[linux-2.6-block.git] / drivers / char / tpm / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
#
# TPM device configuration
#

menuconfig TCG_TPM
	tristate "TPM Hardware Support"
	depends on HAS_IOMEM
	imply SECURITYFS
	select CRYPTO
	select CRYPTO_HASH_INFO
	help
	  If you have a TPM security chip in your system, which
	  implements the Trusted Computing Group's specification,
	  say Yes and it will be accessible from within Linux.  For
	  more information see <http://www.trustedcomputinggroup.org>. 
	  An implementation of the Trusted Software Stack (TSS), the 
	  userspace enablement piece of the specification, can be 
	  obtained at: <http://sourceforge.net/projects/trousers>.  To 
	  compile this driver as a module, choose M here; the module 
	  will be called tpm. If unsure, say N.
	  Notes:
	  1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
	  and CONFIG_PNPACPI.
	  2) Without ACPI enabled, the BIOS event log won't be accessible,
	  which is required to validate the PCR 0-7 values.

if TCG_TPM

config TCG_TPM2_HMAC
	bool "Use HMAC and encrypted transactions on the TPM bus"
	default y
	help
	  Setting this causes us to deploy a scheme which uses request
	  and response HMACs in addition to encryption for
	  communicating with the TPM to prevent or detect bus snooping
	  and interposer attacks (see tpm-security.rst).  Saying Y
	  here adds some encryption overhead to all kernel to TPM
	  transactions.

config HW_RANDOM_TPM
	bool "TPM HW Random Number Generator support"
	depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
	default y
	help
	  This setting exposes the TPM's Random Number Generator as a hwrng
	  device. This allows the kernel to collect randomness from the TPM at
	  boot, and provides the TPM randomines in /dev/hwrng.

	  If unsure, say Y.

config TCG_TIS_CORE
	tristate
	help
	TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
	into the TPM kernel APIs. Physical layers will register against it.

config TCG_TIS
	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
	depends on X86 || OF
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux. To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis.

config TCG_TIS_SPI
	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
	depends on SPI
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip which is connected to a regular,
	  non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
	  TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux. To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis_spi.

config TCG_TIS_SPI_CR50
	bool "Cr50 SPI Interface"
	depends on TCG_TIS_SPI
	help
	  If you have a H1 secure module running Cr50 firmware on SPI bus,
	  say Yes and it will be accessible from within Linux.

config TCG_TIS_I2C
	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
	depends on I2C
	select CRC_CCITT
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip, compliant with the TCG TPM PTP
	  (I2C interface) specification and connected to an I2C bus master,
	  say Yes and it will be accessible from within Linux.
	  To compile this driver as a module, choose M here;
	  the module will be called tpm_tis_i2c.

config TCG_TIS_SYNQUACER
	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
	depends on ARCH_SYNQUACER || COMPILE_TEST
	select TCG_TIS_CORE
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	  specification (TPM2.0) say Yes and it will be accessible from
	  within Linux on Socionext SynQuacer platform.
	  To compile this driver as a module, choose  M here;
	  the module will be called tpm_tis_synquacer.

config TCG_TIS_I2C_CR50
	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
	depends on I2C
	help
	  This is a driver for the Google cr50 I2C TPM interface which is a
	  custom microcontroller and requires a custom i2c protocol interface
	  to handle the limitations of the hardware.  To compile this driver
	  as a module, choose M here; the module will be called tcg_tis_i2c_cr50.

config TCG_TIS_I2C_ATMEL
	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
	depends on I2C
	help
	  If you have an Atmel I2C TPM security chip say Yes and it will be
	  accessible from within Linux.
	  To compile this driver as a module, choose M here; the module will
	  be called tpm_tis_i2c_atmel.

config TCG_TIS_I2C_INFINEON
	tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
	depends on I2C
	help
	  If you have a TPM security chip that is compliant with the
	  TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
	  Specification 0.20 say Yes and it will be accessible from within
	  Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_i2c_infineon.

config TCG_TIS_I2C_NUVOTON
	tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
	depends on I2C
	help
	  If you have a TPM security chip with an I2C interface from
	  Nuvoton Technology Corp. say Yes and it will be accessible
	  from within Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_i2c_nuvoton.

