1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# TPM device configuration 41da177e4SLinus Torvalds# 51da177e4SLinus Torvalds 67126b75cSJan Engelhardtmenuconfig TCG_TPM 71da177e4SLinus Torvalds tristate "TPM Hardware Support" 87126b75cSJan Engelhardt depends on HAS_IOMEM 92f7d8dbbSPeter Huewe imply SECURITYFS 104bf4b4edSArnd Bergmann select CRYPTO 11c1f92b4bSNayna Jain select CRYPTO_HASH_INFO 12a7f7f624SMasahiro Yamada help 131da177e4SLinus Torvalds If you have a TPM security chip in your system, which 141da177e4SLinus Torvalds implements the Trusted Computing Group's specification, 151da177e4SLinus Torvalds say Yes and it will be accessible from within Linux. For 161da177e4SLinus Torvalds more information see <http://www.trustedcomputinggroup.org>. 171da177e4SLinus Torvalds An implementation of the Trusted Software Stack (TSS), the 181da177e4SLinus Torvalds userspace enablement piece of the specification, can be 191da177e4SLinus Torvalds obtained at: <http://sourceforge.net/projects/trousers>. To 201da177e4SLinus Torvalds compile this driver as a module, choose M here; the module 211da177e4SLinus Torvalds will be called tpm. If unsure, say N. 227f2ab000SRajiv Andrade Notes: 237f2ab000SRajiv Andrade 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI 24ec4a162aSJames Morris and CONFIG_PNPACPI. 257f2ab000SRajiv Andrade 2) Without ACPI enabled, the BIOS event log won't be accessible, 267f2ab000SRajiv Andrade which is required to validate the PCR 0-7 values. 271da177e4SLinus Torvalds 287126b75cSJan Engelhardtif TCG_TPM 297126b75cSJan Engelhardt 30d2add27cSJames Bottomleyconfig TCG_TPM2_HMAC 31d2add27cSJames Bottomley bool "Use HMAC and encrypted transactions on the TPM bus" 32d3e43a8fSJarkko Sakkinen default X86_64 33699e3efdSJames Bottomley select CRYPTO_ECDH 34699e3efdSJames Bottomley select CRYPTO_LIB_AESCFB 35033ee84eSJames Bottomley select CRYPTO_LIB_SHA256 36d2add27cSJames Bottomley help 37d2add27cSJames Bottomley Setting this causes us to deploy a scheme which uses request 38d2add27cSJames Bottomley and response HMACs in addition to encryption for 39d2add27cSJames Bottomley communicating with the TPM to prevent or detect bus snooping 40d2add27cSJames Bottomley and interposer attacks (see tpm-security.rst). Saying Y 41d2add27cSJames Bottomley here adds some encryption overhead to all kernel to TPM 42d2add27cSJames Bottomley transactions. 43d2add27cSJames Bottomley 446e592a06SJason Gunthorpeconfig HW_RANDOM_TPM 456e592a06SJason Gunthorpe bool "TPM HW Random Number Generator support" 466e592a06SJason Gunthorpe depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) 476e592a06SJason Gunthorpe default y 48a7f7f624SMasahiro Yamada help 496e592a06SJason Gunthorpe This setting exposes the TPM's Random Number Generator as a hwrng 506e592a06SJason Gunthorpe device. This allows the kernel to collect randomness from the TPM at 516e592a06SJason Gunthorpe boot, and provides the TPM randomines in /dev/hwrng. 