$(eval $(call KernelPackage,echo))
+define KernelPackage/keys-encrypted
+ SUBMENU:=$(OTHER_MENU)
+ TITLE:=encrypted keys on kernel keyring
+ DEPENDS:=@KERNEL_KEYS +kmod-crypto-cbc +kmod-crypto-hmac +kmod-crypto-rng \
+ +kmod-crypto-sha256 +kmod-keys-trusted
+ KCONFIG:=CONFIG_ENCRYPTED_KEYS
+ FILES:=$(LINUX_DIR)/security/keys/encrypted-keys/encrypted-keys.ko
+ AUTOLOAD:=$(call AutoLoad,01,encrypted-keys,1)
+endef
+
+define KernelPackage/keys-encrypted/description
+ This module provides support for create/encrypting/decrypting keys
+ in the kernel. Encrypted keys are kernel generated random numbers,
+ which are encrypted/decrypted with a 'master' symmetric key. The
+ 'master' key can be either a trusted-key or user-key type.
+ Userspace only ever sees/stores encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-encrypted))
+
+
+define KernelPackage/keys-trusted
+ SUBMENU:=$(OTHER_MENU)
+ TITLE:=TPM trusted keys on kernel keyring
+ DEPENDS:=@KERNEL_KEYS +kmod-crypto-hash +kmod-crypto-hmac +kmod-crypto-sha1 +kmod-tpm
+ KCONFIG:=CONFIG_TRUSTED_KEYS
+ FILES:=$(LINUX_DIR)/security/keys/trusted.ko
+ AUTOLOAD:=$(call AutoLoad,01,trusted-keys,1)
+endef
+
+define KernelPackage/keys-trusted/description
+ This module provides support for creating, sealing, and unsealing
+ keys in the kernel. Trusted keys are random number symmetric keys,
+ generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+ if the boot PCRs and other criteria match. Userspace will only ever
+ see encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-trusted))
+
+
define KernelPackage/tpm
SUBMENU:=$(OTHER_MENU)
TITLE:=TPM Hardware Support