1#
2# TPM subsystem configuration
3#
4
5menu "TPM support"
6
7config TPM_V1
8	bool "TPMv1.x support"
9	depends on TPM
10	default y
11	help
12	  Major TPM versions are not compatible at all, choose either
13	  one or the other. This option enables TPMv1.x drivers/commands.
14
15if TPM_V1
16
17config TPM_TIS_SANDBOX
18	bool "Enable sandbox TPM driver"
19	depends on TPM_V1 && SANDBOX
20	default y
21	help
22	  This driver emulates a TPMv1.x, providing access to base functions
23	  such as reading and writing TPM private data. This is enough to
24	  support Chrome OS verified boot. Extend functionality is not
25	  implemented.
26
27config TPM_ATMEL_TWI
28	bool "Enable Atmel TWI TPM device driver"
29	depends on TPM_V1
30	help
31	  This driver supports an Atmel TPM device connected on the I2C bus.
32	  The usual tpm operations and the 'tpm' command can be used to talk
33	  to the device using the standard TPM Interface Specification (TIS)
34	  protocol
35
36config TPM_TIS_INFINEON
37	bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
38	depends on TPM_V1 && DM_I2C
39	help
40	  This driver supports Infineon TPM devices connected on the I2C bus.
41	  The usual tpm operations and the 'tpm' command can be used to talk
42	  to the device using the standard TPM Interface Specification (TIS)
43	  protocol
44
45config TPM_TIS_I2C_BURST_LIMITATION
46	bool "Enable I2C burst length limitation"
47	depends on TPM_TIS_INFINEON
48	help
49	  Some broken TPMs have a limitation on the number of bytes they can
50	  receive in one message. Enable this option to allow you to set this
51	  option. The can allow a broken TPM to be used by splitting messages
52	  into separate pieces.
53
54config TPM_TIS_I2C_BURST_LIMITATION_LEN
55	int "Length"
56	depends on TPM_TIS_I2C_BURST_LIMITATION
57	help
58	  Use this to set the burst limitation length
59
60config TPM_TIS_LPC
61	bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
62	depends on TPM_V1 && X86
63	help
64	  This driver supports Infineon TPM devices connected on the LPC bus.
65	  The usual tpm operations and the 'tpm' command can be used to talk
66	  to the device using the standard TPM Interface Specification (TIS)
67	  protocol
68
69config TPM_AUTH_SESSIONS
70	bool "Enable TPM authentication session support"
71	depends on TPM_V1
72	help
73	  Enable support for authorised (AUTH1) commands as specified in the
74	  TCG Main Specification 1.2. OIAP-authorised versions of the commands
75	  TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
76	  available using the 'tpm' command, too.
77
78config TPM_ST33ZP24_I2C
79	bool "STMicroelectronics ST33ZP24 I2C TPM"
80	depends on TPM_V1 && DM_I2C
81	---help---
82	  This driver supports STMicroelectronics TPM devices connected on the I2C bus.
83	  The usual tpm operations and the 'tpm' command can be used to talk
84	  to the device using the standard TPM Interface Specification (TIS)
85	  protocol
86
87config TPM_ST33ZP24_SPI
88	bool "STMicroelectronics ST33ZP24 SPI TPM"
89	depends on TPM_V1 && DM_SPI
90	---help---
91	  This driver supports STMicroelectronics TPM devices connected on the SPI bus.
92	  The usual tpm operations and the 'tpm' command can be used to talk
93	  to the device using the standard TPM Interface Specification (TIS)
94	  protocol
95
96config TPM_FLUSH_RESOURCES
97	bool "Enable TPM resource flushing support"
98	depends on TPM_V1
99	help
100	  Enable support to flush specific resources (e.g. keys) from the TPM.
101	  The functionality is available via the 'tpm' command as well.
102
103config TPM_LOAD_KEY_BY_SHA1
104	bool "Enable TPM key loading by SHA1 support"
105	depends on TPM_V1
106	help
107	  Enable support to load keys into the TPM by identifying
108	  their parent via the public key's SHA1 hash.