526e592a06SJason Gunthorpe 536e592a06SJason Gunthorpe If unsure, say Y. 546e592a06SJason Gunthorpe 5541a5e1cfSChristophe Ricardconfig TCG_TIS_CORE 5641a5e1cfSChristophe Ricard tristate 57a7f7f624SMasahiro Yamada help 5841a5e1cfSChristophe Ricard TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks 5941a5e1cfSChristophe Ricard into the TPM kernel APIs. Physical layers will register against it. 6041a5e1cfSChristophe Ricard 6127084efeSLeendert van Doornconfig TCG_TIS 6244506436SPeter Huewe tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface" 63420d4398SJason Gunthorpe depends on X86 || OF 6441a5e1cfSChristophe Ricard select TCG_TIS_CORE 65a7f7f624SMasahiro Yamada help 6627084efeSLeendert van Doorn If you have a TPM security chip that is compliant with the 6744506436SPeter Huewe TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO 6844506436SPeter Huewe specification (TPM2.0) say Yes and it will be accessible from 6944506436SPeter Huewe within Linux. To compile this driver as a module, choose M here; 7044506436SPeter Huewe the module will be called tpm_tis. 7127084efeSLeendert van Doorn 720edbfea5SChristophe Ricardconfig TCG_TIS_SPI 730edbfea5SChristophe Ricard tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)" 740edbfea5SChristophe Ricard depends on SPI 750edbfea5SChristophe Ricard select TCG_TIS_CORE 76a7f7f624SMasahiro Yamada help 770edbfea5SChristophe Ricard If you have a TPM security chip which is connected to a regular, 780edbfea5SChristophe Ricard non-tcg SPI master (i.e. most embedded platforms) that is compliant with the 790edbfea5SChristophe Ricard TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO 800edbfea5SChristophe Ricard specification (TPM2.0) say Yes and it will be accessible from 810edbfea5SChristophe Ricard within Linux. To compile this driver as a module, choose M here; 820edbfea5SChristophe Ricard the module will be called tpm_tis_spi. 830edbfea5SChristophe Ricard 84797c0113SAndrey Proninconfig TCG_TIS_SPI_CR50 85797c0113SAndrey Pronin bool "Cr50 SPI Interface" 86797c0113SAndrey Pronin depends on TCG_TIS_SPI 87797c0113SAndrey Pronin help 88797c0113SAndrey Pronin If you have a H1 secure module running Cr50 firmware on SPI bus, 89797c0113SAndrey Pronin say Yes and it will be accessible from within Linux. 90797c0113SAndrey Pronin 91bbc23a07SAlexander Steffenconfig TCG_TIS_I2C 92bbc23a07SAlexander Steffen tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)" 93bbc23a07SAlexander Steffen depends on I2C 94bbc23a07SAlexander Steffen select CRC_CCITT 95bbc23a07SAlexander Steffen select TCG_TIS_CORE 96bbc23a07SAlexander Steffen help 97bbc23a07SAlexander Steffen If you have a TPM security chip, compliant with the TCG TPM PTP 98bbc23a07SAlexander Steffen (I2C interface) specification and connected to an I2C bus master, 99bbc23a07SAlexander Steffen say Yes and it will be accessible from within Linux. 100bbc23a07SAlexander Steffen To compile this driver as a module, choose M here; 101bbc23a07SAlexander Steffen the module will be called tpm_tis_i2c. 102bbc23a07SAlexander Steffen 103d5ae56a4SMasahisa Kojimaconfig TCG_TIS_SYNQUACER 104d5ae56a4SMasahisa Kojima tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)" 1054091c004SCai Huoqing depends on ARCH_SYNQUACER || COMPILE_TEST 106d5ae56a4SMasahisa Kojima select TCG_TIS_CORE 107d5ae56a4SMasahisa Kojima help 108d5ae56a4SMasahisa Kojima If you have a TPM security chip that is compliant with the 109d5ae56a4SMasahisa Kojima TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO 110d5ae56a4SMasahisa Kojima specification (TPM2.0) say Yes and it will be accessible from 111d5ae56a4SMasahisa Kojima within Linux on Socionext SynQuacer platform. 112d5ae56a4SMasahisa Kojima To compile this driver as a module, choose M here; 113d5ae56a4SMasahisa Kojima the module will be called tpm_tis_synquacer. 