~funderscore blog cgit wiki get in touch
aboutsummaryrefslogtreecommitdiff
blob: d59102d9a6bdcd78e840a176b00d0565574f88a8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
#
# TPM subsystem configuration
#

menu "TPM support"

config TPM_V1
	bool "TPMv1.x support"
	depends on TPM
	default y
	help
	  Major TPM versions are not compatible at all, choose either
	  one or the other. This option enables TPMv1.x drivers/commands.

if TPM_V1

config TPM_TIS_SANDBOX
	bool "Enable sandbox TPM driver"
	depends on TPM_V1 && SANDBOX
	default y
	help
	  This driver emulates a TPMv1.x, providing access to base functions
	  such as reading and writing TPM private data. This is enough to
	  support Chrome OS verified boot. Extend functionality is not
	  implemented.

config TPM_ATMEL_TWI
	bool "Enable Atmel TWI TPM device driver"
	depends on TPM_V1
	help
	  This driver supports an Atmel TPM device connected on the I2C bus.
	  The usual tpm operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol

config TPM_TIS_INFINEON
	bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
	depends on TPM_V1 && DM_I2C
	help
	  This driver supports Infineon TPM devices connected on the I2C bus.
	  The usual tpm operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol

config TPM_TIS_I2C_BURST_LIMITATION
	bool "Enable I2C burst length limitation"
	depends on TPM_TIS_INFINEON
	help
	  Some broken TPMs have a limitation on the number of bytes they can
	  receive in one message. Enable this option to allow you to set this
	  option. The can allow a broken TPM to be used by splitting messages
	  into separate pieces.

config TPM_TIS_I2C_BURST_LIMITATION_LEN
	int "Length"
	depends on TPM_TIS_I2C_BURST_LIMITATION
	help
	  Use this to set the burst limitation length

config TPM_TIS_LPC
	bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
	depends on TPM_V1 && X86
	help
	  This driver supports Infineon TPM devices connected on the LPC bus.
	  The usual tpm operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol

config TPM_AUTH_SESSIONS
	bool "Enable TPM authentication session support"
	depends on TPM_V1
	help
	  Enable support for authorised (AUTH1) commands as specified in the
	  TCG Main Specification 1.2. OIAP-authorised versions of the commands
	  TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
	  available using the 'tpm' command, too.

config TPM_ST33ZP24_I2C
	bool "STMicroelectronics ST33ZP24 I2C TPM"
	depends on TPM_V1 && DM_I2C
	---help---
	  This driver supports STMicroelectronics TPM devices connected on the I2C bus.
	  The usual tpm operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol

config TPM_ST33ZP24_SPI
	bool "STMicroelectronics ST33ZP24 SPI TPM"
	depends on TPM_V1 && DM_SPI
	---help---
	  This driver supports STMicroelectronics TPM devices connected on the SPI bus.
	  The usual tpm operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol

config TPM_FLUSH_RESOURCES
	bool "Enable TPM resource flushing support"
	depends on TPM_V1
	help
	  Enable support to flush specific resources (e.g. keys) from the TPM.
	  The functionality is available via the 'tpm' command as well.

config TPM_LOAD_KEY_BY_SHA1
	bool "Enable TPM key loading by SHA1 support"
	depends on TPM_V1
	help
	  Enable support to load keys into the TPM by identifying
	  their parent via the public key's SHA1 hash.
	  The functionality is available via the 'tpm' command as well.

config TPM_LIST_RESOURCES
	bool "Enable TPM resource listing support"
	depends on TPM_V1
	help
	  Enable support to list specific resources (e.g. keys) within the TPM.
	  The functionality is available via the 'tpm' command as well.

endif # TPM_V1

config TPM_V2
	bool "TPMv2.x support"
	depends on TPM
	default y
	help
	  Major TPM versions are not compatible at all, choose either
	  one or the other. This option enables TPMv2.x drivers/commands.

if TPM_V2

config TPM2_CR50_I2C
	bool "Enable support for Google cr50 TPM"
	depends on DM_I2C
	help
	  Cr50 is an implementation of a TPM on Google's H1 security chip.
	  This uses the same open-source firmware as the Chromium OS EC.
	  While Cr50 has other features, its primary role is as the root of
	  trust for a device, It operates like a TPM and can be used with
	  verified boot. Cr50 is used on recent Chromebooks (since 2017).

config SPL_TPM2_CR50_I2C
	bool "Enable support for Google cr50 TPM"
	depends on DM_I2C && SPL_TPM
	help
	  Cr50 is an implementation of a TPM on Google's H1 security chip.
	  This uses the same open-source firmware as the Chromium OS EC.
	  While Cr50 has other features, its primary role is as the root of
	  trust for a device, It operates like a TPM and can be used with
	  verified boot. Cr50 is used on recent Chromebooks (since 2017).

config TPL_TPM2_CR50_I2C
	bool "Enable support for Google cr50 TPM"
	depends on DM_I2C && TPL_TPM
	help
	  Cr50 is an implementation of a TPM on Google's H1 security chip.
	  This uses the same open-source firmware as the Chromium OS EC.
	  While Cr50 has other features, its primary role is as the root of
	  trust for a device, It operates like a TPM and can be used with
	  verified boot. Cr50 is used on recent Chromebooks (since 2017).

config VPL_TPM2_CR50_I2C
	bool "Enable support for Google cr50 TPM"
	depends on DM_I2C && VPL_TPM
	help
	  Cr50 is an implementation of a TPM on Google's H1 security chip.
	  This uses the same open-source firmware as the Chromium OS EC.
	  While Cr50 has other features, its primary role is as the root of
	  trust for a device, It operates like a TPM and can be used with
	  verified boot. Cr50 is used on recent Chromebooks (since 2017).

config TPM2_TIS_SANDBOX
	bool "Enable sandbox TPMv2.x driver"
	depends on TPM_V2 && SANDBOX
	default y
	help
	  This driver emulates a TPMv2.x, providing access to base functions
	  such as basic configuration, PCR extension and PCR read. Extended
	  functionalities are not implemented.

config TPM2_TIS_SPI
	bool "Enable support for TPMv2.x SPI chips"
	depends on TPM_V2 && DM_SPI
	help
	  This driver supports TPMv2.x devices connected on the SPI bus.
	  The usual TPM operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol.

config TPM2_TIS_I2C
	bool "Enable support for TPMv2.x I2C chips"
	depends on TPM_V2 && DM_I2C
	help
	  This driver supports TPMv2.x devices connected on the I2C bus.
	  The usual TPM operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol.

config TPM2_FTPM_TEE
	bool "TEE based fTPM Interface"
	depends on TEE && OPTEE && TPM_V2
	help
	  This driver supports firmware TPM running in TEE.

config TPM2_MMIO
	bool "MMIO based TPM2 Interface"
	depends on TPM_V2
	help
	  This driver supports firmware TPM2.0 MMIO interface.
	  The usual TPM operations and the 'tpm' command can be used to talk
	  to the device using the standard TPM Interface Specification (TIS)
	  protocol.

endif # TPM_V2

endmenu