Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | # |
3 | # TPM device configuration | |
4 | # | |
5 | ||
7126b75c | 6 | menuconfig TCG_TPM |
1da177e4 | 7 | tristate "TPM Hardware Support" |
7126b75c | 8 | depends on HAS_IOMEM |
2f7d8dbb | 9 | imply SECURITYFS |
4bf4b4ed | 10 | select CRYPTO |
c1f92b4b | 11 | select CRYPTO_HASH_INFO |
a7f7f624 | 12 | help |
1da177e4 LT |
13 | If you have a TPM security chip in your system, which |
14 | implements the Trusted Computing Group's specification, | |
15 | say Yes and it will be accessible from within Linux. For | |
16 | more information see <http://www.trustedcomputinggroup.org>. | |
17 | An implementation of the Trusted Software Stack (TSS), the | |
18 | userspace enablement piece of the specification, can be | |
19 | obtained at: <http://sourceforge.net/projects/trousers>. To | |
20 | compile this driver as a module, choose M here; the module | |
21 | will be called tpm. If unsure, say N. | |
7f2ab000 RA |
22 | Notes: |
23 | 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI | |
ec4a162a | 24 | and CONFIG_PNPACPI. |
7f2ab000 RA |
25 | 2) Without ACPI enabled, the BIOS event log won't be accessible, |
26 | which is required to validate the PCR 0-7 values. | |
1da177e4 | 27 | |
7126b75c JE |
28 | if TCG_TPM |
29 | ||
d2add27c JB |
30 | config TCG_TPM2_HMAC |
31 | bool "Use HMAC and encrypted transactions on the TPM bus" | |
32 | default y | |
33 | help | |
34 | Setting this causes us to deploy a scheme which uses request | |
35 | and response HMACs in addition to encryption for | |
36 | communicating with the TPM to prevent or detect bus snooping | |
37 | and interposer attacks (see tpm-security.rst). Saying Y | |
38 | here adds some encryption overhead to all kernel to TPM | |
39 | transactions. | |
40 | ||
6e592a06 JG |
41 | config HW_RANDOM_TPM |
42 | bool "TPM HW Random Number Generator support" | |
43 | depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) | |
44 | default y | |
a7f7f624 | 45 | help |
6e592a06 JG |
46 | This setting exposes the TPM's Random Number Generator as a hwrng |
47 | device. This allows the kernel to collect randomness from the TPM at | |
48 | boot, and provides the TPM randomines in /dev/hwrng. | |
49 | ||
50 | If unsure, say Y. | |
51 | ||
41a5e1cf CR |
52 | config TCG_TIS_CORE |
53 | tristate | |
a7f7f624 | 54 | help |
41a5e1cf CR |
55 | TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks |
56 | into the TPM kernel APIs. Physical layers will register against it. | |
57 | ||
27084efe | 58 | config TCG_TIS |
44506436 | 59 | tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface" |
420d4398 | 60 | depends on X86 || OF |
41a5e1cf | 61 | select TCG_TIS_CORE |
a7f7f624 | 62 | help |
27084efe | 63 | If you have a TPM security chip that is compliant with the |
44506436 PH |
64 | TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO |
65 | specification (TPM2.0) say Yes and it will be accessible from | |
66 | within Linux. To compile this driver as a module, choose M here; | |
67 | the module will be called tpm_tis. | |
27084efe | 68 | |
0edbfea5 CR |
69 | config TCG_TIS_SPI |
70 | tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)" | |
71 | depends on SPI | |
72 | select TCG_TIS_CORE | |
a7f7f624 | 73 | help |
0edbfea5 CR |
74 | If you have a TPM security chip which is connected to a regular, |
75 | non-tcg SPI master (i.e. most embedded platforms) that is compliant with the | |
76 | TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO | |
77 | specification (TPM2.0) say Yes and it will be accessible from | |
