[U-Boot] [PATCH v2 03/28] tpm: Add Kconfig options for TPMs

[Christophe Ricard <christophe.ricard@gmail.com>]

Hi Simon,

This one looks good to me.

Acked-by: Christophe Ricard<christophe-h.ricard@st.com>

Best Regards
Christophe

On 23/08/2015 02:31, Simon Glass wrote:
> Add new Kconfig options for TPMs in preparation for moving boards to use
> Kconfig for TPM configuration.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v2:
> - Add a 'TPM' menu in Kconfig
>
>   common/Kconfig      | 12 +++++++++++
>   drivers/tpm/Kconfig | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>   lib/Kconfig         | 10 +++++++++
>   3 files changed, 82 insertions(+)
>
> diff --git a/common/Kconfig b/common/Kconfig
> index 88dc016..bacc4e0 100644
> --- a/common/Kconfig
> +++ b/common/Kconfig
> @@ -625,4 +625,16 @@ config CMD_REGULATOR
>   
>   endmenu
>   
> +menu "Security commands"
> +config CMD_TPM
> +	bool "Enable the 'tpm' command"
> +	depends on TPM
> +	help
> +	  This provides a means to talk to a TPM from the command line. A wide
> +	  range of commands if provided - see 'tpm help' for details. The
> +	  command requires a suitable TPM on your board and the correct driver
> +	  must be enabled.
> +
> +endmenu
> +
>   endmenu
> diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> index f408b8a..9101fc2 100644
> --- a/drivers/tpm/Kconfig
> +++ b/drivers/tpm/Kconfig
> @@ -1,7 +1,67 @@
> +#
> +# TPM subsystem configuration
> +#
> +
> +menu "TPM support"
> +
>   config TPM_TIS_SANDBOX
>   	bool "Enable sandbox TPM driver"
> +	depends on SANDBOX
>   	help
>   	  This driver emulates a TPM, providing access to base functions
>   	  such as reading and writing TPM private data. This is enough to
>   	  support Chrome OS verified boot. Extend functionality is not
>   	  implemented.
> +
> +config TPM_ATMEL_TWI
> +	bool "Enable Atmel TWI TPM device driver"
> +	depends on TPM
> +	help
> +	  This driver supports an Atmel TPM device connected on the I2C bus.
> +	  The usual tpm operations and the 'tpm' command can be used to talk
> +	  to the device using the standard TPM Interface Specification (TIS)
> +	  protocol
> +
> +config TPM_TIS_I2C
> +	bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
> +	depends on TPM && DM_I2C
> +	help
> +	  This driver supports Infineon TPM devices connected on the I2C bus.
> +	  The usual tpm operations and the 'tpm' command can be used to talk
> +	  to the device using the standard TPM Interface Specification (TIS)
> +	  protocol
> +
> +config TPM_TIS_I2C_BURST_LIMITATION
> +	bool "Enable I2C burst length limitation"
> +	depends on TPM_TIS_I2C
> +	help
> +	  Some broken TPMs have a limitation on the number of bytes they can
> +	  receive in one message. Enable this option to allow you to set this
> +	  option. The can allow a broken TPM to be used by splitting messages
> +	  into separate pieces.
> +
> +config TPM_TIS_I2C_BURST_LIMITATION_LEN
> +	int "Length"
> +	depends on TPM_TIS_I2C_BURST_LIMITATION
> +	help
> +	  Use this to set the burst limitation length
> +
> +config TPM_TIS_LPC
> +	bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
> +	depends on TPM && X86
> +	help
> +	  This driver supports Infineon TPM devices connected on the I2C bus.
> +	  The usual tpm operations and the 'tpm' command can be used to talk
> +	  to the device using the standard TPM Interface Specification (TIS)
> +	  protocol
> +
> +config TPM_AUTH_SESSIONS
> +	bool "Enable TPM authentication session support"
> +	depends on TPM
> +	help
> +	  Enable support for authorised (AUTH1) commands as specified in the
> +	  TCG Main Specification 1.2. OIAP-authorised versions of the commands
> +	  TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
> +	  available using the 'tpm' command, too.
> +
> +endmenu
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 884218a..0673072 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -54,6 +54,16 @@ source lib/dhry/Kconfig
>   
>   source lib/rsa/Kconfig
>   
> +config TPM
> +	bool "Trusted Platform Module (TPM) Support"
> +	help
> +	  This enables support for TPMs which can be used to provide security
> +	  features for your board. The TPM can be connected via LPC or I2C
> +	  and a sandbox TPM is provided for testing purposes. Use the 'tpm'
> +	  command to interactive the TPM. Driver model support is provided
> +	  for the low-level TPM interface, but only one TPM is supported at
> +	  a time by the TPM library.
> +
>   menu "Hashing Support"
>   
>   config SHA1