Kconfig 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258
  1. # SPDX-License-Identifier: GPL-2.0-only
  2. #
  3. # TPM device configuration
  4. #
  5. menuconfig TCG_TPM
  6. tristate "TPM Hardware Support"
  7. depends on HAS_IOMEM
  8. imply SECURITYFS
  9. select CRYPTO
  10. select CRYPTO_HASH_INFO
  11. help
  12. If you have a TPM security chip in your system, which
  13. implements the Trusted Computing Group's specification,
  14. say Yes and it will be accessible from within Linux. For
  15. more information see <http://www.trustedcomputinggroup.org>.
  16. An implementation of the Trusted Software Stack (TSS), the
  17. userspace enablement piece of the specification, can be
  18. obtained at: <http://sourceforge.net/projects/trousers>. To
  19. compile this driver as a module, choose M here; the module
  20. will be called tpm. If unsure, say N.
  21. Notes:
  22. 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
  23. and CONFIG_PNPACPI.
  24. 2) Without ACPI enabled, the BIOS event log won't be accessible,
  25. which is required to validate the PCR 0-7 values.
  26. if TCG_TPM
  27. config TCG_TPM2_HMAC
  28. bool "Use HMAC and encrypted transactions on the TPM bus"
  29. default n
  30. select CRYPTO_ECDH
  31. select CRYPTO_LIB_AESCFB
  32. select CRYPTO_LIB_SHA256
  33. select CRYPTO_LIB_UTILS
  34. help
  35. Setting this causes us to deploy a scheme which uses request
  36. and response HMACs in addition to encryption for
  37. communicating with the TPM to prevent or detect bus snooping
  38. and interposer attacks (see tpm-security.rst). Saying Y
  39. here adds some encryption overhead to all kernel to TPM
  40. transactions.
  41. config HW_RANDOM_TPM
  42. bool "TPM HW Random Number Generator support"
  43. depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
  44. default y
  45. help
  46. This setting exposes the TPM's Random Number Generator as a hwrng
  47. device. This allows the kernel to collect randomness from the TPM at
  48. boot, and provides the TPM randomines in /dev/hwrng.
  49. If unsure, say Y.
  50. config TCG_TIS_CORE
  51. tristate
  52. help
  53. TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
  54. into the TPM kernel APIs. Physical layers will register against it.
  55. config TCG_TIS
  56. tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
  57. depends on X86 || OF
  58. select TCG_TIS_CORE
  59. help
  60. If you have a TPM security chip that is compliant with the
  61. TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
  62. specification (TPM2.0) say Yes and it will be accessible from
  63. within Linux. To compile this driver as a module, choose M here;
  64. the module will be called tpm_tis.
  65. config TCG_TIS_SPI
  66. tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
  67. depends on SPI
  68. select TCG_TIS_CORE
  69. help
  70. If you have a TPM security chip which is connected to a regular,
  71. non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
  72. TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
  73. specification (TPM2.0) say Yes and it will be accessible from
  74. within Linux. To compile this driver as a module, choose M here;
  75. the module will be called tpm_tis_spi.
  76. config TCG_TIS_SPI_CR50
  77. bool "Cr50 SPI Interface"
  78. depends on TCG_TIS_SPI
  79. help
  80. If you have a H1 secure module running Cr50 firmware on SPI bus,
  81. say Yes and it will be accessible from within Linux.
  82. config TCG_TIS_I2C
  83. tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
  84. depends on I2C
  85. select CRC_CCITT
  86. select TCG_TIS_CORE
  87. help
  88. If you have a TPM security chip, compliant with the TCG TPM PTP
  89. (I2C interface) specification and connected to an I2C bus master,
  90. say Yes and it will be accessible from within Linux.
  91. To compile this driver as a module, choose M here;
  92. the module will be called tpm_tis_i2c.
  93. config TCG_TIS_SYNQUACER
  94. tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
  95. depends on ARCH_SYNQUACER || COMPILE_TEST
  96. select TCG_TIS_CORE
  97. help
  98. If you have a TPM security chip that is compliant with the
  99. TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
  100. specification (TPM2.0) say Yes and it will be accessible from
  101. within Linux on Socionext SynQuacer platform.
  102. To compile this driver as a module, choose M here;
  103. the module will be called tpm_tis_synquacer.
  104. config TCG_TIS_I2C_CR50
  105. tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
  106. depends on I2C
  107. help
  108. This is a driver for the Google cr50 I2C TPM interface which is a
  109. custom microcontroller and requires a custom i2c protocol interface
  110. to handle the limitations of the hardware. To compile this driver
  111. as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
  112. config TCG_TIS_I2C_ATMEL
  113. tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
  114. depends on I2C
  115. help
  116. If you have an Atmel I2C TPM security chip say Yes and it will be
  117. accessible from within Linux.
  118. To compile this driver as a module, choose M here; the module will
  119. be called tpm_tis_i2c_atmel.
