Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# TPM device configuration
4#
5
6menuconfig TCG_TPM
7 tristate "TPM Hardware Support"
8 depends on HAS_IOMEM
9 imply SECURITYFS
10 select CRYPTO
11 select CRYPTO_HASH_INFO
12 help
13 If you have a TPM security chip in your system, which
14 implements the Trusted Computing Group's specification,
15 say Yes and it will be accessible from within Linux. For
16 more information see <http://www.trustedcomputinggroup.org>.
17 An implementation of the Trusted Software Stack (TSS), the
18 userspace enablement piece of the specification, can be
19 obtained at: <http://sourceforge.net/projects/trousers>. To
20 compile this driver as a module, choose M here; the module
21 will be called tpm. If unsure, say N.
22 Notes:
23 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
24 and CONFIG_PNPACPI.
25 2) Without ACPI enabled, the BIOS event log won't be accessible,
26 which is required to validate the PCR 0-7 values.
27
28if TCG_TPM
29
30config HW_RANDOM_TPM
31 bool "TPM HW Random Number Generator support"
32 depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
33 default y
34 help
35 This setting exposes the TPM's Random Number Generator as a hwrng
36 device. This allows the kernel to collect randomness from the TPM at
37 boot, and provides the TPM randomines in /dev/hwrng.
38
39 If unsure, say Y.
40
41config TCG_TIS_CORE
42 tristate
43 help
44 TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
45 into the TPM kernel APIs. Physical layers will register against it.
46
47config TCG_TIS
48 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
49 depends on X86 || OF
50 select TCG_TIS_CORE
51 help
52 If you have a TPM security chip that is compliant with the
53 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
54 specification (TPM2.0) say Yes and it will be accessible from
55 within Linux. To compile this driver as a module, choose M here;
56 the module will be called tpm_tis.
57
58config TCG_TIS_SPI
59 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
60 depends on SPI
61 select TCG_TIS_CORE
62 help
63 If you have a TPM security chip which is connected to a regular,
64 non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
65 TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
66 specification (TPM2.0) say Yes and it will be accessible from
67 within Linux. To compile this driver as a module, choose M here;
68 the module will be called tpm_tis_spi.
69
70config TCG_TIS_SPI_CR50
71 bool "Cr50 SPI Interface"
72 depends on TCG_TIS_SPI
73 help
74 If you have a H1 secure module running Cr50 firmware on SPI bus,
75 say Yes and it will be accessible from within Linux.
76
77config TCG_TIS_I2C
78 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
79 depends on I2C
80 select CRC_CCITT
81 select TCG_TIS_CORE
82 help
83 If you have a TPM security chip, compliant with the TCG TPM PTP
84 (I2C interface) specification and connected to an I2C bus master,
85 say Yes and it will be accessible from within Linux.
86 To compile this driver as a module, choose M here;
87 the module will be called tpm_tis_i2c.
88
89config TCG_TIS_SYNQUACER
90 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
91 depends on ARCH_SYNQUACER || COMPILE_TEST
92 select TCG_TIS_CORE
93 help
94 If you have a TPM security chip that is compliant with the
95 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
96 specification (TPM2.0) say Yes and it will be accessible from
97 within Linux on Socionext SynQuacer platform.
98 To compile this driver as a module, choose M here;
99 the module will be called tpm_tis_synquacer.
100
101config TCG_TIS_I2C_CR50
102 tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
103 depends on I2C
104 help
105 This is a driver for the Google cr50 I2C TPM interface which is a
106 custom microcontroller and requires a custom i2c protocol interface
107 to handle the limitations of the hardware. To compile this driver
108 as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
109
110config TCG_TIS_I2C_ATMEL
111 tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
112 depends on I2C
113 help
114 If you have an Atmel I2C TPM security chip say Yes and it will be
115 accessible from within Linux.
116 To compile this driver as a module, choose M here; the module will
117 be called tpm_tis_i2c_atmel.
118
119config TCG_TIS_I2C_INFINEON
120 tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
121 depends on I2C
122 help
123 If you have a TPM security chip that is compliant with the
124 TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
125 Specification 0.20 say Yes and it will be accessible from within
126 Linux.
127 To compile this driver as a module, choose M here; the module
128 will be called tpm_i2c_infineon.
129
130config TCG_TIS_I2C_NUVOTON
131 tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
132 depends on I2C
133 help
134 If you have a TPM security chip with an I2C interface from
135 Nuvoton Technology Corp. say Yes and it will be accessible
136 from within Linux.
137 To compile this driver as a module, choose M here; the module
138 will be called tpm_i2c_nuvoton.
139
140config TCG_NSC
141 tristate "National Semiconductor TPM Interface"
142 depends on X86
143 help
144 If you have a TPM security chip from National Semiconductor
145 say Yes and it will be accessible from within Linux. To
146 compile this driver as a module, choose M here; the module
147 will be called tpm_nsc.
148
149config TCG_ATMEL
150 tristate "Atmel TPM Interface"
151 depends on PPC64 || HAS_IOPORT_MAP
152 help
153 If you have a TPM security chip from Atmel say Yes and it
154 will be accessible from within Linux. To compile this driver
155 as a module, choose M here; the module will be called tpm_atmel.
