summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin@das-labor.org>2017-10-18 17:13:07 +0200
committerStefan Reinauer <stefan.reinauer@coreboot.org>2018-01-18 01:35:31 +0000
commit64e2d19082636de9e82674ccfca574269bb34712 (patch)
treedfe44c9b1cebbb611b99474c1ee096e23f930796 /src
parent4fef7818ecd002e5971ea6287e402fd9276b7266 (diff)
security/tpm: Move tpm TSS and TSPI layer to security section
* Move code from src/lib and src/include into src/security/tpm * Split TPM TSS 1.2 and 2.0 * Fix header includes * Add a new directory structure with kconfig and makefile includes Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22103 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src')
-rw-r--r--src/Kconfig46
-rw-r--r--src/cpu/intel/haswell/romstage.c2
-rw-r--r--src/drivers/i2c/tpm/cr50.c2
-rw-r--r--src/drivers/i2c/tpm/tis.c2
-rw-r--r--src/drivers/i2c/tpm/tis_atmel.c2
-rw-r--r--src/drivers/i2c/tpm/tpm.c2
-rw-r--r--src/drivers/intel/fsp1_1/romstage.c2
-rw-r--r--src/drivers/intel/fsp2_0/memory_init.c4
-rw-r--r--src/drivers/pc80/tpm/Kconfig6
-rw-r--r--src/drivers/pc80/tpm/romstage.c2
-rw-r--r--src/drivers/pc80/tpm/tpm.c2
-rw-r--r--src/drivers/spi/tpm/tis.c2
-rw-r--r--src/drivers/spi/tpm/tpm.c2
-rw-r--r--src/lib/Makefile.inc12
-rw-r--r--src/mainboard/asus/kgpe-d16/romstage.c2
-rw-r--r--src/mainboard/google/gru/chromeos.c2
-rw-r--r--src/mainboard/google/link/romstage.c2
-rw-r--r--src/mainboard/google/oak/tpm_tis.c2
-rw-r--r--src/mainboard/google/parrot/romstage.c2
-rw-r--r--src/mainboard/google/stout/romstage.c2
-rw-r--r--src/mainboard/intel/emeraldlake2/romstage.c2
-rw-r--r--src/mainboard/lenovo/x201/romstage.c2
-rw-r--r--src/mainboard/pcengines/apu2/romstage.c2
-rw-r--r--src/mainboard/samsung/lumpy/romstage.c2
-rw-r--r--src/mainboard/samsung/stumpy/romstage.c2
-rw-r--r--src/northbridge/intel/sandybridge/romstage.c2
-rw-r--r--src/security/Kconfig1
-rw-r--r--src/security/Makefile.inc1
-rw-r--r--src/security/tpm/Kconfig69
-rw-r--r--src/security/tpm/Makefile.inc12
-rw-r--r--src/security/tpm/antirollback.h (renamed from src/include/antirollback.h)2
-rw-r--r--src/security/tpm/tcg-1.2/tlcl.c (renamed from src/lib/tlcl.c)4
-rw-r--r--src/security/tpm/tcg-1.2/tlcl_internal.h (renamed from src/lib/tlcl_internal.h)0
-rw-r--r--src/security/tpm/tcg-1.2/tlcl_structures.h (renamed from src/lib/tlcl_structures.h)0
-rw-r--r--src/security/tpm/tcg-2.0/tpm2_marshaling.c (renamed from src/lib/tpm2_marshaling.c)0
-rw-r--r--src/security/tpm/tcg-2.0/tpm2_marshaling.h (renamed from src/lib/tpm2_marshaling.h)0
-rw-r--r--src/security/tpm/tcg-2.0/tpm2_tlcl.c (renamed from src/lib/tpm2_tlcl.c)6
-rw-r--r--src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h (renamed from src/lib/tpm2_tlcl_structures.h)3
-rw-r--r--src/security/tpm/tlcl.h (renamed from src/include/tpm_lite/tlcl.h)0
-rw-r--r--src/security/tpm/tpm.h (renamed from src/include/tpm.h)0
-rw-r--r--src/security/tpm/tpm_error_messages.h (renamed from src/lib/tpm_error_messages.h)0
-rw-r--r--src/security/tpm/tss_constants.h (renamed from src/include/tpm_lite/tss_constants.h)0
-rw-r--r--src/security/vboot/secdata_mock.c4
-rw-r--r--src/security/vboot/secdata_tpm.c4
-rw-r--r--src/security/vboot/vboot_logic.c2
-rw-r--r--src/soc/intel/baytrail/romstage/romstage.c2
-rw-r--r--src/soc/intel/braswell/romstage/romstage.c2
-rw-r--r--src/soc/intel/broadwell/romstage/romstage.c2
-rw-r--r--src/soc/intel/common/tpm_tis.c2
-rw-r--r--src/vendorcode/google/chromeos/cr50_enable_update.c3
-rw-r--r--src/vendorcode/google/chromeos/tpm2.c2
51 files changed, 126 insertions, 107 deletions
diff --git a/src/Kconfig b/src/Kconfig
index 6896d0e79c..e362281c77 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -291,14 +291,6 @@ config FMDFILE
but in some cases more complex setups are required.
