1# SPDX-License-Identifier: GPL-2.0-only
2#
3# TPM device configuration
4#
5
6menuconfig TCG_TPM
7	tristate "TPM Hardware Support"
8	depends on HAS_IOMEM
9	imply SECURITYFS
10	select CRYPTO
11	select CRYPTO_HASH_INFO
12	help
13	  If you have a TPM security chip in your system, which
14	  implements the Trusted Computing Group's specification,
15	  say Yes and it will be accessible from within Linux.  For
16	  more information see <http://www.trustedcomputinggroup.org>.
17	  An implementation of the Trusted Software Stack (TSS), the
18	  userspace enablement piece of the specification, can be
19	  obtained at: <http://sourceforge.net/projects/trousers>.  To
20	  compile this driver as a module, choose M here; the module
21	  will be called tpm. If unsure, say N.
22	  Notes:
23	  1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
24	  and CONFIG_PNPACPI.
25	  2) Without ACPI enabled, the BIOS event log won't be accessible,
26	  which is required to validate the PCR 0-7 values.
27
28if TCG_TPM
29
30config TCG_TPM2_HMAC
31	bool "Use HMAC and encrypted transactions on the TPM bus"
32	default X86_64
33	select CRYPTO_ECDH
34	select CRYPTO_LIB_AESCFB
35	select CRYPTO_LIB_SHA256
36	help
37	  Setting this causes us to deploy a scheme which uses request
38	  and response HMACs in addition to encryption for
39	  communicating with the TPM to prevent or detect bus snooping
40	  and interposer attacks (see tpm-security.rst).  Saying Y
41	  here adds some encryption overhead to all kernel to TPM
42	  transactions.
43
44config HW_RANDOM_TPM
45	bool "TPM HW Random Number Generator support"
46	depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
47	default y
48	help
49	  This setting exposes the TPM's Random Number Generator as a hwrng
50	  device. This allows the kernel to collect randomness from the TPM at
51	  boot, and provides the TPM randomines in /dev/hwrng.
52
53	  If unsure, say Y.
54
55config TCG_TIS_CORE
56	tristate
57	help
58	TCG TIS TPM core driver. It implements the TPM TCG TIS logic and hooks
59	into the TPM kernel APIs. Physical layers will register against it.
60
61config TCG_TIS
62	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface"
63	depends on X86 || OF
64	select TCG_TIS_CORE
65	help
66	  If you have a TPM security chip that is compliant with the
67	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
68	  specification (TPM2.0) say Yes and it will be accessible from
69	  within Linux. To compile this driver as a module, choose  M here;
70	  the module will be called tpm_tis.
71
72config TCG_TIS_SPI
73	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)"
74	depends on SPI
75	select TCG_TIS_CORE
76	help
77	  If you have a TPM security chip which is connected to a regular,
78	  non-tcg SPI master (i.e. most embedded platforms) that is compliant with the
79	  TCG TIS 1.3 TPM specification (TPM1.2) or the TCG PTP FIFO
80	  specification (TPM2.0) say Yes and it will be accessible from
81	  within Linux. To compile this driver as a module, choose  M here;
82	  the module will be called tpm_tis_spi.
83
84config TCG_TIS_SPI_CR50
85	bool "Cr50 SPI Interface"
86	depends on TCG_TIS_SPI
87	help
88	  If you have a H1 secure module running Cr50 firmware on SPI bus,
89	  say Yes and it will be accessible from within Linux.
90
91config TCG_TIS_I2C
92	tristate "TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (I2C - generic)"
93	depends on I2C
94	select CRC_CCITT
95	select TCG_TIS_CORE
96	help
97	  If you have a TPM security chip, compliant with the TCG TPM PTP
98	  (I2C interface) specification and connected to an I2C bus master,
99	  say Yes and it will be accessible from within Linux.
100	  To compile this driver as a module, choose M here;
101	  the module will be called tpm_tis_i2c.
102
103config TCG_TIS_SYNQUACER
104	tristate "TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface (MMIO - SynQuacer)"
105	depends on ARCH_SYNQUACER || COMPILE_TEST
106	select TCG_TIS_CORE
107	help
108	  If you have a TPM security chip that is compliant with the
109	  TCG TIS 1.2 TPM specification (TPM1.2) or the TCG PTP FIFO
110	  specification (TPM2.0) say Yes and it will be accessible from
111	  within Linux on Socionext SynQuacer platform.
112	  To compile this driver as a module, choose  M here;
113	  the module will be called tpm_tis_synquacer.
