| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 2 | # |
| 3 | # TPM device configuration |
| 4 | # |
| 5 | |
| 6 | menuconfig TCG_TPM |
| 7 | tristate "TPM Hardware Support" |
| 8 | depends on HAS_IOMEM |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 9 | imply SECURITYFS |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 10 | select CRYPTO |
| 11 | select CRYPTO_HASH_INFO |
| 12 | ---help--- |
| 13 | If you have a TPM security chip in your system, which |
| 14 | implements the Trusted Computing Group's specification, |
| 15 | say Yes and it will be accessible from within Linux. For |
| 16 | more information see <http://www.trustedcomputinggroup.org>. |
| 17 | An implementation of the Trusted Software Stack (TSS), the |
| 18 | userspace enablement piece of the specification, can be |
| 19 | obtained at: <http://sourceforge.net/projects/trousers>. To |
| 20 | compile this driver as a module, choose M here; the module |
| 21 | will be called tpm. If unsure, say N. |
| 22 | Notes: |
| 23 | 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI |
| 24 | and CONFIG_PNPACPI. |
| 25 | 2) Without ACPI enabled, the BIOS event log won't be accessible, |
| 26 | which is required to validate the PCR 0-7 values. |
| 27 | |
| 28 | if TCG_TPM |
| 29 | |
| 30 | config HW_RANDOM_TPM |
| 31 | bool "TPM HW Random Number Generator support" |
| 32 | depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) |
| 33 | default y |
| 34 | ---help--- |
| 35 | This setting exposes the TPM's Random Number Generator as a hwrng |
| 36 | device. This allows the kernel to collect randomness from the TPM at |
| 37 | boot, and provides the TPM randomines in /dev/hwrng. |
| 38 | |
| 39 | If unsure, say Y. |
| 40 | |
| 41 | config TCG_TIS_CORE |
| 42 | tristate |
| 43 | ---help--- |
| 44 | TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks |
| 45 | into the TPM kernel APIs. Physical layers will register against it. |
| 46 | |
| 47 | config TCG_TIS |
| 48 | tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface" |
| 49 | depends on X86 || OF |
| 50 | select TCG_TIS_CORE |
| 51 | ---help--- |
| 52 | If you have a TPM security chip that is compliant with the |
| 53 | TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO |
| 54 | specification (TPM2.0) say Yes and it will be accessible from |
| 55 | within Linux. To compile this driver as a module, choose M here; |
| 56 | the module will be called tpm_tis. |
| 57 | |
| 58 | config TCG_TIS_SPI |
| 59 | tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)" |
| 60 | depends on SPI |
| 61 | select TCG_TIS_CORE |
| 62 | ---help--- |
| 63 | If you have a TPM security chip which is connected to a regular, |
| 64 | non-tcg SPI master (i.e. most embedded platforms) that is compliant with the |
| 65 | TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO |
| 66 | specification (TPM2.0) say Yes and it will be accessible from |
| 67 | within Linux. To compile this driver as a module, choose M here; |
| 68 | the module will be called tpm_tis_spi. |
| 69 | |
| 70 | config TCG_TIS_I2C_ATMEL |
| 71 | tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)" |
| 72 | depends on I2C |
| 73 | ---help--- |
| 74 | If you have an Atmel I2C TPM security chip say Yes and it will be |
| 75 | accessible from within Linux. |
| 76 | To compile this driver as a module, choose M here; the module will |
| 77 | be called tpm_tis_i2c_atmel. |
| 78 | |
| 79 | config TCG_TIS_I2C_INFINEON |
| 80 | tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" |
| 81 | depends on I2C |
| 82 | ---help--- |
| 83 | If you have a TPM security chip that is compliant with the |
| 84 | TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack |
| 85 | Specification 0.20 say Yes and it will be accessible from within |
| 86 | Linux. |
| 87 | To compile this driver as a module, choose M here; the module |