When an fmd is specified, it overrides the default format.
-config MAINBOARD_HAS_TPM2
- bool
- default n
- help
- There is a TPM device installed on the mainboard, and it is
- compliant with version 2 TCG TPM specification. Could be connected
- over LPC, SPI or I2C.
-
endmenu
# load site-local kconfig to allow user specific defaults and overrides
@@ -387,37 +379,6 @@ config RTC
bool
default n
-config TPM
- bool
- default n
- select LPC_TPM if MAINBOARD_HAS_LPC_TPM
- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
- help
- Enable this option to enable TPM support in coreboot.
-
- If unsure, say N.
-
-config TPM2
- bool
- select LPC_TPM if MAINBOARD_HAS_LPC_TPM
- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
- help
- Enable this option to enable TPM2 support in coreboot.
-
- If unsure, say N.
-
-config POWER_OFF_ON_CR50_UPDATE
- bool
- help
- Power off machine while waiting for CR50 update to take effect.
-
-config MAINBOARD_HAS_TPM_CR50
- bool
- default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50
- default n
- select MAINBOARD_HAS_TPM2
- select POWER_OFF_ON_CR50_UPDATE if ARCH_X86
-
config HEAP_SIZE
hex
default 0x4000
@@ -962,13 +923,6 @@ config X86EMU_DEBUG_TIMINGS
If unsure, say N.
-config DEBUG_TPM
- bool "Output verbose TPM debug messages"
- default n
- depends on TPM || TPM2
- help
- This option enables additional TPM related debug messages.
-
config DEBUG_SPI_FLASH
bool "Output verbose SPI flash debug messages"
default n
diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c
index 136f098e71..ffbfbdfd83 100644
--- a/src/cpu/intel/haswell/romstage.c
+++ b/src/cpu/intel/haswell/romstage.c
@@ -42,7 +42,7 @@
#include "northbridge/intel/haswell/raminit.h"
#include "southbridge/intel/lynxpoint/pch.h"
#include "southbridge/intel/lynxpoint/me.h"
-#include <tpm.h>
+#include <security/tpm/tpm.h>
static inline void reset_system(void)
{
diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c
index 8b0ea32269..0927d7fc43 100644
--- a/src/drivers/i2c/tpm/cr50.c
+++ b/src/drivers/i2c/tpm/cr50.c
@@ -39,7 +39,7 @@
#include <device/i2c_simple.h>
#include <endian.h>
#include <timer.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "tpm.h"
#define CR50_MAX_BUFSIZE 63
diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c
index 20c2d7136a..ba5f0e4a10 100644
--- a/src/drivers/i2c/tpm/tis.c
+++ b/src/drivers/i2c/tpm/tis.c
@@ -22,7 +22,7 @@
#include <device/i2c_simple.h>
#include <endian.h>
#include <lib.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "tpm.h"
#include <timer.h>
diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c
index 151209974a..d321d24558 100644
--- a/src/drivers/i2c/tpm/tis_atmel.c
+++ b/src/drivers/i2c/tpm/tis_atmel.c
@@ -23,7 +23,7 @@
#include <device/i2c_simple.h>
#include <endian.h>
#include <lib.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <timer.h>
#define RECV_TIMEOUT (1 * 1000) /* 1 second */
diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c
index 2ce04018b3..dede671d1b 100644
--- a/src/drivers/i2c/tpm/tpm.c
+++ b/src/drivers/i2c/tpm/tpm.c
@@ -38,7 +38,7 @@
#include <device/i2c_simple.h>
#include <endian.h>
#include <timer.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "tpm.h"
/* max. number of iterations after I2C NAK */
diff --git a/src/drivers/intel/fsp1_1/romstage.c b/src/drivers/intel/fsp1_1/romstage.c
