| # SPDX-License-Identifier: GPL-2.0-only |
| # |
| # TPM device configuration |
| # |
| |
| menuconfig TCG_TPM |
| tristate "TPM Hardware Support" |
| depends on HAS_IOMEM |
| imply SECURITYFS |
| select CRYPTO |
| select CRYPTO_HASH_INFO |
| help |
| If you have a TPM security chip in your system, which |
| implements the Trusted Computing Group's specification, |
| say Yes and it will be accessible from within Linux. For |
| more information see <http://www.trustedcomputinggroup.org>. |
| An implementation of the Trusted Software Stack (TSS), the |
| userspace enablement piece of the specification, can be |
| obtained at: <http://sourceforge.net/projects/trousers>. To |
| compile this driver as a module, choose M here; the module |
| will be called tpm. If unsure, say N. |
| Notes: |
| 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI |
| and CONFIG_PNPACPI. |
| 2) Without ACPI enabled, the BIOS event log won't be accessible, |
| which is required to validate the PCR 0-7 values. |
| |
| if TCG_TPM |
| |
| config TCG_TPM2_HMAC |
| bool "Use HMAC and encrypted transactions on the TPM bus" |
| default X86_64 |
| select CRYPTO_ECDH |
| select CRYPTO_LIB_AESCFB |
| select CRYPTO_LIB_SHA256 |
| help |
| Setting this causes us to deploy a scheme which uses request |
| and response HMACs in addition to encryption for |
| communicating with the TPM to prevent or detect bus snooping |
| and interposer attacks (see tpm-security.rst). Saying Y |
| here adds some encryption overhead to all kernel to TPM |
| transactions. |
| |
| config HW_RANDOM_TPM |
| bool "TPM HW Random Number Generator support" |
| depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) |
| default y |
| help |
| This setting exposes the TPM's Random Number Generator as a hwrng |
| device. This allows the kernel to collect randomness from the TPM at |
| boot, and provides the TPM randomines in /dev/hwrng. |
| |
| If unsure, say Y. |
| |
| config TCG_TIS_CORE |
| tristate |
| help |
| TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks |
| into the TPM kernel APIs. Physical layers will register against it. |
| |
| config TCG_TIS |
| tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface" |
| depends on X86 || OF |
| select TCG_TIS_CORE |
| help |
| If you have a TPM security chip that is compliant with the |
| TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO |
| specification (TPM2.0) say Yes and it will be accessible from |
| within Linux. To compile this driver as a module, choose M here; |
| the module will be called tpm_tis. |
| |
| config TCG_TIS_SPI |
| tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)" |
| depends on SPI |
| select TCG_TIS_CORE |
| help |
| If you have a TPM security chip which is connected to a regular, |
| non-tcg SPI master (i.e. most embedded platforms) that is compliant with the |
| TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO |
| specification (TPM2.0) say Yes and it will be accessible from |
| within Linux. To compile this driver as a module, choose M here; |
| the module will be called tpm_tis_spi. |
| |
| config TCG_TIS_SPI_CR50 |
| bool "Cr50 SPI Interface" |
| depends on TCG_TIS_SPI |
| help |
| If you have a H1 secure module running Cr50 firmware on SPI bus, |
| say Yes and it will be accessible from within Linux. |
| |
| config TCG_TIS_I2C |
| tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)" |
| depends on I2C |
| select CRC_CCITT |
| select TCG_TIS_CORE |
| help |
| If you have a TPM security chip, compliant with the TCG TPM PTP |
| (I2C interface) specification and connected to an I2C bus master, |
| say Yes and it will be accessible from within Linux. |
| To compile this driver as a module, choose M here; |
| the module will be called tpm_tis_i2c. |
| |
| config TCG_TIS_SYNQUACER |
| tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)" |
| depends on ARCH_SYNQUACER || COMPILE_TEST |
| select TCG_TIS_CORE |
| help |
| If you have a TPM security chip that is compliant with the |
| TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO |
| specification (TPM2.0) say Yes and it will be accessible from |
| within Linux on Socionext SynQuacer platform. |
| To compile this driver as a module, choose M here; |
| the module will be called tpm_tis_synquacer. |
| |
| config TCG_TIS_I2C_CR50 |
| tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)" |
| depends on I2C |
| help |
| This is a driver for the Google cr50 I2C TPM interface which is a |
| custom microcontroller and requires a custom i2c protocol interface |
| to handle the limitations of the hardware. To compile this driver |
| as a module, choose M here; the module will be called tcg_tis_i2c_cr50. |
| |
| config TCG_TIS_I2C_ATMEL |
| tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)" |
| depends on I2C |
| help |
| If you have an Atmel I2C TPM security chip say Yes and it will be |
| accessible from within Linux. |
| To compile this driver as a module, choose M here; the module will |
| be called tpm_tis_i2c_atmel. |
| |
| config TCG_TIS_I2C_INFINEON |
| tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" |
| depends on I2C |
| help |
| If you have a TPM security chip that is compliant with the |
| TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack |
| Specification 0.20 say Yes and it will be accessible from within |
| Linux. |
| To compile this driver as a module, choose M here; the module |
| will be called tpm_i2c_infineon. |
| |
| config TCG_TIS_I2C_NUVOTON |
| tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)" |
| depends on I2C |
| help |
| If you have a TPM security chip with an I2C interface from |
| Nuvoton Technology Corp. say Yes and it will be accessible |
| from within Linux. |
| To compile this driver as a module, choose M here; the module |
| will be called tpm_i2c_nuvoton. |
| |
| config TCG_NSC |
| tristate "National Semiconductor TPM Interface" |
| depends on X86 |
| help |
| If you have a TPM security chip from National Semiconductor |
| say Yes and it will be accessible from within Linux. To |
| compile this driver as a module, choose M here; the module |
| will be called tpm_nsc. |
| |
| config TCG_ATMEL |
| tristate "Atmel TPM Interface" |
| depends on PPC64 || HAS_IOPORT_MAP |
| depends on HAS_IOPORT |
| help |
| If you have a TPM security chip from Atmel say Yes and it |
| will be accessible from within Linux. To compile this driver |
| as a module, choose M here; the module will be called tpm_atmel. |
| |
| config TCG_INFINEON |
| tristate "Infineon Technologies TPM Interface" |
| depends on PNP || COMPILE_TEST |
| help |
| If you have a TPM security chip from Infineon Technologies |
| (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it |
| will be accessible from within Linux. |
| To compile this driver as a module, choose M here; the module |
| will be called tpm_infineon. |
| Further information on this driver and the supported hardware |
| can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ |
| |
| config TCG_IBMVTPM |
| tristate "IBM VTPM Interface" |
| depends on PPC_PSERIES |
| help |
| If you have IBM virtual TPM (VTPM) support say Yes and it |
| will be accessible from within Linux. To compile this driver |
| as a module, choose M here; the module will be called tpm_ibmvtpm. |
| |
| config TCG_XEN |
| tristate "XEN TPM Interface" |
| depends on TCG_TPM && XEN |
| select XEN_XENBUS_FRONTEND |
| help |
| If you want to make TPM support available to a Xen user domain, |
| say Yes and it will be accessible from within Linux. See |
| the manpages for xl, xl.conf, and docs/misc/vtpm.txt in |
| the Xen source repository for more details. |
| To compile this driver as a module, choose M here; the module |
| will be called xen-tpmfront. |
| |
| config TCG_CRB |
| tristate "TPM 2.0 CRB Interface" |
| depends on ACPI |
| help |
| If you have a TPM security chip that is compliant with the |
| TCG CRB 2.0 TPM specification say Yes and it will be accessible |
| from within Linux. To compile this driver as a module, choose |
| M here; the module will be called tpm_crb. |
| |
| config TCG_VTPM_PROXY |
| tristate "VTPM Proxy Interface" |
| depends on TCG_TPM |
| help |
| This driver proxies for an emulated TPM (vTPM) running in userspace. |
| A device /dev/vtpmx is provided that creates a device pair |
| /dev/vtpmX and a server-side file descriptor on which the vTPM |
| can receive commands. |
| |
| config TCG_FTPM_TEE |
| tristate "TEE based fTPM Interface" |
| depends on TEE && OPTEE |
| help |
| This driver proxies for firmware TPM running in TEE. |
| |
| source "drivers/char/tpm/st33zp24/Kconfig" |
| endif # TCG_TPM |