summaryrefslogtreecommitdiff
path: root/drivers/char/tpm/Kconfig
blob: e63a6a17793c8560085c1571e862338cf4e1c21b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# SPDX-License-Identifier: GPL-2.0-only
#
# TPM device configuration
#

menuconfig TCG_TPM
	tristate "TPM Hardware Support"
	depends on HAS_IOMEM
	imply SECURITYFS
	select CRYPTO
	select CRYPTO_HASH_INFO
	help
	  If you have a TPM security chip in your system, which
	  implements the Trusted Computing Group's specification,
	  say Yes and it will be accessible from within Linux.  For
	  more information see <http://www.trustedcomputinggroup.org>. 
	  An implementation of the Trusted Software Stack (TSS), the 
	  userspace enablement piece of the specification, can be 
	  obtained at: <http://sourceforge.net/projects/trousers>.  To 
	  compile this driver as a module, choose M here; the module 
	  will be called tpm. If unsure, say N.
	  Notes:
	  1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
	  and CONFIG_PNPACPI.
	  2) Without ACPI enabled, the BIOS event log won't be accessible,
	  which is required to validate the PCR 0-7 values.

if TCG_TPM

config TCG_TPM2_HMAC
	bool "Use HMAC and encrypted transactions on the TPM bus"
	default y
	select CRYPTO_ECDH
	select CRYPTO_LIB_AESCFB
	select CRYPTO_LIB_SHA256
	help
	  Setting this causes us to deploy a scheme which uses request
	  and response HMACs in addition to encryption for
	  communicating with the TPM to prevent or detect bus snooping
	  and interposer attacks (see tpm-security.rst).  Saying Y
	  here adds some encryption overhead to all kernel to TPM
	  transactions.

config HW_RANDOM_TPM
	bool "TPM HW Random Number Generator support"
	depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
	default y
	help
	  This setting exposes the TPM's Random Number Generator as a hwrng
	  device. This allows the kernel to collect randomness from the TPM at
	  boot, and provides the TPM randomines in /dev/hwrng.

	  If unsure, say Y.

config TCG_TIS_CORE
	tristate
	help
	TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
	into the TPM kernel APIs. Physical layers will register against it.

config TCG_TIS
	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
	depends on X86 || OF
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux. To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis.

config TCG_TIS_SPI
	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
	depends on SPI
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip which is connected to a regular,
	  non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
	  TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux. To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis_spi.

config TCG_TIS_SPI_CR50
	bool "Cr50 SPI Interface"
	depends on TCG_TIS_SPI
	help
	  If you have a H1 secure module running Cr50 firmware on SPI bus,
	  say Yes and it will be accessible from within Linux.

config TCG_TIS_I2C
	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
	depends on I2C
	select CRC_CCITT
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip, compliant with the TCG TPM PTP
	  (I2C interface) specification and connected to an I2C bus master,
	  say Yes and it will be accessible from within Linux.
	  To compile this driver as a module, choose M here;
	  the module will be called tpm_tis_i2c.

config TCG_TIS_SYNQUACER
	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
	depends on ARCH_SYNQUACER || COMPILE_TEST
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux on Socionext SynQuacer platform.
	  To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis_synquacer.

config TCG_TIS_I2C_CR50
	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
	depends on I2C
	help
	  This is a driver for the Google cr50 I2C TPM interface which is a
	  custom microcontroller and requires a custom i2c protocol interface
	  to handle the limitations of the hardware.  To compile this driver
	  as a module, choose M here; the module will be called tcg_tis_i2c_cr50.

config TCG_TIS_I2C_ATMEL
	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
	depends on I2C
	help
	  If you have an Atmel I2C TPM security chip say Yes and it will be
	  accessible from within Linux.
	  To compile this driver as a module, choose M here; the module will
	  be called tpm_tis_i2c_atmel.

config TCG_TIS_I2C_INFINEON
	tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
	depends on I2C
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
	  Specification 0.20 say Yes and it will be accessible from within
	  Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_i2c_infineon.

config TCG_TIS_I2C_NUVOTON
	tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
	depends on I2C
	help
	  If you have a TPM security chip with an I2C interface from
	  Nuvoton Technology Corp. say Yes and it will be accessible
	  from within Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_i2c_nuvoton.

config TCG_NSC
	tristate "National Semiconductor TPM Interface"
	depends on X86
	help
	  If you have a TPM security chip from National Semiconductor 
	  say Yes and it will be accessible from within Linux.  To 
	  compile this driver as a module, choose M here; the module 
	  will be called tpm_nsc.

config TCG_ATMEL
	tristate "Atmel TPM Interface"
	depends on PPC64 || HAS_IOPORT_MAP
	depends on HAS_IOPORT
	help
	  If you have a TPM security chip from Atmel say Yes and it 
	  will be accessible from within Linux.  To compile this driver 
	  as a module, choose M here; the module will be called tpm_atmel.

config TCG_INFINEON
	tristate "Infineon Technologies TPM Interface"
	depends on PNP || COMPILE_TEST
	help
	  If you have a TPM security chip from Infineon Technologies
	  (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
	  will be accessible from within Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_infineon.
	  Further information on this driver and the supported hardware
	  can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ 

config TCG_IBMVTPM
	tristate "IBM VTPM Interface"
	depends on PPC_PSERIES
	help
	  If you have IBM virtual TPM (VTPM) support say Yes and it
	  will be accessible from within Linux.  To compile this driver
	  as a module, choose M here; the module will be called tpm_ibmvtpm.

config TCG_XEN
	tristate "XEN TPM Interface"
	depends on TCG_TPM && XEN
	select XEN_XENBUS_FRONTEND
	help
	  If you want to make TPM support available to a Xen user domain,
	  say Yes and it will be accessible from within Linux. See
	  the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
	  the Xen source repository for more details.
	  To compile this driver as a module, choose M here; the module
	  will be called xen-tpmfront.

config TCG_CRB
	tristate "TPM 2.0 CRB Interface"
	depends on ACPI
	help
	  If you have a TPM security chip that is compliant with the
	  TCG CRB 2.0 TPM specification say Yes and it will be accessible
	  from within Linux.  To compile this driver as a module, choose
	  M here; the module will be called tpm_crb.

config TCG_VTPM_PROXY
	tristate "VTPM Proxy Interface"
	depends on TCG_TPM
	help
	  This driver proxies for an emulated TPM (vTPM) running in userspace.
	  A device /dev/vtpmx is provided that creates a device pair
	  /dev/vtpmX and a server-side file descriptor on which the vTPM
	  can receive commands.

config TCG_FTPM_TEE
	tristate "TEE based fTPM Interface"
	depends on TEE && OPTEE
	help
	  This driver proxies for firmware TPM running in TEE.

source "drivers/char/tpm/st33zp24/Kconfig"
endif # TCG_TPM