index 81939c4c33..3e96136ec9 100644
--- a/src/drivers/intel/fsp1_1/romstage.c
+++ b/src/drivers/intel/fsp1_1/romstage.c
@@ -36,7 +36,7 @@
#include <stage_cache.h>
#include <string.h>
#include <timestamp.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <vendorcode/google/chromeos/chromeos.h>
asmlinkage void *romstage_main(FSP_INFO_HEADER *fih)
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 368fafa5d7..18e0a2a97d 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -12,7 +12,7 @@
*/
#include <compiler.h>
-#include <antirollback.h>
+#include <security/tpm/antirollback.h>
#include <arch/io.h>
#include <arch/cpu.h>
#include <arch/symbols.h>
@@ -31,7 +31,7 @@
#include <string.h>
#include <symbols.h>
#include <timestamp.h>
-#include <tpm_lite/tlcl.h>
+#include <security/tpm/tlcl.h>
#include <security/vboot/vboot_common.h>
#include <vb2_api.h>
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig
index f32071cf7d..3bd9083802 100644
--- a/src/drivers/pc80/tpm/Kconfig
+++ b/src/drivers/pc80/tpm/Kconfig
@@ -1,9 +1,3 @@
-config MAINBOARD_HAS_LPC_TPM
- bool
- default n
- help
- Board has TPM support
-
config LPC_TPM
bool "Enable TPM support"
depends on MAINBOARD_HAS_LPC_TPM
diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
index 5531458726..20413d8cf4 100644
--- a/src/drivers/pc80/tpm/romstage.c
+++ b/src/drivers/pc80/tpm/romstage.c
@@ -17,7 +17,7 @@
#include <console/cbmem_console.h>
#include <console/console.h>
#include <arch/acpi.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <reset.h>
//#define EXTRA_LOGGING
diff --git a/src/drivers/pc80/tpm/tpm.c b/src/drivers/pc80/tpm/tpm.c
index 574d3af6ff..8f1c5df0aa 100644
--- a/src/drivers/pc80/tpm/tpm.c
+++ b/src/drivers/pc80/tpm/tpm.c
@@ -32,7 +32,7 @@
#include <arch/acpi_device.h>
#include <device/device.h>
#include <console/console.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <arch/early_variables.h>
#include <device/pnp.h>
#include "chip.h"
diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c
index 481c9da1d0..f561a97280 100644
--- a/src/drivers/spi/tpm/tis.c
+++ b/src/drivers/spi/tpm/tis.c
@@ -7,7 +7,7 @@
#include <arch/early_variables.h>
#include <console/console.h>
#include <string.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "tpm.h"
diff --git a/src/drivers/spi/tpm/tpm.c b/src/drivers/spi/tpm/tpm.c
index ceec0b0bc6..c7a3ab7749 100644
--- a/src/drivers/spi/tpm/tpm.c
+++ b/src/drivers/spi/tpm/tpm.c
@@ -23,7 +23,7 @@
#include <endian.h>
#include <string.h>
#include <timer.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "tpm.h"
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 25537d20ed..d77884c3d9 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -53,16 +53,6 @@ verstage-$(CONFIG_COLLECT_TIMESTAMPS) += timestamp.c
verstage-y += boot_device.c
verstage-$(CONFIG_CONSOLE_CBMEM) += cbmem_console.c
-verstage-$(CONFIG_TPM) += tlcl.c
-verstage-$(CONFIG_TPM2) += tpm2_marshaling.c
-verstage-$(CONFIG_TPM2) += tpm2_tlcl.c
-
-ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
-romstage-$(CONFIG_TPM) += tlcl.c
-romstage-$(CONFIG_TPM2) += tpm2_marshaling.c
-romstage-$(CONFIG_TPM2) += tpm2_tlcl.c
-endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
-
verstage-$(CONFIG_GENERIC_UDELAY) += timer.c
verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c
