Home Explore Help
Register Sign In
RD_Software
/
ark1668ed-bsp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fc47107f95
Branches Tags
ark1668ed-bsp
/
linux
/
drivers
/
char
/
tpm
/
Kconfig

Kconfig 8.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. # SPDX-License-Identifier: GPL-2.0-only
    2. 

  2. #
    3. 

  3. # TPM device configuration
    4. 

  4. #
    5. 

  5. 

  6. menuconfig TCG_TPM
    7. 

  7. 	tristate "TPM Hardware Support"
    8. 

  8. 	depends on HAS_IOMEM
    9. 

  9. 	imply SECURITYFS
    10. 

  10. 	select CRYPTO
    11. 

  11. 	select CRYPTO_HASH_INFO
    12. 

  12. 	help
    13. 

  13. 	  If you have a TPM security chip in your system, which
    14. 

  14. 	  implements the Trusted Computing Group's specification,
    15. 

  15. 	  say Yes and it will be accessible from within Linux.  For
    16. 

  16. 	  more information see <http://www.trustedcomputinggroup.org>. 
    17. 

  17. 	  An implementation of the Trusted Software Stack (TSS), the 
    18. 

  18. 	  userspace enablement piece of the specification, can be 
    19. 

  19. 	  obtained at: <http://sourceforge.net/projects/trousers>.  To 
    20. 

  20. 	  compile this driver as a module, choose M here; the module 
    21. 

  21. 	  will be called tpm. If unsure, say N.
    22. 

  22. 	  Notes:
    23. 

  23. 	  1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
    24. 

  24. 	  and CONFIG_PNPACPI.
    25. 

  25. 	  2) Without ACPI enabled, the BIOS event log won't be accessible,
    26. 

  26. 	  which is required to validate the PCR 0-7 values.
    27. 

  27. 

  28. if TCG_TPM
    29. 

  29. 

  30. config TCG_TPM2_HMAC
    31. 

  31. 	bool "Use HMAC and encrypted transactions on the TPM bus"
    32. 

  32. 	default X86_64
    33. 

  33. 	select CRYPTO_ECDH
    34. 

  34. 	select CRYPTO_LIB_AESCFB
    35. 

  35. 	select CRYPTO_LIB_SHA256
    36. 

  36. 	help
    37. 

  37. 	  Setting this causes us to deploy a scheme which uses request
    38. 

  38. 	  and response HMACs in addition to encryption for
    39. 

  39. 	  communicating with the TPM to prevent or detect bus snooping
    40. 

  40. 	  and interposer attacks (see tpm-security.rst).  Saying Y
    41. 

  41. 	  here adds some encryption overhead to all kernel to TPM
    42. 

  42. 	  transactions.
    43. 

  43. 

  44. config HW_RANDOM_TPM
    45. 

  45. 	bool "TPM HW Random Number Generator support"
    46. 

  46. 	depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
    47. 

  47. 	default y
    48. 

  48. 	help
    49. 

  49. 	  This setting exposes the TPM's Random Number Generator as a hwrng
    50. 

  50. 	  device. This allows the kernel to collect randomness from the TPM at
    51. 

  51. 	  boot, and provides the TPM randomines in /dev/hwrng.
    52. 

  52. 

  53. 	  If unsure, say Y.
    54. 

  54. 

  55. config TCG_TIS_CORE
    56. 

  56. 	tristate
    57. 

  57. 	help
    58. 

  58. 	TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
    59. 

  59. 	into the TPM kernel APIs. Physical layers will register against it.
    60. 

  60. 

  61. config TCG_TIS
    62. 

  62. 	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
    63. 

  63. 	depends on X86 || OF
    64. 

  64. 	select TCG_TIS_CORE
    65. 

  65. 	help
    66. 

  66. 	  If you have a TPM security chip that is compliant with the
    67. 

  67. 	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
    68. 

  68. 	  specification (TPM2.0) say Yes and it will be accessible from
    69. 

  69. 	  within Linux. To compile this driver as a module, choose  M here;
    70. 

  70. 	  the module will be called tpm_tis.
    71. 

  71. 

  72. config TCG_TIS_SPI
    73. 

  73. 	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
    74. 

  74. 	depends on SPI
    75. 

  75. 	select TCG_TIS_CORE
    76. 