config TCG_NSC
	tristate "National Semiconductor TPM Interface"
	depends on X86
	help
	  If you have a TPM security chip from National Semiconductor 
	  say Yes and it will be accessible from within Linux.  To 
	  compile this driver as a module, choose M here; the module 
	  will be called tpm_nsc.

config TCG_ATMEL
	tristate "Atmel TPM Interface"
	depends on PPC64 || HAS_IOPORT_MAP
	depends on HAS_IOPORT
	help
	  If you have a TPM security chip from Atmel say Yes and it 
	  will be accessible from within Linux.  To compile this driver 
	  as a module, choose M here; the module will be called tpm_atmel.

config TCG_INFINEON
	tristate "Infineon Technologies TPM Interface"
	depends on PNP || COMPILE_TEST
	help
	  If you have a TPM security chip from Infineon Technologies
	  (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
	  will be accessible from within Linux.
	  To compile this driver as a module, choose M here; the module
	  will be called tpm_infineon.
	  Further information on this driver and the supported hardware
	  can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ 

config TCG_IBMVTPM
	tristate "IBM VTPM Interface"
	depends on PPC_PSERIES
	help
	  If you have IBM virtual TPM (VTPM) support say Yes and it
	  will be accessible from within Linux.  To compile this driver
	  as a module, choose M here; the module will be called tpm_ibmvtpm.

config TCG_XEN
	tristate "XEN TPM Interface"
	depends on TCG_TPM && XEN
	select XEN_XENBUS_FRONTEND
	help
	  If you want to make TPM support available to a Xen user domain,
	  say Yes and it will be accessible from within Linux. See
	  the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
	  the Xen source repository for more details.
	  To compile this driver as a module, choose M here; the module
	  will be called xen-tpmfront.

config TCG_CRB
	tristate "TPM 2.0 CRB Interface"
	depends on ACPI
	help
	  If you have a TPM security chip that is compliant with the
	  TCG CRB 2.0 TPM specification say Yes and it will be accessible
	  from within Linux.  To compile this driver as a module, choose
	  M here; the module will be called tpm_crb.

config TCG_VTPM_PROXY
	tristate "VTPM Proxy Interface"
	depends on TCG_TPM
	help
	  This driver proxies for an emulated TPM (vTPM) running in userspace.
	  A device /dev/vtpmx is provided that creates a device pair
	  /dev/vtpmX and a server-side file descriptor on which the vTPM
	  can receive commands.

config TCG_FTPM_TEE
	tristate "TEE based fTPM Interface"
	depends on TEE && OPTEE
	help
	  This driver proxies for firmware TPM running in TEE.