@@ -144,8 +134,6 @@ ramstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c
ramstage-$(CONFIG_GENERIC_UDELAY) += timer.c
ramstage-y += b64_decode.c
ramstage-$(CONFIG_ACPI_NHLT) += nhlt.c
-ramstage-$(CONFIG_TPM2) += tpm2_marshaling.c
-ramstage-$(CONFIG_TPM2) += tpm2_tlcl.c
romstage-y += cbmem_common.c
romstage-y += imd_cbmem.c
diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
index 63b93c19c5..b52a698f33 100644
--- a/src/mainboard/asus/kgpe-d16/romstage.c
+++ b/src/mainboard/asus/kgpe-d16/romstage.c
@@ -46,7 +46,7 @@
#include <cpu/amd/family_10h-family_15h/init_cpus.h>
#include <arch/early_variables.h>
#include <cbmem.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "resourcemap.c"
#include "cpu/amd/quadcore/quadcore.c"
diff --git a/src/mainboard/google/gru/chromeos.c b/src/mainboard/google/gru/chromeos.c
index 38f7f6987e..8d0acbbf2d 100644
--- a/src/mainboard/google/gru/chromeos.c
+++ b/src/mainboard/google/gru/chromeos.c
@@ -17,7 +17,7 @@
#include <bootmode.h>
#include <boot/coreboot_tables.h>
#include <gpio.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "board.h"
diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c
index 733aa301ef..e23eced50f 100644
--- a/src/mainboard/google/link/romstage.c
+++ b/src/mainboard/google/link/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <cbfs.h>
#include <southbridge/intel/bd82x6x/chip.h>
diff --git a/src/mainboard/google/oak/tpm_tis.c b/src/mainboard/google/oak/tpm_tis.c
index 018f02db10..ba019a6983 100644
--- a/src/mainboard/google/oak/tpm_tis.c
+++ b/src/mainboard/google/oak/tpm_tis.c
@@ -14,7 +14,7 @@
*/
#include <gpio.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "gpio.h"
diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c
index d9f2f8ff11..f34dac0705 100644
--- a/src/mainboard/google/parrot/romstage.c
+++ b/src/mainboard/google/parrot/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <cbfs.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "ec/compal/ene932/ec.h"
void pch_enable_lpc(void)
diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c
index d054b393c5..90313fb848 100644
--- a/src/mainboard/google/stout/romstage.c
+++ b/src/mainboard/google/stout/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <bootmode.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <cbfs.h>
#include <ec/quanta/it8518/ec.h>
#include "ec.h"
diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c
index 446164f578..3827337f94 100644
--- a/src/mainboard/intel/emeraldlake2/romstage.c
+++ b/src/mainboard/intel/emeraldlake2/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#define SIO_PORT 0x164e
diff --git a/src/mainboard/lenovo/x201/romstage.c b/src/mainboard/lenovo/x201/romstage.c
index e8312d75cf..f19f55578f 100644
--- a/src/mainboard/lenovo/x201/romstage.c
+++ b/src/mainboard/lenovo/x201/romstage.c
@@ -35,7 +35,7 @@
#include <timestamp.h>
#include <arch/acpi.h>
#include <cbmem.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "dock.h"
#include "arch/early_variables.h"
diff --git a/src/mainboard/pcengines/apu2/romstage.c b/src/mainboard/pcengines/apu2/romstage.c
index 6339d94abf..b4b2802ea0 100644
--- a/src/mainboard/pcengines/apu2/romstage.c
+++ b/src/mainboard/pcengines/apu2/romstage.c
@@ -33,7 +33,7 @@
#include <cpu/x86/lapic.h>
#include <southbridge/amd/pi/hudson/hudson.h>