  76. 	help
    77. 

  77. 	  If you have a TPM security chip which is connected to a regular,
    78. 

  78. 	  non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
    79. 

  79. 	  TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
    80. 

  80. 	  specification (TPM2.0) say Yes and it will be accessible from
    81. 

  81. 	  within Linux. To compile this driver as a module, choose  M here;
    82. 

  82. 	  the module will be called tpm_tis_spi.
    83. 

  83. 

  84. config TCG_TIS_SPI_CR50
    85. 

  85. 	bool "Cr50 SPI Interface"
    86. 

  86. 	depends on TCG_TIS_SPI
    87. 

  87. 	help
    88. 

  88. 	  If you have a H1 secure module running Cr50 firmware on SPI bus,
    89. 

  89. 	  say Yes and it will be accessible from within Linux.
    90. 

  90. 

  91. config TCG_TIS_I2C
    92. 

  92. 	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
    93. 

  93. 	depends on I2C
    94. 

  94. 	select CRC_CCITT
    95. 

  95. 	select TCG_TIS_CORE
    96. 

  96. 	help
    97. 

  97. 	  If you have a TPM security chip, compliant with the TCG TPM PTP
    98. 

  98. 	  (I2C interface) specification and connected to an I2C bus master,
    99. 

  99. 	  say Yes and it will be accessible from within Linux.
    100. 

  100. 	  To compile this driver as a module, choose M here;
    101. 

  101. 	  the module will be called tpm_tis_i2c.
    102. 

  102. 

  103. config TCG_TIS_SYNQUACER
    104. 

  104. 	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
    105. 

  105. 	depends on ARCH_SYNQUACER || COMPILE_TEST
    106. 

  106. 	select TCG_TIS_CORE
    107. 

  107. 	help
    108. 

  108. 	  If you have a TPM security chip that is compliant with the
    109. 

  109. 	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
    110. 

  110. 	  specification (TPM2.0) say Yes and it will be accessible from
    111. 

  111. 	  within Linux on Socionext SynQuacer platform.
    112. 

  112. 	  To compile this driver as a module, choose  M here;
    113. 

  113. 	  the module will be called tpm_tis_synquacer.
    114. 

  114. 

  115. config TCG_TIS_I2C_CR50
    116. 

  116. 	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
    117. 

  117. 	depends on I2C
    118. 

  118. 	help
    119. 

  119. 	  This is a driver for the Google cr50 I2C TPM interface which is a
    120. 

  120. 	  custom microcontroller and requires a custom i2c protocol interface
    121. 

  121. 	  to handle the limitations of the hardware.  To compile this driver
    122. 

  122. 	  as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
    123. 

  123. 

  124. config TCG_TIS_I2C_ATMEL
    125. 

  125. 	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
    126. 

  126. 	depends on I2C
    127. 

  127. 	help
    128. 

  128. 	  If you have an Atmel I2C TPM security chip say Yes and it will be
    129. 

  129. 	  accessible from within Linux.
    130. 

  130. 	  To compile this driver as a module, choose M here; the module will
    131. 

  131. 	  be called tpm_tis_i2c_atmel.
    132. 

  132. 

  133. config TCG_TIS_I2C_INFINEON
    134. 

  134. 	tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
    135. 

  135. 	depends on I2C
    136. 

  136. 	help
    137. 

  137. 	  If you have a TPM security chip that is compliant with the
    138. 

  138. 	  TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
    139. 

  139. 	  Specification 0.20 say Yes and it will be accessible from within
    140. 

  140. 	  Linux.
    141. 

  141. 	  To compile this driver as a module, choose M here; the module
    142. 

  142. 	  will be called tpm_i2c_infineon.
    143. 

  143. 

  144. config TCG_TIS_I2C_NUVOTON
    145. 

  145. 	tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
    146. 

  146. 	depends on I2C
    147. 

  147. 	help
    148. 

  148. 	  If you have a TPM security chip with an I2C interface from
    149. 

  149. 	  Nuvoton Technology Corp. say Yes and it will be accessible
    150. 

  150. 	  from within Linux.
    151. 

  151. 	  To compile this driver as a module, choose M here; the module
    152. 

  152. 	  will be called tpm_i2c_nuvoton.
    153. 

  153. 

  154. config TCG_NSC
    155. 