source "drivers/char/tpm/st33zp24/Kconfig"
endif # TCG_TPM
Commit	Line	Data
ec8f24b7	1	# SPDX-License-Identifier: GPL-2.0-only
1da177e4 LT	2	#
	3	# TPM device configuration
	4	#
	5
7126b75c	6	menuconfig TCG_TPM
1da177e4	7	tristate "TPM Hardware Support"
7126b75c	8	depends on HAS_IOMEM
2f7d8dbb	9	imply SECURITYFS
4bf4b4ed	10	select CRYPTO
c1f92b4b	11	select CRYPTO_HASH_INFO
a7f7f624	12	help
1da177e4 LT	13	If you have a TPM security chip in your system, which
	14	implements the Trusted Computing Group's specification,
	15	say Yes and it will be accessible from within Linux. For
	16	more information see <http://www.trustedcomputinggroup.org>.
	17	An implementation of the Trusted Software Stack (TSS), the
	18	userspace enablement piece of the specification, can be
	19	obtained at: <http://sourceforge.net/projects/trousers>. To
	20	compile this driver as a module, choose M here; the module
	21	will be called tpm. If unsure, say N.
7f2ab000 RA	22	Notes:
7f2ab000 RA	23	1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
ec4a162a	24	and CONFIG_PNPACPI.
7f2ab000 RA	25	2) Without ACPI enabled, the BIOS event log won't be accessible,
7f2ab000 RA	26	which is required to validate the PCR 0-7 values.
1da177e4	27
7126b75c JE	28	if TCG_TPM
7126b75c JE	29
d2add27c JB	30	config TCG_TPM2_HMAC
	31	bool "Use HMAC and encrypted transactions on the TPM bus"
	32	default y
	33	help
	34	Setting this causes us to deploy a scheme which uses request
	35	and response HMACs in addition to encryption for
	36	communicating with the TPM to prevent or detect bus snooping
	37	and interposer attacks (see tpm-security.rst). Saying Y
	38	here adds some encryption overhead to all kernel to TPM
	39	transactions.
	40
6e592a06 JG	41	config HW_RANDOM_TPM
	42	bool "TPM HW Random Number Generator support"
	43	depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
	44	default y
a7f7f624	45	help
6e592a06 JG	46	This setting exposes the TPM's Random Number Generator as a hwrng
	47	device. This allows the kernel to collect randomness from the TPM at
	48	boot, and provides the TPM randomines in /dev/hwrng.
	49
	50	If unsure, say Y.
	51
41a5e1cf CR	52	config TCG_TIS_CORE
41a5e1cf CR	53	tristate
a7f7f624	54	help
41a5e1cf CR	55	TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
	56	into the TPM kernel APIs. Physical layers will register against it.
	57
27084efe	58	config TCG_TIS
44506436	59	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
420d4398	60	depends on X86 \|\| OF
41a5e1cf	61	select TCG_TIS_CORE
a7f7f624	62	help
27084efe	63	If you have a TPM security chip that is compliant with the
44506436 PH	64	TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	65	specification (TPM2.0) say Yes and it will be accessible from
	66	within Linux. To compile this driver as a module, choose M here;
	67	the module will be called tpm_tis.
27084efe	68
0edbfea5 CR	69	config TCG_TIS_SPI
	70	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
	71	depends on SPI
	72	select TCG_TIS_CORE
a7f7f624	73	help
0edbfea5 CR	74	If you have a TPM security chip which is connected to a regular,
	75	non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
	76	TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
	77	specification (TPM2.0) say Yes and it will be accessible from
	78	within Linux. To compile this driver as a module, choose M here;
	79	the module will be called tpm_tis_spi.
	80
797c0113 AP	81	config TCG_TIS_SPI_CR50
	82	bool "Cr50 SPI Interface"
	83	depends on TCG_TIS_SPI
	84	help
	85	If you have a H1 secure module running Cr50 firmware on SPI bus,
	86	say Yes and it will be accessible from within Linux.
	87
bbc23a07 AS	88	config TCG_TIS_I2C
	89	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
	90	depends on I2C
	91	select CRC_CCITT
	92	select TCG_TIS_CORE
	93	help
	94	If you have a TPM security chip, compliant with the TCG TPM PTP
	95	(I2C interface) specification and connected to an I2C bus master,
	96	say Yes and it will be accessible from within Linux.
	97	To compile this driver as a module, choose M here;
	98	the module will be called tpm_tis_i2c.
	99
d5ae56a4 MK	100	config TCG_TIS_SYNQUACER
d5ae56a4 MK	101	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
4091c004	102	depends on ARCH_SYNQUACER \|\| COMPILE_TEST
d5ae56a4 MK	103	select TCG_TIS_CORE
	104	help
	105	If you have a TPM security chip that is compliant with the
	106	TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
	107	specification (TPM2.0) say Yes and it will be accessible from
	108	within Linux on Socionext SynQuacer platform.
	109	To compile this driver as a module, choose M here;
	110	the module will be called tpm_tis_synquacer.
	111
3a253caa DL	112	config TCG_TIS_I2C_CR50
	113	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
	114	depends on I2C
3a253caa DL	115	help