  120. config TCG_TIS_I2C_INFINEON
  121. tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
  122. depends on I2C
  123. help
  124. If you have a TPM security chip that is compliant with the
  125. TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
  126. Specification 0.20 say Yes and it will be accessible from within
  127. Linux.
  128. To compile this driver as a module, choose M here; the module
  129. will be called tpm_i2c_infineon.
  130. config TCG_TIS_I2C_NUVOTON
  131. tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
  132. depends on I2C
  133. help
  134. If you have a TPM security chip with an I2C interface from
  135. Nuvoton Technology Corp. say Yes and it will be accessible
  136. from within Linux.
  137. To compile this driver as a module, choose M here; the module
  138. will be called tpm_i2c_nuvoton.
  139. config TCG_NSC
  140. tristate "National Semiconductor TPM Interface"
  141. depends on X86
  142. help
  143. If you have a TPM security chip from National Semiconductor
  144. say Yes and it will be accessible from within Linux. To
  145. compile this driver as a module, choose M here; the module
  146. will be called tpm_nsc.
  147. config TCG_ATMEL
  148. tristate "Atmel TPM Interface"
  149. depends on HAS_IOPORT_MAP
  150. depends on HAS_IOPORT
  151. help
  152. If you have a TPM security chip from Atmel say Yes and it
  153. will be accessible from within Linux. To compile this driver
  154. as a module, choose M here; the module will be called tpm_atmel.
  155. config TCG_INFINEON
  156. tristate "Infineon Technologies TPM Interface"
  157. depends on PNP || COMPILE_TEST
  158. help
  159. If you have a TPM security chip from Infineon Technologies
  160. (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
  161. will be accessible from within Linux.
  162. To compile this driver as a module, choose M here; the module
  163. will be called tpm_infineon.
  164. Further information on this driver and the supported hardware
  165. can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/
  166. config TCG_IBMVTPM
  167. tristate "IBM VTPM Interface"
  168. depends on PPC_PSERIES
  169. help
  170. If you have IBM virtual TPM (VTPM) support say Yes and it
  171. will be accessible from within Linux. To compile this driver
  172. as a module, choose M here; the module will be called tpm_ibmvtpm.
  173. config TCG_LOONGSON
  174. tristate "Loongson TPM Interface"
  175. depends on MFD_LOONGSON_SE
  176. help
  177. If you want to make Loongson TPM support available, say Yes and
  178. it will be accessible from within Linux. To compile this
  179. driver as a module, choose M here; the module will be called
  180. tpm_loongson.
  181. config TCG_XEN
  182. tristate "XEN TPM Interface"
  183. depends on TCG_TPM && XEN
  184. select XEN_XENBUS_FRONTEND
  185. help
  186. If you want to make TPM support available to a Xen user domain,
  187. say Yes and it will be accessible from within Linux. See
  188. the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
  189. the Xen source repository for more details.
  190. To compile this driver as a module, choose M here; the module
  191. will be called xen-tpmfront.
  192. config TCG_CRB
  193. tristate "TPM 2.0 CRB Interface"
  194. depends on ACPI
  195. help
  196. If you have a TPM security chip that is compliant with the
  197. TCG CRB 2.0 TPM specification say Yes and it will be accessible
  198. from within Linux. To compile this driver as a module, choose
  199. M here; the module will be called tpm_crb.
  200. config TCG_ARM_CRB_FFA
  201. tristate "TPM CRB over Arm FF-A Transport"
  202. depends on ARM_FFA_TRANSPORT && TCG_CRB
  203. default TCG_CRB
  204. help
  205. If the Arm FF-A transport is used to access the TPM say Yes.
  206. To compile this driver as a module, choose M here; the module
  207. will be called tpm_crb_ffa.
  208. config TCG_VTPM_PROXY
  209. tristate "VTPM Proxy Interface"
  210. depends on TCG_TPM
  211. help
  212. This driver proxies for an emulated TPM (vTPM) running in userspace.
  213. A device /dev/vtpmx is provided that creates a device pair
  214. /dev/vtpmX and a server-side file descriptor on which the vTPM
  215. can receive commands.
  216. config TCG_FTPM_TEE
  217. tristate "TEE based fTPM Interface"
  218. depends on TEE && OPTEE
  219. help
  220. This driver proxies for firmware TPM running in TEE.
  221. config TCG_SVSM
  222. tristate "SNP SVSM vTPM interface"
  223. depends on AMD_MEM_ENCRYPT
  224. help
  225. This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest
  226. OS can use to discover and talk to a vTPM emulated by the Secure VM
  227. Service Module (SVSM) in the guest context, but at a more privileged
  228. level (usually VMPL0). To compile this driver as a module, choose M
  229. here; the module will be called tpm_svsm.
  230. source "drivers/char/tpm/st33zp24/Kconfig"
  231. endif # TCG_TPM