78 | within Linux. To compile this driver as a module, choose M here; | |
79 | the module will be called tpm_tis_spi. | |
80 | ||
797c0113 AP |
81 | config TCG_TIS_SPI_CR50 |
82 | bool "Cr50 SPI Interface" | |
83 | depends on TCG_TIS_SPI | |
84 | help | |
85 | If you have a H1 secure module running Cr50 firmware on SPI bus, | |
86 | say Yes and it will be accessible from within Linux. | |
87 | ||
bbc23a07 AS |
88 | config TCG_TIS_I2C |
89 | tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)" | |
90 | depends on I2C | |
91 | select CRC_CCITT | |
92 | select TCG_TIS_CORE | |
93 | help | |
94 | If you have a TPM security chip, compliant with the TCG TPM PTP | |
95 | (I2C interface) specification and connected to an I2C bus master, | |
96 | say Yes and it will be accessible from within Linux. | |
97 | To compile this driver as a module, choose M here; | |
98 | the module will be called tpm_tis_i2c. | |
99 | ||
d5ae56a4 MK |
100 | config TCG_TIS_SYNQUACER |
101 | tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)" | |
4091c004 | 102 | depends on ARCH_SYNQUACER || COMPILE_TEST |
d5ae56a4 MK |
103 | select TCG_TIS_CORE |
104 | help | |
105 | If you have a TPM security chip that is compliant with the | |
106 | TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO | |
107 | specification (TPM2.0) say Yes and it will be accessible from | |
108 | within Linux on Socionext SynQuacer platform. | |
109 | To compile this driver as a module, choose M here; | |
110 | the module will be called tpm_tis_synquacer. | |
111 | ||
3a253caa DL |
112 | config TCG_TIS_I2C_CR50 |
113 | tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)" | |
114 | depends on I2C | |
3a253caa DL |
115 | help |
116 | This is a driver for the Google cr50 I2C TPM interface which is a | |
117 | custom microcontroller and requires a custom i2c protocol interface | |
118 | to handle the limitations of the hardware. To compile this driver | |
119 | as a module, choose M here; the module will be called tcg_tis_i2c_cr50. | |
120 | ||
a2871c62 JG |
121 | config TCG_TIS_I2C_ATMEL |
122 | tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)" | |
123 | depends on I2C | |
a7f7f624 | 124 | help |
a2871c62 JG |
125 | If you have an Atmel I2C TPM security chip say Yes and it will be |
126 | accessible from within Linux. | |
127 | To compile this driver as a module, choose M here; the module will | |
128 | be called tpm_tis_i2c_atmel. | |
129 | ||
aad628c1 PH |
130 | config TCG_TIS_I2C_INFINEON |
131 | tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" | |
132 | depends on I2C | |
a7f7f624 | 133 | help |
aad628c1 PH |
134 | If you have a TPM security chip that is compliant with the |
135 | TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack | |
136 | Specification 0.20 say Yes and it will be accessible from within | |
137 | Linux. | |
138 | To compile this driver as a module, choose M here; the module | |
b3f2436a | 139 | will be called tpm_i2c_infineon. |
aad628c1 | 140 | |
4c336e4b JG |
141 | config TCG_TIS_I2C_NUVOTON |
142 | tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)" | |
143 | depends on I2C | |
a7f7f624 | 144 | help |
4c336e4b JG |
145 | If you have a TPM security chip with an I2C interface from |
146 | Nuvoton Technology Corp. say Yes and it will be accessible | |
147 | from within Linux. | |
148 | To compile this driver as a module, choose M here; the module | |
149 | will be called tpm_i2c_nuvoton. | |
150 | ||
1da177e4 LT |
151 | config TCG_NSC |
152 | tristate "National Semiconductor TPM Interface" | |
