From mboxrd@z Thu Jan 1 00:00:00 1970 From: christophe.ricard Date: Tue, 11 Aug 2015 23:45:29 +0200 Subject: [U-Boot] [PATCH 03/25] tpm: Add Kconfig options for TPMs In-Reply-To: <1439304497-10081-4-git-send-email-sjg@chromium.org> References: <1439304497-10081-1-git-send-email-sjg@chromium.org> <1439304497-10081-4-git-send-email-sjg@chromium.org> Message-ID: <55CA6CF9.9070707@gmail.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Simon, On 11/08/2015 16:47, Simon Glass wrote: > Add new Kconfig options for TPMs in preparation for moving boards to use > Kconfig for TPM configuration. > > Signed-off-by: Simon Glass > --- > > common/Kconfig | 12 ++++++++++++ > drivers/tpm/Kconfig | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > lib/Kconfig | 10 ++++++++++ > 3 files changed, 74 insertions(+) > > diff --git a/common/Kconfig b/common/Kconfig > index 40cd69e..05faae9 100644 > --- a/common/Kconfig > +++ b/common/Kconfig > @@ -618,4 +618,16 @@ config CMD_REGULATOR > > endmenu > > +menu "Security commands" > +config CMD_TPM > + bool "Enable the 'tpm' command" > + depends on TPM > + help > + This provides a means to talk to a TPM from the command line. A wide > + range of commands if provided - see 'tpm help' for details. The > + command requires a suitable TPM on your board and the correct driver > + must be enabled. > + > +endmenu > + > endmenu > diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig > index f408b8a..993d2d7 100644 > --- a/drivers/tpm/Kconfig > +++ b/drivers/tpm/Kconfig > @@ -1,7 +1,59 @@ > config TPM_TIS_SANDBOX > bool "Enable sandbox TPM driver" > + depends on SANDBOX > help > This driver emulates a TPM, providing access to base functions > such as reading and writing TPM private data. This is enough to > support Chrome OS verified boot. Extend functionality is not > implemented. > + > +config TPM_ATMEL_TWI > + bool "Enable Atmel TWI TPM device driver" > + depends on TPM > + help > + This driver supports an Atmel TPM device connected on the I2C bus. > + The usual tpm operations and the 'tpm' command can be used to talk > + to the device using the standard TPM Interface Specification (TIS) > + protocol > + > +config TPM_TIS_I2C > + bool "Enable support for Infineon SLB9635/45 TPMs on I2C" > + depends on TPM && DM_I2C > + help > + This driver supports Infineon TPM devices connected on the I2C bus. > + The usual tpm operations and the 'tpm' command can be used to talk > + to the device using the standard TPM Interface Specification (TIS) > + protocol > + > +config TPM_TIS_I2C_BURST_LIMITATION > + bool "Enable I2C burst length limitation" > + depends on TPM_TIS_I2C > + help > + Some broken TPMs have a limitation on the number of bytes they can > + receive in one message. Enable this option to allow you to set this > + option. The can allow a broken TPM to be used by splitting messages > + into separate pieces. > + > +config TPM_TIS_I2C_BURST_LIMITATION_LEN > + int "Length" > + depends on TPM_TIS_I2C_BURST_LIMITATION > + help > + Use this to set the burst limitation length > + > +config TPM_TIS_LPC > + bool "Enable support for Infineon SLB9635/45 TPMs on LPC" > + depends on TPM && X86 > + help > + This driver supports Infineon TPM devices connected on the I2C bus. > + The usual tpm operations and the 'tpm' command can be used to talk > + to the device using the standard TPM Interface Specification (TIS) > + protocol > + > +config TPM_AUTH_SESSIONS > + bool "Enable TPM authentication session support" > + depends on TPM > + help > + Enable support for authorised (AUTH1) commands as specified in the > + TCG Main Specification 1.2. OIAP-authorised versions of the commands > + TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are > + available using the 'tpm' command, too. Won't you put all TPM drivers in a "TPM support" menu showing "Device Drivers" parent ? > diff --git a/lib/Kconfig b/lib/Kconfig > index 884218a..0673072 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -54,6 +54,16 @@ source lib/dhry/Kconfig > > source lib/rsa/Kconfig > > +config TPM > + bool "Trusted Platform Module (TPM) Support" > + help > + This enables support for TPMs which can be used to provide security > + features for your board. The TPM can be connected via LPC or I2C > + and a sandbox TPM is provided for testing purposes. Use the 'tpm' > + command to interactive the TPM. Driver model support is provided > + for the low-level TPM interface, but only one TPM is supported at > + a time by the TPM library. > + > menu "Hashing Support" > > config SHA1 Best Regards Christophe