156
157config TCG_INFINEON
158 tristate "Infineon Technologies TPM Interface"
159 depends on PNP
160 help
161 If you have a TPM security chip from Infineon Technologies
162 (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
163 will be accessible from within Linux.
164 To compile this driver as a module, choose M here; the module
165 will be called tpm_infineon.
166 Further information on this driver and the supported hardware
167 can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/
168
169config TCG_IBMVTPM
170 tristate "IBM VTPM Interface"
171 depends on PPC_PSERIES
172 help
173 If you have IBM virtual TPM (VTPM) support say Yes and it
174 will be accessible from within Linux. To compile this driver
175 as a module, choose M here; the module will be called tpm_ibmvtpm.
176
177config TCG_XEN
178 tristate "XEN TPM Interface"
179 depends on TCG_TPM && XEN
180 select XEN_XENBUS_FRONTEND
181 help
182 If you want to make TPM support available to a Xen user domain,
183 say Yes and it will be accessible from within Linux. See
184 the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
185 the Xen source repository for more details.
186 To compile this driver as a module, choose M here; the module
187 will be called xen-tpmfront.
188
189config TCG_CRB
190 tristate "TPM 2.0 CRB Interface"
191 depends on ACPI
192 help
193 If you have a TPM security chip that is compliant with the
194 TCG CRB 2.0 TPM specification say Yes and it will be accessible
195 from within Linux. To compile this driver as a module, choose
196 M here; the module will be called tpm_crb.
197
198config TCG_VTPM_PROXY
199 tristate "VTPM Proxy Interface"
200 depends on TCG_TPM
201 help
202 This driver proxies for an emulated TPM (vTPM) running in userspace.
203 A device /dev/vtpmx is provided that creates a device pair
204 /dev/vtpmX and a server-side file descriptor on which the vTPM
205 can receive commands.
206
207config TCG_FTPM_TEE
208 tristate "TEE based fTPM Interface"
209 depends on TEE && OPTEE
210 help
211 This driver proxies for firmware TPM running in TEE.
212
213source "drivers/char/tpm/st33zp24/Kconfig"
214endif # TCG_TPM
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# TPM device configuration
4#
5
6menuconfig TCG_TPM
7 tristate "TPM Hardware Support"
8 depends on HAS_IOMEM
9 imply SECURITYFS
10 select CRYPTO
11 select CRYPTO_HASH_INFO
12 help
13 If you have a TPM security chip in your system, which
14 implements the Trusted Computing Group's specification,
15 say Yes and it will be accessible from within Linux. For
16 more information see <http://www.trustedcomputinggroup.org>.
17 An implementation of the Trusted Software Stack (TSS), the
18 userspace enablement piece of the specification, can be
19 obtained at: <http://sourceforge.net/projects/trousers>. To
20 compile this driver as a module, choose M here; the module
21 will be called tpm. If unsure, say N.
22 Notes:
23 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
24 and CONFIG_PNPACPI.
25 2) Without ACPI enabled, the BIOS event log won't be accessible,
26 which is required to validate the PCR 0-7 values.
27
28if TCG_TPM
29
30config TCG_TPM2_HMAC
31 bool "Use HMAC and encrypted transactions on the TPM bus"
32 default X86_64
33 select CRYPTO_ECDH
34 select CRYPTO_LIB_AESCFB
35 select CRYPTO_LIB_SHA256
36 help
37 Setting this causes us to deploy a scheme which uses request
38 and response HMACs in addition to encryption for
39 communicating with the TPM to prevent or detect bus snooping
40 and interposer attacks (see tpm-security.rst). Saying Y
41 here adds some encryption overhead to all kernel to TPM
42 transactions.
43
44config HW_RANDOM_TPM
45 bool "TPM HW Random Number Generator support"
46 depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
47 default y
48 help
49 This setting exposes the TPM's Random Number Generator as a hwrng
50 device. This allows the kernel to collect randomness from the TPM at
51 boot, and provides the TPM randomines in /dev/hwrng.
52
53 If unsure, say Y.
54
55config TCG_TIS_CORE
56 tristate
57 help
58 TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
59 into the TPM kernel APIs. Physical layers will register against it.
60
61config TCG_TIS
62 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
63 depends on X86 || OF
64 select TCG_TIS_CORE
65 help
66 If you have a TPM security chip that is compliant with the
67 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
68 specification (TPM2.0) say Yes and it will be accessible from
69 within Linux. To compile this driver as a module, choose M here;
70 the module will be called tpm_tis.
71
72config TCG_TIS_SPI
73 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
74 depends on SPI
75 select TCG_TIS_CORE
76 help
77 If you have a TPM security chip which is connected to a regular,
78 non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
79 TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
80 specification (TPM2.0) say Yes and it will be accessible from
81 within Linux. To compile this driver as a module, choose M here;
82 the module will be called tpm_tis_spi.