109	  The functionality is available via the 'tpm' command as well.
110
111config TPM_LIST_RESOURCES
112	bool "Enable TPM resource listing support"
113	depends on TPM_V1
114	help
115	  Enable support to list specific resources (e.g. keys) within the TPM.
116	  The functionality is available via the 'tpm' command as well.
117
118endif # TPM_V1
119
120config TPM_V2
121	bool "TPMv2.x support"
122	depends on TPM
123	default y
124	help
125	  Major TPM versions are not compatible at all, choose either
126	  one or the other. This option enables TPMv2.x drivers/commands.
127
128if TPM_V2
129
130config TPM2_CR50_I2C
131	bool "Enable support for Google cr50 TPM"
132	depends on DM_I2C
133	help
134	  Cr50 is an implementation of a TPM on Google's H1 security chip.
135	  This uses the same open-source firmware as the Chromium OS EC.
136	  While Cr50 has other features, its primary role is as the root of
137	  trust for a device, It operates like a TPM and can be used with
138	  verified boot. Cr50 is used on recent Chromebooks (since 2017).
139
140config SPL_TPM2_CR50_I2C
141	bool "Enable support for Google cr50 TPM"
142	depends on DM_I2C && SPL_TPM
143	help
144	  Cr50 is an implementation of a TPM on Google's H1 security chip.
145	  This uses the same open-source firmware as the Chromium OS EC.
146	  While Cr50 has other features, its primary role is as the root of
147	  trust for a device, It operates like a TPM and can be used with
148	  verified boot. Cr50 is used on recent Chromebooks (since 2017).
149
150config TPL_TPM2_CR50_I2C
151	bool "Enable support for Google cr50 TPM"
152	depends on DM_I2C && TPL_TPM
153	help
154	  Cr50 is an implementation of a TPM on Google's H1 security chip.
155	  This uses the same open-source firmware as the Chromium OS EC.
156	  While Cr50 has other features, its primary role is as the root of
157	  trust for a device, It operates like a TPM and can be used with
158	  verified boot. Cr50 is used on recent Chromebooks (since 2017).
159
160config VPL_TPM2_CR50_I2C
161	bool "Enable support for Google cr50 TPM"
162	depends on DM_I2C && VPL_TPM
163	help
164	  Cr50 is an implementation of a TPM on Google's H1 security chip.
165	  This uses the same open-source firmware as the Chromium OS EC.
166	  While Cr50 has other features, its primary role is as the root of
167	  trust for a device, It operates like a TPM and can be used with
168	  verified boot. Cr50 is used on recent Chromebooks (since 2017).
169
170config TPM2_TIS_SANDBOX
171	bool "Enable sandbox TPMv2.x driver"
172	depends on TPM_V2 && SANDBOX
173	default y
174	help
175	  This driver emulates a TPMv2.x, providing access to base functions
176	  such as basic configuration, PCR extension and PCR read. Extended
177	  functionalities are not implemented.
178
179config TPM2_TIS_SPI
180	bool "Enable support for TPMv2.x SPI chips"
181	depends on TPM_V2 && DM_SPI
182	help
183	  This driver supports TPMv2.x devices connected on the SPI bus.
184	  The usual TPM operations and the 'tpm' command can be used to talk
185	  to the device using the standard TPM Interface Specification (TIS)
186	  protocol.
187
188config TPM2_TIS_I2C
189	bool "Enable support for TPMv2.x I2C chips"
190	depends on TPM_V2 && DM_I2C
191	help
192	  This driver supports TPMv2.x devices connected on the I2C bus.
193	  The usual TPM operations and the 'tpm' command can be used to talk
194	  to the device using the standard TPM Interface Specification (TIS)
195	  protocol.
196
197config TPM2_FTPM_TEE
198	bool "TEE based fTPM Interface"
199	depends on TEE && OPTEE && TPM_V2
200	help
201	  This driver supports firmware TPM running in TEE.
202
203config TPM2_MMIO
204	bool "MMIO based TPM2 Interface"
205	depends on TPM_V2
206	help
207	  This driver supports firmware TPM2.0 MMIO interface.
208	  The usual TPM operations and the 'tpm' command can be used to talk
209	  to the device using the standard TPM Interface Specification (TIS)
210	  protocol.
211
212endif # TPM_V2
213
214endmenu
215