interface" |
| default DEV_SE05X_PLAIN |
| ---help--- |
| Select authentication method |
| |
| config DEV_SE05X_SCP03 |
| bool "SCP03 secure channel (TBI)" |
| select CRYPTO_RANDOM_POOL |
| select CRYPTO_AES |
| |
| config DEV_SE05X_PLAIN |
| bool "plain communication" |
| |
| endchoice # Channel communication interface |
| |
| config DEV_SE05X_SCP03_KEY_FILE |
| string "SCP03 keys" |
| depends on DEV_SE05X_SCP03 |
| default "/host/path/to/key_file" |
| ---help--- |
| Specify file containing the keys needed with SCP03 channel authentication. |
| Location may be relative to the NuttX root folder. File should contain |
| the definitions for SCP03_ENC_KEY, SCP03_MAC_KEY and SCP03_DEK_KEY as |
| byte array initializers. |
| |
| choice SE05X_LOG_LEVEL |
| prompt "SE05x debug log level" |
| default SE05X_LOG_NONE |
| ---help--- |
| The SE05x log is divided into the following levels: ERROR,WARNING,INFO,DEBUG. |
| |
| config SE05X_LOG_NONE |
| bool "No output" |
| |
| config SE05X_LOG_ERROR |
| bool "Error" |
| |
| config SE05X_LOG_WARNING |
| bool "Warning" |
| |
| config SE05X_LOG_INFO |
| bool "Info" |
| |
| config SE05X_LOG_DEBUG |
| bool "Debug" |
| |
| endchoice # SE05x debug log level |
| |
| endif #DEV_SE05X |