83
84config TCG_TIS_SPI_CR50
85 bool "Cr50 SPI Interface"
86 depends on TCG_TIS_SPI
87 help
88 If you have a H1 secure module running Cr50 firmware on SPI bus,
89 say Yes and it will be accessible from within Linux.
90
91config TCG_TIS_I2C
92 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
93 depends on I2C
94 select CRC_CCITT
95 select TCG_TIS_CORE
96 help
97 If you have a TPM security chip, compliant with the TCG TPM PTP
98 (I2C interface) specification and connected to an I2C bus master,
99 say Yes and it will be accessible from within Linux.
100 To compile this driver as a module, choose M here;
101 the module will be called tpm_tis_i2c.
102
103config TCG_TIS_SYNQUACER
104 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
105 depends on ARCH_SYNQUACER || COMPILE_TEST
106 select TCG_TIS_CORE
107 help
108 If you have a TPM security chip that is compliant with the
109 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
110 specification (TPM2.0) say Yes and it will be accessible from
111 within Linux on Socionext SynQuacer platform.
112 To compile this driver as a module, choose M here;
113 the module will be called tpm_tis_synquacer.
114
115config TCG_TIS_I2C_CR50
116 tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
117 depends on I2C
118 help
119 This is a driver for the Google cr50 I2C TPM interface which is a
120 custom microcontroller and requires a custom i2c protocol interface
121 to handle the limitations of the hardware. To compile this driver
122 as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
123
124config TCG_TIS_I2C_ATMEL
125 tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
126 depends on I2C
127 help
128 If you have an Atmel I2C TPM security chip say Yes and it will be
129 accessible from within Linux.
130 To compile this driver as a module, choose M here; the module will
131 be called tpm_tis_i2c_atmel.
132
133config TCG_TIS_I2C_INFINEON
134 tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
135 depends on I2C
136 help
137 If you have a TPM security chip that is compliant with the
138 TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
139 Specification 0.20 say Yes and it will be accessible from within
140 Linux.
141 To compile this driver as a module, choose M here; the module
142 will be called tpm_i2c_infineon.
143
144config TCG_TIS_I2C_NUVOTON
145 tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
146 depends on I2C
147 help
148 If you have a TPM security chip with an I2C interface from
149 Nuvoton Technology Corp. say Yes and it will be accessible
150 from within Linux.
151 To compile this driver as a module, choose M here; the module
152 will be called tpm_i2c_nuvoton.
153
154config TCG_NSC
155 tristate "National Semiconductor TPM Interface"
156 depends on X86
157 help
158 If you have a TPM security chip from National Semiconductor
159 say Yes and it will be accessible from within Linux. To
160 compile this driver as a module, choose M here; the module
161 will be called tpm_nsc.
162
163config TCG_ATMEL
164 tristate "Atmel TPM Interface"
165 depends on HAS_IOPORT_MAP
166 depends on HAS_IOPORT
167 help
168 If you have a TPM security chip from Atmel say Yes and it
169 will be accessible from within Linux. To compile this driver
170 as a module, choose M here; the module will be called tpm_atmel.
171
172config TCG_INFINEON
173 tristate "Infineon Technologies TPM Interface"
174 depends on PNP || COMPILE_TEST
175 help
176 If you have a TPM security chip from Infineon Technologies
177 (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
178 will be accessible from within Linux.
179 To compile this driver as a module, choose M here; the module
180 will be called tpm_infineon.
181 Further information on this driver and the supported hardware
182 can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/
183
184config TCG_IBMVTPM
185 tristate "IBM VTPM Interface"
186 depends on PPC_PSERIES
187 help
188 If you have IBM virtual TPM (VTPM) support say Yes and it
189 will be accessible from within Linux. To compile this driver
190 as a module, choose M here; the module will be called tpm_ibmvtpm.
191
192config TCG_XEN
193 tristate "XEN TPM Interface"
194 depends on TCG_TPM && XEN
195 select XEN_XENBUS_FRONTEND
196 help
197 If you want to make TPM support available to a Xen user domain,
198 say Yes and it will be accessible from within Linux. See
199 the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
200 the Xen source repository for more details.
201 To compile this driver as a module, choose M here; the module
202 will be called xen-tpmfront.
203
204config TCG_CRB
205 tristate "TPM 2.0 CRB Interface"
206 depends on ACPI
207 help
208 If you have a TPM security chip that is compliant with the
209 TCG CRB 2.0 TPM specification say Yes and it will be accessible
210 from within Linux. To compile this driver as a module, choose
211 M here; the module will be called tpm_crb.
212
213config TCG_VTPM_PROXY
214 tristate "VTPM Proxy Interface"
215 depends on TCG_TPM
216 help
217 This driver proxies for an emulated TPM (vTPM) running in userspace.
218 A device /dev/vtpmx is provided that creates a device pair
219 /dev/vtpmX and a server-side file descriptor on which the vTPM
220 can receive commands.
221
222config TCG_FTPM_TEE
223 tristate "TEE based fTPM Interface"
224 depends on TEE && OPTEE
225 help
226 This driver proxies for firmware TPM running in TEE.
227
228source "drivers/char/tpm/st33zp24/Kconfig"
229endif # TCG_TPM