114d5ae56a4SMasahisa Kojima 1153a253caaSDuncan Laurieconfig TCG_TIS_I2C_CR50 1163a253caaSDuncan Laurie tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)" 1173a253caaSDuncan Laurie depends on I2C 1183a253caaSDuncan Laurie help 1193a253caaSDuncan Laurie This is a driver for the Google cr50 I2C TPM interface which is a 1203a253caaSDuncan Laurie custom microcontroller and requires a custom i2c protocol interface 1213a253caaSDuncan Laurie to handle the limitations of the hardware. To compile this driver 1223a253caaSDuncan Laurie as a module, choose M here; the module will be called tcg_tis_i2c_cr50. 1233a253caaSDuncan Laurie 124a2871c62SJason Gunthorpeconfig TCG_TIS_I2C_ATMEL 125a2871c62SJason Gunthorpe tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)" 126a2871c62SJason Gunthorpe depends on I2C 127a7f7f624SMasahiro Yamada help 128a2871c62SJason Gunthorpe If you have an Atmel I2C TPM security chip say Yes and it will be 129a2871c62SJason Gunthorpe accessible from within Linux. 130a2871c62SJason Gunthorpe To compile this driver as a module, choose M here; the module will 131a2871c62SJason Gunthorpe be called tpm_tis_i2c_atmel. 132a2871c62SJason Gunthorpe 133aad628c1SPeter Hueweconfig TCG_TIS_I2C_INFINEON 134aad628c1SPeter Huewe tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" 135aad628c1SPeter Huewe depends on I2C 136a7f7f624SMasahiro Yamada help 137aad628c1SPeter Huewe If you have a TPM security chip that is compliant with the 138aad628c1SPeter Huewe TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack 139aad628c1SPeter Huewe Specification 0.20 say Yes and it will be accessible from within 140aad628c1SPeter Huewe Linux. 141aad628c1SPeter Huewe To compile this driver as a module, choose M here; the module 142b3f2436aSPeter Huewe will be called tpm_i2c_infineon. 143aad628c1SPeter Huewe 1444c336e4bSJason Gunthorpeconfig TCG_TIS_I2C_NUVOTON 1454c336e4bSJason Gunthorpe tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)" 1464c336e4bSJason Gunthorpe depends on I2C 147a7f7f624SMasahiro Yamada help 1484c336e4bSJason Gunthorpe If you have a TPM security chip with an I2C interface from 1494c336e4bSJason Gunthorpe Nuvoton Technology Corp. say Yes and it will be accessible 1504c336e4bSJason Gunthorpe from within Linux. 1514c336e4bSJason Gunthorpe To compile this driver as a module, choose M here; the module 1524c336e4bSJason Gunthorpe will be called tpm_i2c_nuvoton. 1534c336e4bSJason Gunthorpe 1541da177e4SLinus Torvaldsconfig TCG_NSC 1551da177e4SLinus Torvalds tristate "National Semiconductor TPM Interface" 1562f592f2aSRajiv Andrade depends on X86 157a7f7f624SMasahiro Yamada help 1583dde6ad8SDavid Sterba If you have a TPM security chip from National Semiconductor 1591da177e4SLinus Torvalds say Yes and it will be accessible from within Linux. To 1601da177e4SLinus Torvalds compile this driver as a module, choose M here; the module 1611da177e4SLinus Torvalds will be called tpm_nsc. 1621da177e4SLinus Torvalds 1631da177e4SLinus Torvaldsconfig TCG_ATMEL 1641da177e4SLinus Torvalds tristate "Atmel TPM Interface" 165*5578b434SRob Herring (Arm) depends on HAS_IOPORT_MAP 16661551536SNiklas Schnelle depends on HAS_IOPORT 167a7f7f624SMasahiro Yamada help 1681da177e4SLinus Torvalds If you have a TPM security chip from Atmel say Yes and it 1691da177e4SLinus Torvalds will be accessible from within Linux. To compile this driver 1701da177e4SLinus Torvalds as a module, choose M here; the module will be called tpm_atmel. 