1# SPDX-License-Identifier: GPL-2.0-only 2# 3# TPM device configuration 4# 5 6menuconfig TCG_TPM 7 tristate "TPM Hardware Support" 8 depends on HAS_IOMEM 9 imply SECURITYFS 10 select CRYPTO 11 select CRYPTO_HASH_INFO 12 help 13 If you have a TPM security chip in your system, which 14 implements the Trusted Computing Group's specification, 15 say Yes and it will be accessible from within Linux. For 16 more information see <http://www.trustedcomputinggroup.org>. 17 An implementation of the Trusted Software Stack (TSS), the 18 userspace enablement piece of the specification, can be 19 obtained at: <http://sourceforge.net/projects/trousers>. To 20 compile this driver as a module, choose M here; the module 21 will be called tpm. If unsure, say N. 22 Notes: 23 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI 24 and CONFIG_PNPACPI. 25 2) Without ACPI enabled, the BIOS event log won't be accessible, 26 which is required to validate the PCR 0-7 values. 27 28if TCG_TPM 29 30config TCG_TPM2_HMAC 31 bool "Use HMAC and encrypted transactions on the TPM bus" 32 default n 33 select CRYPTO_ECDH 34 select CRYPTO_LIB_AESCFB 35 select CRYPTO_LIB_SHA256 36 select CRYPTO_LIB_UTILS 37 help 38 Setting this causes us to deploy a scheme which uses request 39 and response HMACs in addition to encryption for 40 communicating with the TPM to prevent or detect bus snooping 41 and interposer attacks (see tpm-security.rst). Saying Y 42 here adds some encryption overhead to all kernel to TPM 43 transactions. 44 45config HW_RANDOM_TPM 46 bool "TPM HW Random Number Generator support" 47 depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) 48 default y 49 help 50 This setting exposes the TPM's Random Number Generator as a hwrng 51 device. This allows the kernel to collect randomness from the TPM at 52 boot, and provides the TPM randomines in /dev/hwrng. 53 54 If unsure, say Y. 55 56config TCG_TIS_CORE 57 tristate 58 help 59 TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks 60 into the TPM kernel APIs. Physical layers will register against it. 61 62config TCG_TIS 63 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface" 64 depends on X86 || OF 65 select TCG_TIS_CORE 66 help 67 If you have a TPM security chip that is compliant with the 68 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO 69 specification (TPM2.0) say Yes and it will be accessible from 70 within Linux. To compile this driver as a module, choose M here; 71 the module will be called tpm_tis. 72 73config TCG_TIS_SPI 74 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)" 75 depends on SPI 76 select TCG_TIS_CORE 77 help 78 If you have a TPM security chip which is connected to a regular, 79 non-tcg SPI master (i.e. most embedded platforms) that is compliant with the 80 TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO 81 specification (TPM2.0) say Yes and it will be accessible from 82 within Linux. To compile this driver as a module, choose M here; 83 the module will be called tpm_tis_spi. 84 85config TCG_TIS_SPI_CR50 86 bool "Cr50 SPI Interface" 87 depends on TCG_TIS_SPI 88 help 89 If you have a H1 secure module running Cr50 firmware on SPI bus, 90 say Yes and it will be accessible from within Linux. 91 92config TCG_TIS_I2C 93 tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)" 94 depends on I2C 95 select CRC_CCITT 96 select TCG_TIS_CORE 97 help 98 If you have a TPM security chip, compliant with the TCG TPM PTP 99 (I2C interface) specification and connected to an I2C bus master, 100 say Yes and it will be accessible from within Linux. 101 To compile this driver as a module, choose M here; 102 the module will be called tpm_tis_i2c. 103 104config TCG_TIS_SYNQUACER 105 tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)" 106 depends on ARCH_SYNQUACER || COMPILE_TEST 107 select TCG_TIS_CORE 108 help 109 If you have a TPM security chip that is compliant with the 110 TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO 111 specification (TPM2.0) say Yes and it will be accessible from 112 within Linux on Socionext SynQuacer platform. 113 To compile this driver as a module, choose M here; 114 the module will be called tpm_tis_synquacer. 115 116config TCG_TIS_I2C_CR50 117 tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)" 118 depends on I2C 119 help 120 This is a driver for the Google cr50 I2C TPM interface which is a 121 custom microcontroller and requires a custom i2c protocol interface 122 to handle the limitations of the hardware. To compile this driver 123 as a module, choose M here; the module will be called tcg_tis_i2c_cr50. 124 125config TCG_TIS_I2C_ATMEL 126 tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)" 127 depends on I2C 128 help 129 If you have an Atmel I2C TPM security chip say Yes and it will be 130 accessible from within Linux. 