1# Copyright (c) 2018 Nordic Semiconductor ASA 2# SPDX-License-Identifier: Apache-2.0 3 4menuconfig TLS_CREDENTIALS 5 bool "TLS credentials management" 6 help 7 Enable TLS credentials management subsystem. 8 9if TLS_CREDENTIALS 10 11module = TLS_CREDENTIALS 12module-str = tls_credentials 13source "subsys/logging/Kconfig.template.log_config" 14 15choice TLS_CREDENTIALS_BACKEND 16 prompt "TLS credentials management backend" 17 depends on TLS_CREDENTIALS 18 default TLS_CREDENTIALS_BACKEND_VOLATILE 19 help 20 TLS credentials management backend implementation. 21 22config TLS_CREDENTIALS_BACKEND_VOLATILE 23 bool "TLS credentials management volatile backend" 24 help 25 TLS credentials management volatile backend implementation, 26 storing credentials in system runtime memory. 27 28config TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE 29 bool "TLS credentials management protected storage backend" 30 depends on BUILD_WITH_TFM 31 select PSA_WANT_ALG_SHA_256 32 help 33 TLS credentials management backend using the Protected Storage 34 API to store credentials with integrity check against physical 35 attacks and keeps entries across system reboot. 36 37endchoice 38 39config TLS_MAX_CREDENTIALS_NUMBER 40 int "Maximum number of TLS credentials" 41 default 4 42 help 43 Maximum number of TLS credentials that can be registered. 44 45config TLS_CREDENTIAL_FILENAMES 46 bool "Specify TLS credential filenames" 47 depends on NET_SOCKETS_OFFLOAD 48 help 49 Allows clients of the socket APIs to specify filenames 50 of security certificates and private keys 51 to use during subsequent TLS/SSL negotiations. 52 The secure files will have been previously provisioned to the 53 device's secure file system; eg, via a vendor tool or 54 by executing a separate binary. 55 This option is currently only available for secure 56 socket offload devices. 57 58source "subsys/net/lib/tls_credentials/Kconfig.shell" 59 60endif # TLS_CREDENTIALS 61