| 88 | will be called tpm_i2c_infineon. |
| 89 | |
| 90 | config TCG_TIS_I2C_NUVOTON |
| 91 | tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)" |
| 92 | depends on I2C |
| 93 | ---help--- |
| 94 | If you have a TPM security chip with an I2C interface from |
| 95 | Nuvoton Technology Corp. say Yes and it will be accessible |
| 96 | from within Linux. |
| 97 | To compile this driver as a module, choose M here; the module |
| 98 | will be called tpm_i2c_nuvoton. |
| 99 | |
| 100 | config TCG_NSC |
| 101 | tristate "National Semiconductor TPM Interface" |
| 102 | depends on X86 |
| 103 | ---help--- |
| 104 | If you have a TPM security chip from National Semiconductor |
| 105 | say Yes and it will be accessible from within Linux. To |
| 106 | compile this driver as a module, choose M here; the module |
| 107 | will be called tpm_nsc. |
| 108 | |
| 109 | config TCG_ATMEL |
| 110 | tristate "Atmel TPM Interface" |
| 111 | depends on PPC64 || HAS_IOPORT_MAP |
| 112 | ---help--- |
| 113 | If you have a TPM security chip from Atmel say Yes and it |
| 114 | will be accessible from within Linux. To compile this driver |
| 115 | as a module, choose M here; the module will be called tpm_atmel. |
| 116 | |
| 117 | config TCG_INFINEON |
| 118 | tristate "Infineon Technologies TPM Interface" |
| 119 | depends on PNP |
| 120 | ---help--- |
| 121 | If you have a TPM security chip from Infineon Technologies |
| 122 | (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it |
| 123 | will be accessible from within Linux. |
| 124 | To compile this driver as a module, choose M here; the module |
| 125 | will be called tpm_infineon. |
| 126 | Further information on this driver and the supported hardware |
| 127 | can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ |
| 128 | |
| 129 | config TCG_IBMVTPM |
| 130 | tristate "IBM VTPM Interface" |
| 131 | depends on PPC_PSERIES |
| 132 | ---help--- |
| 133 | If you have IBM virtual TPM (VTPM) support say Yes and it |
| 134 | will be accessible from within Linux. To compile this driver |
| 135 | as a module, choose M here; the module will be called tpm_ibmvtpm. |
| 136 | |
| 137 | config TCG_XEN |
| 138 | tristate "XEN TPM Interface" |
| 139 | depends on TCG_TPM && XEN |
| 140 | select XEN_XENBUS_FRONTEND |
| 141 | ---help--- |
| 142 | If you want to make TPM support available to a Xen user domain, |
| 143 | say Yes and it will be accessible from within Linux. See |
| 144 | the manpages for xl, xl.conf, and docs/misc/vtpm.txt in |
| 145 | the Xen source repository for more details. |
| 146 | To compile this driver as a module, choose M here; the module |
| 147 | will be called xen-tpmfront. |
| 148 | |
| 149 | config TCG_CRB |
| 150 | tristate "TPM 2.0 CRB Interface" |
| 151 | depends on ACPI |
| 152 | ---help--- |
| 153 | If you have a TPM security chip that is compliant with the |
| 154 | TCG CRB 2.0 TPM specification say Yes and it will be accessible |
| 155 | from within Linux. To compile this driver as a module, choose |
| 156 | M here; the module will be called tpm_crb. |
| 157 | |
| 158 | config TCG_VTPM_PROXY |
| 159 | tristate "VTPM Proxy Interface" |
| 160 | depends on TCG_TPM |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 161 | ---help--- |
| 162 | This driver proxies for an emulated TPM (vTPM) running in userspace. |
| 163 | A device /dev/vtpmx is provided that creates a device pair |
| 164 | /dev/vtpmX and a server-side file descriptor on which the vTPM |
| 165 | can receive commands. |
| 166 | |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 167 | config TCG_FTPM_TEE |
| 168 | tristate "TEE based fTPM Interface" |
| 169 | depends on TEE && OPTEE |
| 170 | help |
| 171 | This driver proxies for firmware TPM running in TEE. |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 172 | |
| 173 | source "drivers/char/tpm/st33zp24/Kconfig" |
| 174 | endif # TCG_TPM |