1#
2# TPM subsystem configuration
3#
4
5menu "TPM support"
6
7config TPM_V1
8	bool "TPMv1.x support"
9	depends on TPM
10	default y
11	help
12	  Major TPM versions are not compatible at all, choose either
13	  one or the other. This option enables TPMv1.x drivers/commands.
14
15if TPM_V1
16
17config TPM_TIS_SANDBOX
18	bool "Enable sandbox TPM driver"
19	depends on TPM_V1 && SANDBOX
20	default y
21	help
22	  This driver emulates a TPMv1.x, providing access to base functions
23	  such as reading and writing TPM private data. This is enough to
24	  support Chrome OS verified boot. Extend functionality is not
25	  implemented.
26
27config TPM_ATMEL_TWI
28	bool "Enable Atmel TWI TPM device driver"
29	depends on TPM_V1
30	help
31	  This driver supports an Atmel TPM device connected on the I2C bus.
32	  The usual tpm operations and the 'tpm' command can be used to talk
33	  to the device using the standard TPM Interface Specification (TIS)
34	  protocol
35
36config TPM_TIS_INFINEON
37	bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
38	depends on TPM_V1 && DM_I2C
39	help
40	  This driver supports Infineon TPM devices connected on the I2C bus.
41	  The usual tpm operations and the 'tpm' command can be used to talk
42	  to the device using the standard TPM Interface Specification (TIS)
43	  protocol
44
45config TPM_TIS_I2C_BURST_LIMITATION
46	bool "Enable I2C burst length limitation"
47	depends on TPM_TIS_INFINEON
48	help
49	  Some broken TPMs have a limitation on the number of bytes they can
50	  receive in one message. Enable this option to allow you to set this
51	  option. The can allow a broken TPM to be used by splitting messages
52	  into separate pieces.
53
54config TPM_TIS_I2C_BURST_LIMITATION_LEN
55	int "Length"
56	depends on TPM_TIS_I2C_BURST_LIMITATION
57	help
58	  Use this to set the burst limitation length
59
60config TPM_TIS_LPC
61	bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
62	depends on TPM_V1 && X86
63	help
64	  This driver supports Infineon TPM devices connected on the LPC bus.
65	  The usual tpm operations and the 'tpm' command can be used to talk
66	  to the device using the standard TPM Interface Specification (TIS)
67	  protocol
68
69config TPM_AUTH_SESSIONS
70	bool "Enable TPM authentication session support"
71	depends on TPM_V1
72	help
73	  Enable support for authorised (AUTH1) commands as specified in the
74	  TCG Main Specification 1.2. OIAP-authorised versions of the commands
75	  TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are
76	  available using the 'tpm' command, too.
77
78config TPM_ST33ZP24_I2C
79	bool "STMicroelectronics ST33ZP24 I2C TPM"
80	depends on TPM_V1 && DM_I2C
81	---help---
82	  This driver supports STMicroelectronics TPM devices connected on the I2C bus.
83	  The usual tpm operations and the 'tpm' command can be used to talk
84	  to the device using the standard TPM Interface Specification (TIS)
85	  protocol
86
87config TPM_ST33ZP24_SPI
88	bool "STMicroelectronics ST33ZP24 SPI TPM"
89	depends on TPM_V1 && DM_SPI
90	---help---
91	  This driver supports STMicroelectronics TPM devices connected on the SPI bus.
92	  The usual tpm operations and the 'tpm' command can be used to talk
93	  to the device using the standard TPM Interface Specification (TIS)
94	  protocol
95
96config TPM_FLUSH_RESOURCES
97	bool "Enable TPM resource flushing support"
98	depends on TPM_V1
99	help
100	  Enable support to flush specific resources (e.g. keys) from the TPM.
101	  The functionality is available via the 'tpm' command as well.
102
103config TPM_LOAD_KEY_BY_SHA1
104	bool "Enable TPM key loading by SHA1 support"
105	depends on TPM_V1
106	help
107	  Enable support to load keys into the TPM by identifying
108	  their parent via the public key's SHA1 hash.
109	  The functionality is available via the 'tpm' command as well.
110
111config TPM_LIST_RESOURCES
112	bool "Enable TPM resource listing support"
113	depends on TPM_V1
114	help
115	  Enable support to list specific resources (e.g. keys) within the TPM.
116	  The functionality is available via the 'tpm' command as well.
117
118endif # TPM_V1
119
120config TPM_V2
121	bool "TPMv2.x support"
122	depends on TPM
123	default y
124	help
125	  Major TPM versions are not compatible at all, choose either
126	  one or the other. This option enables TPMv2.x drivers/commands.
127
128if TPM_V2
129
130config TPM2_CR50_I2C
131	bool "Enable support for Google cr50 TPM"
132	depends on DM_I2C
133	help
134	  Cr50 is an implementation of a TPM on Google's H1 security chip.
135	  This uses the same open-source firmware as the Chromium OS EC.
136	  While Cr50 has other features, its primary role is as the root of
137	  trust for a device, It operates like a TPM and can be used with
138	  verified boot. Cr50 is used on recent Chromebooks (since 2017).
139
140config TPM2_TIS_SANDBOX
141	bool "Enable sandbox TPMv2.x driver"
142	depends on TPM_V2 && SANDBOX
143	default y
144	help
145	  This driver emulates a TPMv2.x, providing access to base functions
146	  such as basic configuration, PCR extension and PCR read. Extended
147	  functionalities are not implemented.
148
149config TPM2_TIS_SPI
150	bool "Enable support for TPMv2.x SPI chips"
151	depends on TPM_V2 && DM_SPI
152	help
153	  This driver supports TPMv2.x devices connected on the SPI bus.
154	  The usual TPM operations and the 'tpm' command can be used to talk
155	  to the device using the standard TPM Interface Specification (TIS)
156	  protocol.
157
158config TPM2_FTPM_TEE
159	bool "TEE based fTPM Interface"
160	depends on TEE && OPTEE && TPM_V2
161	help
162	  This driver supports firmware TPM running in TEE.
163
164endif # TPM_V2
165
166endmenu
167