#include <Fch/Fch.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include "gpio_ftns.h"
diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c
index 3afb196448..a04d538e80 100644
--- a/src/mainboard/samsung/lumpy/romstage.c
+++ b/src/mainboard/samsung/lumpy/romstage.c
@@ -28,7 +28,7 @@
#include <cbmem.h>
#include <console/console.h>
#include <bootmode.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <northbridge/intel/sandybridge/sandybridge.h>
#include <northbridge/intel/sandybridge/raminit.h>
#include <northbridge/intel/sandybridge/raminit_native.h>
diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c
index ec5368dbb0..367a4388f4 100644
--- a/src/mainboard/samsung/stumpy/romstage.c
+++ b/src/mainboard/samsung/stumpy/romstage.c
@@ -37,7 +37,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#if IS_ENABLED(CONFIG_DRIVERS_UART_8250IO)
#include <superio/smsc/lpc47n207/lpc47n207.h>
#endif
diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c
index 8608d5a8a4..1f31ad611e 100644
--- a/src/northbridge/intel/sandybridge/romstage.c
+++ b/src/northbridge/intel/sandybridge/romstage.c
@@ -28,7 +28,7 @@
#include <device/pci_def.h>
#include <device/device.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <northbridge/intel/sandybridge/chip.h>
#include "southbridge/intel/bd82x6x/pch.h"
#include <southbridge/intel/common/gpio.h>
diff --git a/src/security/Kconfig b/src/security/Kconfig
index 7d105b8cf8..6a334ac09c 100644
--- a/src/security/Kconfig
+++ b/src/security/Kconfig
@@ -13,3 +13,4 @@
##
source "src/security/vboot/Kconfig"
+source "src/security/tpm/Kconfig"
diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc
index d2e1e60f44..a940b82613 100644
--- a/src/security/Makefile.inc
+++ b/src/security/Makefile.inc
@@ -1 +1,2 @@
subdirs-y += vboot
+subdirs-y += tpm
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
new file mode 100644
index 0000000000..111f91a5c1
--- /dev/null
+++ b/src/security/tpm/Kconfig
@@ -0,0 +1,69 @@
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2017 Philipp Deppenwiese, Facebook, Inc.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+##
+
+menu "Trusted Platform Module"
+
+config TPM
+ bool
+ default n
+ select LPC_TPM if MAINBOARD_HAS_LPC_TPM
+ select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
+ help
+ Enable this option to enable TPM support in coreboot.
+
+ If unsure, say N.
+
+config TPM2
+ bool
+ select LPC_TPM if MAINBOARD_HAS_LPC_TPM
+ select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
+ help
+ Enable this option to enable TPM2 support in coreboot.
+
+ If unsure, say N.
+
+config DEBUG_TPM
+ bool "Output verbose TPM debug messages"
+ default n
+ depends on TPM || TPM2
+ help
+ This option enables additional TPM related debug messages.
+
+config MAINBOARD_HAS_TPM_CR50
+ bool
+ default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50
+ default n
+ select MAINBOARD_HAS_TPM2
+ select POWER_OFF_ON_CR50_UPDATE if ARCH_X86
+
+config POWER_OFF_ON_CR50_UPDATE
+ bool
+ help
+ Power off machine while waiting for CR50 update to take effect.
+
+config MAINBOARD_HAS_LPC_TPM
+ bool
+ default n
+ help
+ Board has TPM support
+
+config MAINBOARD_HAS_TPM2
+ bool
+ default n
+ help
+ There is a TPM device installed on the mainboard, and it is
+ compliant with version 2 TCG TPM specification. Could be connected
+ over LPC, SPI or I2C.