	116	This is a driver for the Google cr50 I2C TPM interface which is a
	117	custom microcontroller and requires a custom i2c protocol interface
	118	to handle the limitations of the hardware. To compile this driver
	119	as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
	120
a2871c62 JG	121	config TCG_TIS_I2C_ATMEL
	122	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
	123	depends on I2C
a7f7f624	124	help
a2871c62 JG	125	If you have an Atmel I2C TPM security chip say Yes and it will be
	126	accessible from within Linux.
	127	To compile this driver as a module, choose M here; the module will
	128	be called tpm_tis_i2c_atmel.
	129
aad628c1 PH	130	config TCG_TIS_I2C_INFINEON
	131	tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
	132	depends on I2C
a7f7f624	133	help
aad628c1 PH	134	If you have a TPM security chip that is compliant with the
	135	TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
	136	Specification 0.20 say Yes and it will be accessible from within
	137	Linux.
	138	To compile this driver as a module, choose M here; the module
b3f2436a	139	will be called tpm_i2c_infineon.
aad628c1	140
4c336e4b JG	141	config TCG_TIS_I2C_NUVOTON
	142	tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
	143	depends on I2C
a7f7f624	144	help
4c336e4b JG	145	If you have a TPM security chip with an I2C interface from
	146	Nuvoton Technology Corp. say Yes and it will be accessible
	147	from within Linux.
	148	To compile this driver as a module, choose M here; the module
	149	will be called tpm_i2c_nuvoton.
	150
1da177e4 LT	151	config TCG_NSC
1da177e4 LT	152	tristate "National Semiconductor TPM Interface"
2f592f2a	153	depends on X86
a7f7f624	154	help
3dde6ad8	155	If you have a TPM security chip from National Semiconductor
1da177e4 LT	156	say Yes and it will be accessible from within Linux. To
	157	compile this driver as a module, choose M here; the module
	158	will be called tpm_nsc.
	159
	160	config TCG_ATMEL
	161	tristate "Atmel TPM Interface"
ce816fa8	162	depends on PPC64 \|\| HAS_IOPORT_MAP
61551536	163	depends on HAS_IOPORT
a7f7f624	164	help
1da177e4 LT	165	If you have a TPM security chip from Atmel say Yes and it
	166	will be accessible from within Linux. To compile this driver
	167	as a module, choose M here; the module will be called tpm_atmel.
	168
ebb81fdb	169	config TCG_INFINEON
f9abb020	170	tristate "Infineon Technologies TPM Interface"
8516b23a	171	depends on PNP \|\| COMPILE_TEST
a7f7f624	172	help
ebb81fdb	173	If you have a TPM security chip from Infineon Technologies
f9abb020 MS	174	(either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
	175	will be accessible from within Linux.
	176	To compile this driver as a module, choose M here; the module
ebb81fdb MS	177	will be called tpm_infineon.
ebb81fdb MS	178	Further information on this driver and the supported hardware
631dd1a8	179	can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/
ebb81fdb	180
132f7629 AL	181	config TCG_IBMVTPM
132f7629 AL	182	tristate "IBM VTPM Interface"
5b266032	183	depends on PPC_PSERIES
a7f7f624	184	help
132f7629 AL	185	If you have IBM virtual TPM (VTPM) support say Yes and it
	186	will be accessible from within Linux. To compile this driver
	187	as a module, choose M here; the module will be called tpm_ibmvtpm.
	188
e2683957 DDG	189	config TCG_XEN
	190	tristate "XEN TPM Interface"
	191	depends on TCG_TPM && XEN
713efcab	192	select XEN_XENBUS_FRONTEND
a7f7f624	193	help
e2683957 DDG	194	If you want to make TPM support available to a Xen user domain,
	195	say Yes and it will be accessible from within Linux. See
	196	the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
	197	the Xen source repository for more details.
	198	To compile this driver as a module, choose M here; the module
	199	will be called xen-tpmfront.
	200
30fc8d13 JS	201	config TCG_CRB
30fc8d13 JS	202	tristate "TPM 2.0 CRB Interface"
08eff49d	203	depends on ACPI
a7f7f624	204	help
30fc8d13 JS	205	If you have a TPM security chip that is compliant with the
	206	TCG CRB 2.0 TPM specification say Yes and it will be accessible
	207	from within Linux. To compile this driver as a module, choose
	208	M here; the module will be called tpm_crb.
	209
6f99612e SB	210	config TCG_VTPM_PROXY
	211	tristate "VTPM Proxy Interface"
	212	depends on TCG_TPM
a7f7f624	213	help
6f99612e SB	214	This driver proxies for an emulated TPM (vTPM) running in userspace.
	215	A device /dev/vtpmx is provided that creates a device pair
	216	/dev/vtpmX and a server-side file descriptor on which the vTPM
	217	can receive commands.
	218
09e57483 SL	219	config TCG_FTPM_TEE
	220	tristate "TEE based fTPM Interface"
	221	depends on TEE && OPTEE
	222	help
	223	This driver proxies for firmware TPM running in TEE.
6f99612e	224
bf38b871	225	source "drivers/char/tpm/st33zp24/Kconfig"
7126b75c	226	endif # TCG_TPM