2f592f2a | 153 | depends on X86 |
a7f7f624 | 154 | help |
3dde6ad8 | 155 | If you have a TPM security chip from National Semiconductor |
1da177e4 LT |
156 | say Yes and it will be accessible from within Linux. To |
157 | compile this driver as a module, choose M here; the module | |
158 | will be called tpm_nsc. | |
159 | ||
160 | config TCG_ATMEL | |
161 | tristate "Atmel TPM Interface" | |
ce816fa8 | 162 | depends on PPC64 || HAS_IOPORT_MAP |
61551536 | 163 | depends on HAS_IOPORT |
a7f7f624 | 164 | help |
1da177e4 LT |
165 | If you have a TPM security chip from Atmel say Yes and it |
166 | will be accessible from within Linux. To compile this driver | |
167 | as a module, choose M here; the module will be called tpm_atmel. | |
168 | ||
ebb81fdb | 169 | config TCG_INFINEON |
f9abb020 | 170 | tristate "Infineon Technologies TPM Interface" |
8516b23a | 171 | depends on PNP || COMPILE_TEST |
a7f7f624 | 172 | help |
ebb81fdb | 173 | If you have a TPM security chip from Infineon Technologies |
f9abb020 MS |
174 | (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it |
175 | will be accessible from within Linux. | |
176 | To compile this driver as a module, choose M here; the module | |
ebb81fdb MS |
177 | will be called tpm_infineon. |
178 | Further information on this driver and the supported hardware | |
631dd1a8 | 179 | can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ |
ebb81fdb | 180 | |
132f7629 AL |
181 | config TCG_IBMVTPM |
182 | tristate "IBM VTPM Interface" | |
5b266032 | 183 | depends on PPC_PSERIES |
a7f7f624 | 184 | help |
132f7629 AL |
185 | If you have IBM virtual TPM (VTPM) support say Yes and it |
186 | will be accessible from within Linux. To compile this driver | |
187 | as a module, choose M here; the module will be called tpm_ibmvtpm. | |
188 | ||
e2683957 DDG |
189 | config TCG_XEN |
190 | tristate "XEN TPM Interface" | |
191 | depends on TCG_TPM && XEN | |
713efcab | 192 | select XEN_XENBUS_FRONTEND |
a7f7f624 | 193 | help |
e2683957 DDG |
194 | If you want to make TPM support available to a Xen user domain, |
195 | say Yes and it will be accessible from within Linux. See | |
196 | the manpages for xl, xl.conf, and docs/misc/vtpm.txt in | |
197 | the Xen source repository for more details. | |
198 | To compile this driver as a module, choose M here; the module | |
199 | will be called xen-tpmfront. | |
200 | ||
30fc8d13 JS |
201 | config TCG_CRB |
202 | tristate "TPM 2.0 CRB Interface" | |
08eff49d | 203 | depends on ACPI |
a7f7f624 | 204 | help |
30fc8d13 JS |
205 | If you have a TPM security chip that is compliant with the |
206 | TCG CRB 2.0 TPM specification say Yes and it will be accessible | |
207 | from within Linux. To compile this driver as a module, choose | |
208 | M here; the module will be called tpm_crb. | |
209 | ||
6f99612e SB |
210 | config TCG_VTPM_PROXY |
211 | tristate "VTPM Proxy Interface" | |
212 | depends on TCG_TPM | |
a7f7f624 | 213 | help |
6f99612e SB |
214 | This driver proxies for an emulated TPM (vTPM) running in userspace. |
215 | A device /dev/vtpmx is provided that creates a device pair | |
216 | /dev/vtpmX and a server-side file descriptor on which the vTPM | |
217 | can receive commands. | |
218 | ||
09e57483 SL |
219 | config TCG_FTPM_TEE |
220 | tristate "TEE based fTPM Interface" | |
221 | depends on TEE && OPTEE | |
222 | help | |
223 | This driver proxies for firmware TPM running in TEE. | |
6f99612e | 224 | |
bf38b871 | 225 | source "drivers/char/tpm/st33zp24/Kconfig" |
7126b75c | 226 | endif # TCG_TPM |