+
+endmenu # Trusted Platform Module (tpm)
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
new file mode 100644
index 0000000000..48e70107e0
--- /dev/null
+++ b/src/security/tpm/Makefile.inc
@@ -0,0 +1,12 @@
+verstage-$(CONFIG_TPM) += tcg-1.2/tlcl.c
+verstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c
+verstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c
+
+ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
+romstage-$(CONFIG_TPM) += tcg-1.2/tlcl.c
+romstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c
+romstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c
+endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
+
+ramstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c
+ramstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c
diff --git a/src/include/antirollback.h b/src/security/tpm/antirollback.h
index f61aa858ff..d1bc433dcd 100644
--- a/src/include/antirollback.h
+++ b/src/security/tpm/antirollback.h
@@ -9,7 +9,7 @@
#ifndef ANTIROLLBACK_H_
#define ANTIROLLBACK_H_
-#include "tpm_lite/tss_constants.h"
+#include "tss_constants.h"
struct vb2_context;
enum vb2_pcr_digest;
diff --git a/src/lib/tlcl.c b/src/security/tpm/tcg-1.2/tlcl.c
index 49854cbdcb..c7fcfcb7d6 100644
--- a/src/lib/tlcl.c
+++ b/src/security/tpm/tcg-1.2/tlcl.c
@@ -17,11 +17,11 @@
#include <arch/early_variables.h>
#include <assert.h>
#include <string.h>
-#include <tpm_lite/tlcl.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <vb2_api.h>
#include "tlcl_internal.h"
#include "tlcl_structures.h"
+#include "../tlcl.h"
#ifdef FOR_TEST
#include <stdio.h>
diff --git a/src/lib/tlcl_internal.h b/src/security/tpm/tcg-1.2/tlcl_internal.h
index 3648be622a..3648be622a 100644
--- a/src/lib/tlcl_internal.h
+++ b/src/security/tpm/tcg-1.2/tlcl_internal.h
diff --git a/src/lib/tlcl_structures.h b/src/security/tpm/tcg-1.2/tlcl_structures.h
index 880864ee50..880864ee50 100644
--- a/src/lib/tlcl_structures.h
+++ b/src/security/tpm/tcg-1.2/tlcl_structures.h
diff --git a/src/lib/tpm2_marshaling.c b/src/security/tpm/tcg-2.0/tpm2_marshaling.c
index 3ce09a4f8d..3ce09a4f8d 100644
--- a/src/lib/tpm2_marshaling.c
+++ b/src/security/tpm/tcg-2.0/tpm2_marshaling.c
diff --git a/src/lib/tpm2_marshaling.h b/src/security/tpm/tcg-2.0/tpm2_marshaling.h
index 5802044378..5802044378 100644
--- a/src/lib/tpm2_marshaling.h
+++ b/src/security/tpm/tcg-2.0/tpm2_marshaling.h
diff --git a/src/lib/tpm2_tlcl.c b/src/security/tpm/tcg-2.0/tpm2_tlcl.c
index fde90a002a..e111b89ae2 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/security/tpm/tcg-2.0/tpm2_tlcl.c
@@ -4,16 +4,16 @@
* found in the LICENSE file.
*/
-#include <antirollback.h>
#include <arch/early_variables.h>
#include <console/console.h>
#include <endian.h>
-#include <lib/tpm2_tlcl_structures.h>
#include <string.h>
-#include <tpm.h>
#include <vb2_api.h>
+#include "tpm2_tlcl_structures.h"
#include "tpm2_marshaling.h"
+#include "../tpm.h"
+#include "../antirollback.h"
/*
* This file provides interface between firmware and TPM2 device. The TPM1.2
diff --git a/src/lib/tpm2_tlcl_structures.h b/src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h
index 2a6615df42..acd9e74aec 100644
--- a/src/lib/tpm2_tlcl_structures.h
+++ b/src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h
@@ -13,9 +13,10 @@
*/
#include <stdint.h>
#include <compiler.h>
-#include <tpm_lite/tlcl.h>
#include <types.h>
+#include "../tlcl.h"
+
/* This should be plenty for what firmware needs. */
#define TPM_BUFFER_SIZE 256
diff --git a/src/include/tpm_lite/tlcl.h b/src/security/tpm/tlcl.h
index 8dd5d80685..8dd5d80685 100644
--- a/src/include/tpm_lite/tlcl.h
+++ b/src/security/tpm/tlcl.h
diff --git a/src/include/tpm.h b/src/security/tpm/tpm.h
index 32a44c17eb..32a44c17eb 100644
--- a/src/include/tpm.h
+++ b/src/security/tpm/tpm.h
diff --git a/src/lib/tpm_error_messages.h b/src/security/tpm/tpm_error_messages.h
index ac7cd4e859..ac7cd4e859 100644
--- a/src/lib/tpm_error_messages.h
+++ b/src/security/tpm/tpm_error_messages.h
diff --git a/src/include/tpm_lite/tss_constants.h b/src/security/tpm/tss_constants.h
index 937e553969..937e553969 100644
--- a/src/include/tpm_lite/tss_constants.h
+++ b/src/security/tpm/tss_constants.h
diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c
index 72ee5b3c11..ff8e98e43f 100644
--- a/src/security/vboot/secdata_mock.c
+++ b/src/security/vboot/secdata_mock.c
@@ -32,9 +32,9 @@
* stored in the TPM NVRAM.