  155. 	tristate "National Semiconductor TPM Interface"
    156. 

  156. 	depends on X86
    157. 

  157. 	help
    158. 

  158. 	  If you have a TPM security chip from National Semiconductor 
    159. 

  159. 	  say Yes and it will be accessible from within Linux.  To 
    160. 

  160. 	  compile this driver as a module, choose M here; the module 
    161. 

  161. 	  will be called tpm_nsc.
    162. 

  162. 

  163. config TCG_ATMEL
    164. 

  164. 	tristate "Atmel TPM Interface"
    165. 

  165. 	depends on PPC64 || HAS_IOPORT_MAP
    166. 

  166. 	depends on HAS_IOPORT
    167. 

  167. 	help
    168. 

  168. 	  If you have a TPM security chip from Atmel say Yes and it 
    169. 

  169. 	  will be accessible from within Linux.  To compile this driver 
    170. 

  170. 	  as a module, choose M here; the module will be called tpm_atmel.
    171. 

  171. 

  172. config TCG_INFINEON
    173. 

  173. 	tristate "Infineon Technologies TPM Interface"
    174. 

  174. 	depends on PNP || COMPILE_TEST
    175. 

  175. 	help
    176. 

  176. 	  If you have a TPM security chip from Infineon Technologies
    177. 

  177. 	  (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
    178. 

  178. 	  will be accessible from within Linux.
    179. 

  179. 	  To compile this driver as a module, choose M here; the module
    180. 

  180. 	  will be called tpm_infineon.
    181. 

  181. 	  Further information on this driver and the supported hardware
    182. 

  182. 	  can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ 
    183. 

  183. 

  184. config TCG_IBMVTPM
    185. 

  185. 	tristate "IBM VTPM Interface"
    186. 

  186. 	depends on PPC_PSERIES
    187. 

  187. 	help
    188. 

  188. 	  If you have IBM virtual TPM (VTPM) support say Yes and it
    189. 

  189. 	  will be accessible from within Linux.  To compile this driver
    190. 

  190. 	  as a module, choose M here; the module will be called tpm_ibmvtpm.
    191. 

  191. 

  192. config TCG_XEN
    193. 

  193. 	tristate "XEN TPM Interface"
    194. 

  194. 	depends on TCG_TPM && XEN
    195. 

  195. 	select XEN_XENBUS_FRONTEND
    196. 

  196. 	help
    197. 

  197. 	  If you want to make TPM support available to a Xen user domain,
    198. 

  198. 	  say Yes and it will be accessible from within Linux. See
    199. 

  199. 	  the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
    200. 

  200. 	  the Xen source repository for more details.
    201. 

  201. 	  To compile this driver as a module, choose M here; the module
    202. 

  202. 	  will be called xen-tpmfront.
    203. 

  203. 

  204. config TCG_CRB
    205. 

  205. 	tristate "TPM 2.0 CRB Interface"
    206. 

  206. 	depends on ACPI
    207. 

  207. 	help
    208. 

  208. 	  If you have a TPM security chip that is compliant with the
    209. 

  209. 	  TCG CRB 2.0 TPM specification say Yes and it will be accessible
    210. 

  210. 	  from within Linux.  To compile this driver as a module, choose
    211. 

  211. 	  M here; the module will be called tpm_crb.
    212. 

  212. 

  213. config TCG_VTPM_PROXY
    214. 

  214. 	tristate "VTPM Proxy Interface"
    215. 

  215. 	depends on TCG_TPM
    216. 

  216. 	help
    217. 

  217. 	  This driver proxies for an emulated TPM (vTPM) running in userspace.
    218. 

  218. 	  A device /dev/vtpmx is provided that creates a device pair
    219. 

  219. 	  /dev/vtpmX and a server-side file descriptor on which the vTPM
    220. 

  220. 	  can receive commands.
    221. 

  221. 

  222. config TCG_FTPM_TEE
    223. 

  223. 	tristate "TEE based fTPM Interface"
    224. 

  224. 	depends on TEE && OPTEE
    225. 

  225. 	help
    226. 

  226. 	  This driver proxies for firmware TPM running in TEE.
    227. 

  227. 

  228. source "drivers/char/tpm/st33zp24/Kconfig"
    229. 

  229. endif # TCG_TPM
    230.