On 11 August 2015 at 15:45, christophe.ricard christophe.ricard@gmail.com wrote:
Hi Simon,
On 11/08/2015 16:47, Simon Glass wrote:
Add new Kconfig options for TPMs in preparation for moving boards to use Kconfig for TPM configuration.
Signed-off-by: Simon Glass sjg@chromium.org
common/Kconfig | 12 ++++++++++++ drivers/tpm/Kconfig | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/Kconfig | 10 ++++++++++ 3 files changed, 74 insertions(+)
diff --git a/common/Kconfig b/common/Kconfig index 40cd69e..05faae9 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -618,4 +618,16 @@ config CMD_REGULATOR endmenu +menu "Security commands" +config CMD_TPM
bool "Enable the 'tpm' command"depends on TPMhelpThis provides a means to talk to a TPM from the command line. Awide
range of commands if provided - see 'tpm help' for details. Thecommand requires a suitable TPM on your board and the correctdriver
must be enabled.+endmenu
- endmenu
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index f408b8a..993d2d7 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -1,7 +1,59 @@ config TPM_TIS_SANDBOX bool "Enable sandbox TPM driver"
depends on SANDBOX help This driver emulates a TPM, providing access to base functions such as reading and writing TPM private data. This is enough to support Chrome OS verified boot. Extend functionality is not implemented.+config TPM_ATMEL_TWI
bool "Enable Atmel TWI TPM device driver"depends on TPMhelpThis driver supports an Atmel TPM device connected on the I2Cbus.
The usual tpm operations and the 'tpm' command can be used totalk
to the device using the standard TPM Interface Specification(TIS)
protocol+config TPM_TIS_I2C
bool "Enable support for Infineon SLB9635/45 TPMs on I2C"depends on TPM && DM_I2ChelpThis driver supports Infineon TPM devices connected on the I2Cbus.
The usual tpm operations and the 'tpm' command can be used totalk
to the device using the standard TPM Interface Specification(TIS)
protocol+config TPM_TIS_I2C_BURST_LIMITATION
bool "Enable I2C burst length limitation"depends on TPM_TIS_I2ChelpSome broken TPMs have a limitation on the number of bytes theycan
receive in one message. Enable this option to allow you to setthis
option. The can allow a broken TPM to be used by splittingmessages
into separate pieces.+config TPM_TIS_I2C_BURST_LIMITATION_LEN
int "Length"depends on TPM_TIS_I2C_BURST_LIMITATIONhelpUse this to set the burst limitation length+config TPM_TIS_LPC
bool "Enable support for Infineon SLB9635/45 TPMs on LPC"depends on TPM && X86helpThis driver supports Infineon TPM devices connected on the I2Cbus.
The usual tpm operations and the 'tpm' command can be used totalk
to the device using the standard TPM Interface Specification(TIS)
protocol+config TPM_AUTH_SESSIONS
bool "Enable TPM authentication session support"depends on TPMhelpEnable support for authorised (AUTH1) commands as specified inthe
TCG Main Specification 1.2. OIAP-authorised versions of thecommands
TPM_LoadKey2 and TPM_GetPubKey are provided. Both features areavailable using the 'tpm' command, too.Won't you put all TPM drivers in a "TPM support" menu showing "Device Drivers" parent ?
Yes that's a good idea, I'll do that.
diff --git a/lib/Kconfig b/lib/Kconfig index 884218a..0673072 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -54,6 +54,16 @@ source lib/dhry/Kconfig source lib/rsa/Kconfig +config TPM
bool "Trusted Platform Module (TPM) Support"helpThis enables support for TPMs which can be used to providesecurity
features for your board. The TPM can be connected via LPC or I2Cand a sandbox TPM is provided for testing purposes. Use the'tpm'
command to interactive the TPM. Driver model support is providedfor the low-level TPM interface, but only one TPM is supportedat
a time by the TPM library.- menu "Hashing Support" config SHA1
Best Regards Christophe
Regards, Simon