1711da177e4SLinus Torvalds 172ebb81fdbSMarcel Selhorstconfig TCG_INFINEON 173f9abb020SMarcel Selhorst tristate "Infineon Technologies TPM Interface" 1748516b23aSNiklas Schnelle depends on PNP || COMPILE_TEST 175a7f7f624SMasahiro Yamada help 176ebb81fdbSMarcel Selhorst If you have a TPM security chip from Infineon Technologies 177f9abb020SMarcel Selhorst (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it 178f9abb020SMarcel Selhorst will be accessible from within Linux. 179f9abb020SMarcel Selhorst To compile this driver as a module, choose M here; the module 180ebb81fdbSMarcel Selhorst will be called tpm_infineon. 181ebb81fdbSMarcel Selhorst Further information on this driver and the supported hardware 182631dd1a8SJustin P. Mattock can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/ 183ebb81fdbSMarcel Selhorst 184132f7629SAshley Laiconfig TCG_IBMVTPM 185132f7629SAshley Lai tristate "IBM VTPM Interface" 1865b266032SKent Yoder depends on PPC_PSERIES 187a7f7f624SMasahiro Yamada help 188132f7629SAshley Lai If you have IBM virtual TPM (VTPM) support say Yes and it 189132f7629SAshley Lai will be accessible from within Linux. To compile this driver 190132f7629SAshley Lai as a module, choose M here; the module will be called tpm_ibmvtpm. 191132f7629SAshley Lai 192e2683957SDaniel De Graafconfig TCG_XEN 193e2683957SDaniel De Graaf tristate "XEN TPM Interface" 194e2683957SDaniel De Graaf depends on TCG_TPM && XEN 195713efcabSKonrad Rzeszutek Wilk select XEN_XENBUS_FRONTEND 196a7f7f624SMasahiro Yamada help 197e2683957SDaniel De Graaf If you want to make TPM support available to a Xen user domain, 198e2683957SDaniel De Graaf say Yes and it will be accessible from within Linux. See 199e2683957SDaniel De Graaf the manpages for xl, xl.conf, and docs/misc/vtpm.txt in 200e2683957SDaniel De Graaf the Xen source repository for more details. 201e2683957SDaniel De Graaf To compile this driver as a module, choose M here; the module 202e2683957SDaniel De Graaf will be called xen-tpmfront. 203e2683957SDaniel De Graaf 20430fc8d13SJarkko Sakkinenconfig TCG_CRB 20530fc8d13SJarkko Sakkinen tristate "TPM 2.0 CRB Interface" 20608eff49dSJiandi An depends on ACPI 207a7f7f624SMasahiro Yamada help 20830fc8d13SJarkko Sakkinen If you have a TPM security chip that is compliant with the 20930fc8d13SJarkko Sakkinen TCG CRB 2.0 TPM specification say Yes and it will be accessible 21030fc8d13SJarkko Sakkinen from within Linux. To compile this driver as a module, choose 21130fc8d13SJarkko Sakkinen M here; the module will be called tpm_crb. 21230fc8d13SJarkko Sakkinen 2136f99612eSStefan Bergerconfig TCG_VTPM_PROXY 2146f99612eSStefan Berger tristate "VTPM Proxy Interface" 2156f99612eSStefan Berger depends on TCG_TPM 216a7f7f624SMasahiro Yamada help 2176f99612eSStefan Berger This driver proxies for an emulated TPM (vTPM) running in userspace. 2186f99612eSStefan Berger A device /dev/vtpmx is provided that creates a device pair 2196f99612eSStefan Berger /dev/vtpmX and a server-side file descriptor on which the vTPM 2206f99612eSStefan Berger can receive commands. 2216f99612eSStefan Berger 22209e57483SSasha Levinconfig TCG_FTPM_TEE 22309e57483SSasha Levin tristate "TEE based fTPM Interface" 22409e57483SSasha Levin depends on TEE && OPTEE 22509e57483SSasha Levin help 22609e57483SSasha Levin This driver proxies for firmware TPM running in TEE. 2276f99612eSStefan Berger 228bf38b871SChristophe Ricardsource "drivers/char/tpm/st33zp24/Kconfig" 2297126b75cSJan Engelhardtendif # TCG_TPM 230