On 11 August 2015 at 15:45, christophe.ricard <christophe.ric...@gmail.com> wrote: > Hi Simon, > > > On 11/08/2015 16:47, Simon Glass wrote: >> >> Add new Kconfig options for TPMs in preparation for moving boards to use >> Kconfig for TPM configuration. >> >> Signed-off-by: Simon Glass <s...@chromium.org> >> --- >> >> common/Kconfig | 12 ++++++++++++ >> drivers/tpm/Kconfig | 52 >> ++++++++++++++++++++++++++++++++++++++++++++++++++++ >> lib/Kconfig | 10 ++++++++++ >> 3 files changed, 74 insertions(+) >> >> diff --git a/common/Kconfig b/common/Kconfig >> index 40cd69e..05faae9 100644 >> --- a/common/Kconfig >> +++ b/common/Kconfig >> @@ -618,4 +618,16 @@ config CMD_REGULATOR >> endmenu >> +menu "Security commands" >> +config CMD_TPM >> + bool "Enable the 'tpm' command" >> + depends on TPM >> + help >> + This provides a means to talk to a TPM from the command line. A >> wide >> + range of commands if provided - see 'tpm help' for details. The >> + command requires a suitable TPM on your board and the correct >> driver >> + must be enabled. >> + >> +endmenu >> + >> endmenu >> diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig >> index f408b8a..993d2d7 100644 >> --- a/drivers/tpm/Kconfig >> +++ b/drivers/tpm/Kconfig >> @@ -1,7 +1,59 @@ >> config TPM_TIS_SANDBOX >> bool "Enable sandbox TPM driver" >> + depends on SANDBOX >> help >> This driver emulates a TPM, providing access to base functions >> such as reading and writing TPM private data. This is enough to >> support Chrome OS verified boot. Extend functionality is not >> implemented. >> + >> +config TPM_ATMEL_TWI >> + bool "Enable Atmel TWI TPM device driver" >> + depends on TPM >> + help >> + This driver supports an Atmel TPM device connected on the I2C >> bus. >> + The usual tpm operations and the 'tpm' command can be used to >> talk >> + to the device using the standard TPM Interface Specification >> (TIS) >> + protocol >> + >> +config TPM_TIS_I2C >> + bool "Enable support for Infineon SLB9635/45 TPMs on I2C" >> + depends on TPM && DM_I2C >> + help >> + This driver supports Infineon TPM devices connected on the I2C >> bus. >> + The usual tpm operations and the 'tpm' command can be used to >> talk >> + to the device using the standard TPM Interface Specification >> (TIS) >> + protocol >> + >> +config TPM_TIS_I2C_BURST_LIMITATION >> + bool "Enable I2C burst length limitation" >> + depends on TPM_TIS_I2C >> + help >> + Some broken TPMs have a limitation on the number of bytes they >> can >> + receive in one message. Enable this option to allow you to set >> this >> + option. The can allow a broken TPM to be used by splitting >> messages >> + into separate pieces. >> + >> +config TPM_TIS_I2C_BURST_LIMITATION_LEN >> + int "Length" >> + depends on TPM_TIS_I2C_BURST_LIMITATION >> + help >> + Use this to set the burst limitation length >> + >> +config TPM_TIS_LPC >> + bool "Enable support for Infineon SLB9635/45 TPMs on LPC" >> + depends on TPM && X86 >> + help >> + This driver supports Infineon TPM devices connected on the I2C >> bus. >> + The usual tpm operations and the 'tpm' command can be used to >> talk >> + to the device using the standard TPM Interface Specification >> (TIS) >> + protocol >> + >> +config TPM_AUTH_SESSIONS >> + bool "Enable TPM authentication session support" >> + depends on TPM >> + help >> + Enable support for authorised (AUTH1) commands as specified in >> the >> + TCG Main Specification 1.2. OIAP-authorised versions of the >> commands >> + TPM_LoadKey2 and TPM_GetPubKey are provided. Both features are >> + available using the 'tpm' command, too. > > Won't you put all TPM drivers in a "TPM support" menu showing "Device > Drivers" parent ?
Yes that's a good idea, I'll do that. >> >> diff --git a/lib/Kconfig b/lib/Kconfig >> index 884218a..0673072 100644 >> --- a/lib/Kconfig >> +++ b/lib/Kconfig >> @@ -54,6 +54,16 @@ source lib/dhry/Kconfig >> source lib/rsa/Kconfig >> +config TPM >> + bool "Trusted Platform Module (TPM) Support" >> + help >> + This enables support for TPMs which can be used to provide >> security >> + features for your board. The TPM can be connected via LPC or I2C >> + and a sandbox TPM is provided for testing purposes. Use the >> 'tpm' >> + command to interactive the TPM. Driver model support is provided >> + for the low-level TPM interface, but only one TPM is supported >> at >> + a time by the TPM library. >> + >> menu "Hashing Support" >> config SHA1 > > Best Regards > Christophe Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
