tpm: Add Kconfig options for TPMs

Add new Kconfig options for TPMs in preparation for moving boards to use
Kconfig for TPM configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

diff --git a/common/Kconfig b/common/Kconfig
index cfe1651caa4d7deb78e863bf900dc0a3e6221f7d..6bb01ad4447932ed6495e93ca725860596fa19e8 100644 (file)
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -766,6 +766,18 @@ config CMD_REGULATOR
 
 endmenu
 
 
 endmenu
 

+menu "Security commands"
+config CMD_TPM
+       bool "Enable the 'tpm' command"
+       depends on TPM
+       help
+         This provides a means to talk to a TPM from the command line. A wide
+         range of commands if provided - see 'tpm help' for details. The
+         command requires a suitable TPM on your board and the correct driver
+         must be enabled.
+
+endmenu
+

 endmenu
 
 menu "Environment configuration settings"
 endmenu
 
 menu "Environment configuration settings"

diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index f408b8a81d1e7d2f438c1ce20590f8563920d002..9101fc26b9deab906d9c02b804b62cd035ee1561 100644 (file)
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -1,7 +1,67 @@
+#
+# TPM subsystem configuration
+#
+
+menu "TPM support"
+

 config TPM_TIS_SANDBOX
        bool "Enable sandbox TPM driver"
 config TPM_TIS_SANDBOX
        bool "Enable sandbox TPM driver"

+       depends on SANDBOX

        help
          This driver emulates a TPM, providing access to base functions
          such as reading and writing TPM private data. This is enough to
          support Chrome OS verified boot. Extend functionality is not
          implemented.
        help
          This driver emulates a TPM, providing access to base functions
          such as reading and writing TPM private data. This is enough to
          support Chrome OS verified boot. Extend functionality is not
          implemented.

+
+config TPM_ATMEL_TWI
+       bool "Enable Atmel TWI TPM device driver"
+       depends on TPM
+       help
+         This driver supports an Atmel TPM device connected on the I2C bus.
+         The usual tpm operations and the 'tpm' command can be used to talk
+         to the device using the standard TPM Interface Specification (TIS)
+         protocol
+
+config TPM_TIS_I2C
+       bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
+       depends on TPM && DM_I2C
+       help
+         This driver supports Infineon TPM devices connected on the I2C bus.
+         The usual tpm operations and the 'tpm' command can be used to talk
+         to the device using the standard TPM Interface Specification (TIS)
+         protocol
+
+config TPM_TIS_I2C_BURST_LIMITATION
+       bool "Enable I2C burst length limitation"
+       depends on TPM_TIS_I2C
+       help
+         Some broken TPMs have a limitation on the number of bytes they can
+         receive in one message. Enable this option to allow you to set this
+         option. The can allow a broken TPM to be used by splitting messages
+         into separate pieces.
+
+config TPM_TIS_I2C_BURST_LIMITATION_LEN
+       int "Length"
+       depends on TPM_TIS_I2C_BURST_LIMITATION
+       help
+         Use this to set the burst limitation length
+
+config TPM_TIS_LPC
+       bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
+       depends on TPM && X86
+       help
+         This driver supports Infineon TPM devices connected on the I2C bus.
+         The usual tpm operations and the 'tpm' command can be used to talk
+         to the device using the standard TPM Interface Specification (TIS)
+         protocol
+
+config TPM_AUTH_SESSIONS
+       bool "Enable TPM authentication session support"
+       depends on TPM
+       help
+         Enable support for authorised (AUTH1) commands as specified in the
+         TCG Main Specification 1.2. OIAP-authorised versions of the commands
+         TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
+         available using the 'tpm' command, too.
+
+endmenu

diff --git a/lib/Kconfig b/lib/Kconfig
index 867cc4ca4dab7f92b74e9239c70e019f99fb2c69..16921c02c55175086ed52a2fe8edf7c4faee5d75 100644 (file)
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -57,6 +57,16 @@ source lib/dhry/Kconfig
 
 source lib/rsa/Kconfig
 
 
 source lib/rsa/Kconfig
 

+config TPM
+       bool "Trusted Platform Module (TPM) Support"
+       help
+         This enables support for TPMs which can be used to provide security
+         features for your board. The TPM can be connected via LPC or I2C
+         and a sandbox TPM is provided for testing purposes. Use the 'tpm'
+         command to interactive the TPM. Driver model support is provided
+         for the low-level TPM interface, but only one TPM is supported at
+         a time by the TPM library.
+

 menu "Hashing Support"
 
 config SHA1
 menu "Hashing Support"
 
 config SHA1