kernel: package kmod-keys-encrypted and kmod-keys-trusted

Add kernel module packages for handling encrypted and TPM trusted
keys on the kernel chain.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

package/kernel/linux/modules/other.mk

@@ -1103,6 +1103,47 @@ endef
 $(eval $(call KernelPackage,echo))
 
 
+define KernelPackage/keys-encrypted
+  SUBMENU:=$(OTHER_MENU)
+  TITLE:=encrypted keys on kernel keyring
+  DEPENDS:=@KERNEL_KEYS +kmod-crypto-cbc +kmod-crypto-hmac +kmod-crypto-rng \
+           +kmod-crypto-sha256 +kmod-keys-trusted
+  KCONFIG:=CONFIG_ENCRYPTED_KEYS
+  FILES:=$(LINUX_DIR)/security/keys/encrypted-keys/encrypted-keys.ko
+  AUTOLOAD:=$(call AutoLoad,01,encrypted-keys,1)
+endef
+
+define KernelPackage/keys-encrypted/description
+	This module provides support for create/encrypting/decrypting keys
+	in the kernel.  Encrypted keys are kernel generated random numbers,
+	which are encrypted/decrypted with a 'master' symmetric key. The
+	'master' key can be either a trusted-key or user-key type.
+	Userspace only ever sees/stores encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-encrypted))
+
+
+define KernelPackage/keys-trusted
+  SUBMENU:=$(OTHER_MENU)
+  TITLE:=TPM trusted keys on kernel keyring
+  DEPENDS:=@KERNEL_KEYS +kmod-crypto-hash +kmod-crypto-hmac +kmod-crypto-sha1 +kmod-tpm
+  KCONFIG:=CONFIG_TRUSTED_KEYS
+  FILES:=$(LINUX_DIR)/security/keys/trusted.ko
+  AUTOLOAD:=$(call AutoLoad,01,trusted-keys,1)
+endef
+
+define KernelPackage/keys-trusted/description
+	This module provides support for creating, sealing, and unsealing
+	keys in the kernel. Trusted keys are random number symmetric keys,
+	generated and RSA-sealed by the TPM. The TPM only unseals the keys,
+	if the boot PCRs and other criteria match.  Userspace will only ever
+	see encrypted blobs.
+endef
+
+$(eval $(call KernelPackage,keys-trusted))
+
+
 define KernelPackage/tpm
   SUBMENU:=$(OTHER_MENU)
   TITLE:=TPM Hardware Support