131 To compile this driver as a module, choose M here; the module will 132 be called tpm_tis_i2c_atmel. 133 134config TCG_TIS_I2C_INFINEON 135 tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" 136 depends on I2C 137 help 138 If you have a TPM security chip that is compliant with the 139 TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack 140 Specification 0.20 say Yes and it will be accessible from within 141 Linux. 142 To compile this driver as a module, choose M here; the module 143 will be called tpm_i2c_infineon. 144 145config TCG_TIS_I2C_NUVOTON 146 tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)" 147 depends on I2C 148 help 149 If you have a TPM security chip with an I2C interface from 150 Nuvoton Technology Corp. say Yes and it will be accessible 151 from within Linux. 152 To compile this driver as a module, choose M here; the module 153 will be called tpm_i2c_nuvoton. 154 155config TCG_NSC 156 tristate "National Semiconductor TPM Interface" 157 depends on X86 158 help 159 If you have a TPM security chip from National Semiconductor 160 say Yes and it will be accessible from within Linux. To 161 compile this driver as a module, choose M here; the module 162 will be called tpm_nsc. 163 164config TCG_ATMEL 165 tristate "Atmel TPM Interface" 166 depends on HAS_IOPORT_MAP 167 depends on HAS_IOPORT 168 help 169 If you have a TPM security chip from Atmel say Yes and it 170 will be accessible from within Linux. To compile this driver 171 as a module, choose M here; the module will be called tpm_atmel. 172 173config TCG_INFINEON 174 tristate "Infineon Technologies TPM Interface" 175 depends on PNP || COMPILE_TEST 176 help 177 If you have a TPM security chip from Infineon Technologies 178 (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it 179 will be accessible from within Linux. 180 To compile this driver as a module, choose M here; the module 181 will be called tpm_infineon. 182 Further information on this driver and the supported hardware 183 can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ 184 185config TCG_IBMVTPM 186 tristate "IBM VTPM Interface" 187 depends on PPC_PSERIES 188 help 189 If you have IBM virtual TPM (VTPM) support say Yes and it 190 will be accessible from within Linux. To compile this driver 191 as a module, choose M here; the module will be called tpm_ibmvtpm. 192 193config TCG_LOONGSON 194 tristate "Loongson TPM Interface" 195 depends on MFD_LOONGSON_SE 196 help 197 If you want to make Loongson TPM support available, say Yes and 198 it will be accessible from within Linux. To compile this 199 driver as a module, choose M here; the module will be called 200 tpm_loongson. 201 202config TCG_XEN 203 tristate "XEN TPM Interface" 204 depends on TCG_TPM && XEN 205 select XEN_XENBUS_FRONTEND 206 help 207 If you want to make TPM support available to a Xen user domain, 208 say Yes and it will be accessible from within Linux. See 209 the manpages for xl, xl.conf, and docs/misc/vtpm.txt in 210 the Xen source repository for more details. 211 To compile this driver as a module, choose M here; the module 212 will be called xen-tpmfront. 213 214config TCG_CRB 215 tristate "TPM 2.0 CRB Interface" 216 depends on ACPI 217 help 218 If you have a TPM security chip that is compliant with the 219 TCG CRB 2.0 TPM specification say Yes and it will be accessible 220 from within Linux. To compile this driver as a module, choose 221 M here; the module will be called tpm_crb. 222 223config TCG_ARM_CRB_FFA 224 tristate "TPM CRB over Arm FF-A Transport" 225 depends on ARM_FFA_TRANSPORT && TCG_CRB 226 default TCG_CRB 227 help 228 If the Arm FF-A transport is used to access the TPM say Yes. 229 To compile this driver as a module, choose M here; the module 230 will be called tpm_crb_ffa. 231 232config TCG_VTPM_PROXY 233 tristate "VTPM Proxy Interface" 234 depends on TCG_TPM 235 help 236 This driver proxies for an emulated TPM (vTPM) running in userspace. 237 A device /dev/vtpmx is provided that creates a device pair 238 /dev/vtpmX and a server-side file descriptor on which the vTPM 239 can receive commands. 240 241config TCG_FTPM_TEE 242 tristate "TEE based fTPM Interface" 243 depends on TEE && OPTEE 244 help 245 This driver proxies for firmware TPM running in TEE. 246 247config TCG_SVSM 248 tristate "SNP SVSM vTPM interface" 249 depends on AMD_MEM_ENCRYPT 250 help 251 This is a driver for the AMD SVSM vTPM protocol that a SEV-SNP guest 252 OS can use to discover and talk to a vTPM emulated by the Secure VM 253 Service Module (SVSM) in the guest context, but at a more privileged 254 level (usually VMPL0). To compile this driver as a module, choose M 255 here; the module will be called tpm_svsm. 256 257source "drivers/char/tpm/st33zp24/Kconfig" 258endif # TCG_TPM 259