114
115config TCG_TIS_I2C_CR50
116	tristate "TPM Interface Specification 2.0 Interface (I2C - CR50)"
117	depends on I2C
118	help
119	  This is a driver for the Google cr50 I2C TPM interface which is a
120	  custom microcontroller and requires a custom i2c protocol interface
121	  to handle the limitations of the hardware.  To compile this driver
122	  as a module, choose M here; the module will be called tcg_tis_i2c_cr50.
123
124config TCG_TIS_I2C_ATMEL
125	tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
126	depends on I2C
127	help
128	  If you have an Atmel I2C TPM security chip say Yes and it will be
129	  accessible from within Linux.
130	  To compile this driver as a module, choose M here; the module will
131	  be called tpm_tis_i2c_atmel.
132
133config TCG_TIS_I2C_INFINEON
134	tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
135	depends on I2C
136	help
137	  If you have a TPM security chip that is compliant with the
138	  TCG TIS 1.2 TPM specification and Infineon's I2C Protocol Stack
139	  Specification 0.20 say Yes and it will be accessible from within
140	  Linux.
141	  To compile this driver as a module, choose M here; the module
142	  will be called tpm_i2c_infineon.
143
144config TCG_TIS_I2C_NUVOTON
145	tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
146	depends on I2C
147	help
148	  If you have a TPM security chip with an I2C interface from
149	  Nuvoton Technology Corp. say Yes and it will be accessible
150	  from within Linux.
151	  To compile this driver as a module, choose M here; the module
152	  will be called tpm_i2c_nuvoton.
153
154config TCG_NSC
155	tristate "National Semiconductor TPM Interface"
156	depends on X86
157	help
158	  If you have a TPM security chip from National Semiconductor
159	  say Yes and it will be accessible from within Linux.  To
160	  compile this driver as a module, choose M here; the module
161	  will be called tpm_nsc.
162
163config TCG_ATMEL
164	tristate "Atmel TPM Interface"
165	depends on PPC64 || HAS_IOPORT_MAP
166	depends on HAS_IOPORT
167	help
168	  If you have a TPM security chip from Atmel say Yes and it
169	  will be accessible from within Linux.  To compile this driver
170	  as a module, choose M here; the module will be called tpm_atmel.
171
172config TCG_INFINEON
173	tristate "Infineon Technologies TPM Interface"
174	depends on PNP || COMPILE_TEST
175	help
176	  If you have a TPM security chip from Infineon Technologies
177	  (either SLD 9630 TT 1.1 or SLB 9635 TT 1.2) say Yes and it
178	  will be accessible from within Linux.
179	  To compile this driver as a module, choose M here; the module
180	  will be called tpm_infineon.
181	  Further information on this driver and the supported hardware
182	  can be found at http://www.trust.rub.de/projects/linux-device-driver-infineon-tpm/
183
184config TCG_IBMVTPM
185	tristate "IBM VTPM Interface"
186	depends on PPC_PSERIES
187	help
188	  If you have IBM virtual TPM (VTPM) support say Yes and it
189	  will be accessible from within Linux.  To compile this driver
190	  as a module, choose M here; the module will be called tpm_ibmvtpm.
191
192config TCG_XEN
193	tristate "XEN TPM Interface"
194	depends on TCG_TPM && XEN
195	select XEN_XENBUS_FRONTEND
196	help
197	  If you want to make TPM support available to a Xen user domain,
198	  say Yes and it will be accessible from within Linux. See
199	  the manpages for xl, xl.conf, and docs/misc/vtpm.txt in
200	  the Xen source repository for more details.
201	  To compile this driver as a module, choose M here; the module
202	  will be called xen-tpmfront.
203
204config TCG_CRB
205	tristate "TPM 2.0 CRB Interface"
206	depends on ACPI
207	help
208	  If you have a TPM security chip that is compliant with the
209	  TCG CRB 2.0 TPM specification say Yes and it will be accessible
210	  from within Linux.  To compile this driver as a module, choose
211	  M here; the module will be called tpm_crb.
212
213config TCG_VTPM_PROXY
214	tristate "VTPM Proxy Interface"
215	depends on TCG_TPM
216	help
217	  This driver proxies for an emulated TPM (vTPM) running in userspace.
218	  A device /dev/vtpmx is provided that creates a device pair
219	  /dev/vtpmX and a server-side file descriptor on which the vTPM
220	  can receive commands.
221
222config TCG_FTPM_TEE
223	tristate "TEE based fTPM Interface"
224	depends on TEE && OPTEE
225	help
226	  This driver proxies for firmware TPM running in TEE.
227
228source "drivers/char/tpm/st33zp24/Kconfig"
229endif # TCG_TPM
230