[U-Boot] [PATCH 03/25] tpm: Add Kconfig options for TPMs

Simon Glass sjg at chromium.org
Thu Aug 13 03:30:31 CEST 2015 

On 11 August 2015 at 15:45, christophe.ricard
<christophe.ricard at gmail.com> wrote:
> Hi Simon,
>
>
> On 11/08/2015 16:47, Simon Glass wrote:
>>
>> Add new Kconfig options for TPMs in preparation for moving boards to use
>> Kconfig for TPM configuration.
>>
>> Signed-off-by: Simon Glass <sjg at chromium.org>
>> ---
>>
>>   common/Kconfig      | 12 ++++++++++++
>>   drivers/tpm/Kconfig | 52
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>   lib/Kconfig         | 10 ++++++++++
>>   3 files changed, 74 insertions(+)
>>
>> diff --git a/common/Kconfig b/common/Kconfig
>> index 40cd69e..05faae9 100644
>> --- a/common/Kconfig
>> +++ b/common/Kconfig
>> @@ -618,4 +618,16 @@ config CMD_REGULATOR
>>     endmenu
>>   +menu "Security commands"
>> +config CMD_TPM
>> +       bool "Enable the 'tpm' command"
>> +       depends on TPM
>> +       help
>> +         This provides a means to talk to a TPM from the command line. A
>> wide
>> +         range of commands if provided - see 'tpm help' for details. The
>> +         command requires a suitable TPM on your board and the correct
>> driver
>> +         must be enabled.
>> +
>> +endmenu
>> +
>>   endmenu
>> diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
>> index f408b8a..993d2d7 100644
>> --- a/drivers/tpm/Kconfig
>> +++ b/drivers/tpm/Kconfig
>> @@ -1,7 +1,59 @@
>>   config TPM_TIS_SANDBOX
>>         bool "Enable sandbox TPM driver"
>> +       depends on SANDBOX
>>         help
>>           This driver emulates a TPM, providing access to base functions
>>           such as reading and writing TPM private data. This is enough to
>>           support Chrome OS verified boot. Extend functionality is not
>>           implemented.
>> +
>> +config TPM_ATMEL_TWI
>> +       bool "Enable Atmel TWI TPM device driver"
>> +       depends on TPM
>> +       help
>> +         This driver supports an Atmel TPM device connected on the I2C
>> bus.
>> +         The usual tpm operations and the 'tpm' command can be used to
>> talk
>> +         to the device using the standard TPM Interface Specification
>> (TIS)
>> +         protocol
>> +
>> +config TPM_TIS_I2C
>> +       bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
>> +       depends on TPM && DM_I2C
>> +       help
>> +         This driver supports Infineon TPM devices connected on the I2C
>> bus.
>> +         The usual tpm operations and the 'tpm' command can be used to
>> talk
>> +         to the device using the standard TPM Interface Specification
>> (TIS)
>> +         protocol
>> +
>> +config TPM_TIS_I2C_BURST_LIMITATION
>> +       bool "Enable I2C burst length limitation"
>> +       depends on TPM_TIS_I2C
>> +       help
>> +         Some broken TPMs have a limitation on the number of bytes they
>> can
>> +         receive in one message. Enable this option to allow you to set
>> this
>> +         option. The can allow a broken TPM to be used by splitting
>> messages
>> +         into separate pieces.
>> +
>> +config TPM_TIS_I2C_BURST_LIMITATION_LEN
>> +       int "Length"
>> +       depends on TPM_TIS_I2C_BURST_LIMITATION
>> +       help
>> +         Use this to set the burst limitation length
>> +
>> +config TPM_TIS_LPC
>> +       bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
>> +       depends on TPM && X86
>> +       help
>> +         This driver supports Infineon TPM devices connected on the I2C
>> bus.
>> +         The usual tpm operations and the 'tpm' command can be used to
>> talk
>> +         to the device using the standard TPM Interface Specification
>> (TIS)
>> +         protocol
>> +
>> +config TPM_AUTH_SESSIONS
>> +       bool "Enable TPM authentication session support"
>> +       depends on TPM
>> +       help
>> +         Enable support for authorised (AUTH1) commands as specified in
>> the
>> +         TCG Main Specification 1.2. OIAP-authorised versions of the
>> commands
>> +         TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
>> +         available using the 'tpm' command, too.
>
> Won't you put all TPM drivers in a "TPM support" menu showing "Device
> Drivers" parent ?

Yes that's a good idea, I'll do that.

>>
>> diff --git a/lib/Kconfig b/lib/Kconfig
>> index 884218a..0673072 100644
>> --- a/lib/Kconfig
>> +++ b/lib/Kconfig
>> @@ -54,6 +54,16 @@ source lib/dhry/Kconfig
>>     source lib/rsa/Kconfig
>>   +config TPM
>> +       bool "Trusted Platform Module (TPM) Support"
>> +       help
>> +         This enables support for TPMs which can be used to provide
>> security
>> +         features for your board. The TPM can be connected via LPC or I2C
>> +         and a sandbox TPM is provided for testing purposes. Use the
>> 'tpm'
>> +         command to interactive the TPM. Driver model support is provided
>> +         for the low-level TPM interface, but only one TPM is supported
>> at
>> +         a time by the TPM library.
>> +
>>   menu "Hashing Support"
>>     config SHA1
>
> Best Regards
> Christophe

Regards,
Simon

More information about the U-Boot mailing list