*/
-#include <antirollback.h>
+#include <security/tpm/antirollback.h>
#include <stdlib.h>
-#include <tpm_lite/tlcl.h>
+#include <security/tpm/tlcl.h>
#include <vb2_api.h>
uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index be9d680cc0..2dc11bd2dc 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -32,10 +32,10 @@
* stored in the TPM NVRAM.
*/
-#include <antirollback.h>
+#include <security/tpm/antirollback.h>
#include <stdlib.h>
#include <string.h>
-#include <tpm_lite/tlcl.h>
+#include <security/tpm/tlcl.h>
#include <vb2_api.h>
#include <console/console.h>
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index e6b97b9c2f..c76739ac51 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -13,7 +13,7 @@
* GNU General Public License for more details.
*/
-#include <antirollback.h>
+#include <security/tpm/antirollback.h>
#include <arch/exception.h>
#include <assert.h>
#include <bootmode.h>
diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c
index 9990d84257..d8e6449dc6 100644
--- a/src/soc/intel/baytrail/romstage/romstage.c
+++ b/src/soc/intel/baytrail/romstage/romstage.c
@@ -30,7 +30,7 @@
#include <stage_cache.h>
#include <string.h>
#include <timestamp.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <vendorcode/google/chromeos/chromeos.h>
#include <soc/gpio.h>
#include <soc/iomap.h>
diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c
index 0f82c49999..12a15304a2 100644
--- a/src/soc/intel/braswell/romstage/romstage.c
+++ b/src/soc/intel/braswell/romstage/romstage.c
@@ -43,7 +43,7 @@
#include <soc/romstage.h>
#include <soc/smm.h>
#include <soc/spi.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
void program_base_addresses(void)
{
diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c
index 1417b802cf..fa4c1eac62 100644
--- a/src/soc/intel/broadwell/romstage/romstage.c
+++ b/src/soc/intel/broadwell/romstage/romstage.c
@@ -25,7 +25,7 @@
#include <cbmem.h>
#include <cpu/x86/mtrr.h>
#include <elog.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
#include <program_loading.h>
#include <romstage_handoff.h>
#include <stage_cache.h>
diff --git a/src/soc/intel/common/tpm_tis.c b/src/soc/intel/common/tpm_tis.c
index ed57cef488..f088c0d16a 100644
--- a/src/soc/intel/common/tpm_tis.c
+++ b/src/soc/intel/common/tpm_tis.c
@@ -14,7 +14,7 @@
*/
#include <arch/acpi.h>
-#include <tpm.h>
+#include <security/tpm/tpm.h>
int tis_plat_irq_status(void)
{
diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c
index b5e4b6cc67..d322bbea3a 100644
--- a/src/vendorcode/google/chromeos/cr50_enable_update.c
+++ b/src/vendorcode/google/chromeos/cr50_enable_update.c
@@ -18,7 +18,7 @@
#include <ec/google/chromeec/ec.h>
#include <elog.h>
#include <halt.h>
-#include <tpm_lite/tlcl.h>
+#include <security/tpm/tlcl.h>
#include <vb2_api.h>
#include <security/vboot/vboot_common.h>
@@ -71,4 +71,3 @@ static void enable_update(void *unused)
halt();
}
BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, enable_update, NULL);
-
diff --git a/src/vendorcode/google/chromeos/tpm2.c b/src/vendorcode/google/chromeos/tpm2.c
index fd1dac9a35..266cf75f61 100644
--- a/src/vendorcode/google/chromeos/tpm2.c
+++ b/src/vendorcode/google/chromeos/tpm2.c
@@ -15,7 +15,7 @@
#include <bootstate.h>
#include <console/console.h>
-#include <tpm_lite/tlcl.h>
+#include <security/tpm/tlcl.h>
#include <vb2_api.h>
static void disable_platform_hierarchy(void *unused)