From a9cc0c645b8ac205d1e6dc55bb190971f844e707 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:19 -0600 Subject: [PATCH] tpm: Add Kconfig options for TPMs Add new Kconfig options for TPMs in preparation for moving boards to use Kconfig for TPM configuration. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/Kconfig | 12 +++++++++ drivers/tpm/Kconfig | 60 +++++++++++++++++++++++++++++++++++++++++++++ lib/Kconfig | 10 ++++++++ 3 files changed, 82 insertions(+) diff --git a/common/Kconfig b/common/Kconfig index cfe1651caa..6bb01ad444 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -766,6 +766,18 @@ config CMD_REGULATOR endmenu +menu "Security commands" +config CMD_TPM + bool "Enable the 'tpm' command" + depends on TPM + help + This provides a means to talk to a TPM from the command line. A wide + range of commands if provided - see 'tpm help' for details. The + command requires a suitable TPM on your board and the correct driver + must be enabled. + +endmenu + endmenu menu "Environment configuration settings" diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index f408b8a81d..9101fc26b9 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -1,7 +1,67 @@ +# +# TPM subsystem configuration +# + +menu "TPM support" + config TPM_TIS_SANDBOX bool "Enable sandbox TPM driver" + depends on SANDBOX help This driver emulates a TPM, providing access to base functions such as reading and writing TPM private data. This is enough to support Chrome OS verified boot. Extend functionality is not implemented. + +config TPM_ATMEL_TWI + bool "Enable Atmel TWI TPM device driver" + depends on TPM + help + This driver supports an Atmel TPM device connected on the I2C bus. + The usual tpm operations and the 'tpm' command can be used to talk + to the device using the standard TPM Interface Specification (TIS) + protocol + +config TPM_TIS_I2C + bool "Enable support for Infineon SLB9635/45 TPMs on I2C" + depends on TPM && DM_I2C + help + This driver supports Infineon TPM devices connected on the I2C bus. + The usual tpm operations and the 'tpm' command can be used to talk + to the device using the standard TPM Interface Specification (TIS) + protocol + +config TPM_TIS_I2C_BURST_LIMITATION + bool "Enable I2C burst length limitation" + depends on TPM_TIS_I2C + help + Some broken TPMs have a limitation on the number of bytes they can + receive in one message. Enable this option to allow you to set this + option. The can allow a broken TPM to be used by splitting messages + into separate pieces. + +config TPM_TIS_I2C_BURST_LIMITATION_LEN + int "Length" + depends on TPM_TIS_I2C_BURST_LIMITATION + help + Use this to set the burst limitation length + +config TPM_TIS_LPC + bool "Enable support for Infineon SLB9635/45 TPMs on LPC" + depends on TPM && X86 + help + This driver supports Infineon TPM devices connected on the I2C bus. + The usual tpm operations and the 'tpm' command can be used to talk + to the device using the standard TPM Interface Specification (TIS) + protocol + +config TPM_AUTH_SESSIONS + bool "Enable TPM authentication session support" + depends on TPM + help + Enable support for authorised (AUTH1) commands as specified in the + TCG Main Specification 1.2. OIAP-authorised versions of the commands + TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are + available using the 'tpm' command, too. + +endmenu diff --git a/lib/Kconfig b/lib/Kconfig index 867cc4ca4d..16921c02c5 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -57,6 +57,16 @@ source lib/dhry/Kconfig source lib/rsa/Kconfig +config TPM + bool "Trusted Platform Module (TPM) Support" + help + This enables support for TPMs which can be used to provide security + features for your board. The TPM can be connected via LPC or I2C + and a sandbox TPM is provided for testing purposes. Use the 'tpm' + command to interactive the TPM. Driver model support is provided + for the low-level TPM interface, but only one TPM is supported at + a time by the TPM library. + menu "Hashing Support" config SHA1 -- 2.39.2