6 files changed, 23 insertions, 21 deletions

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 4864f12545..fc339a2b3a 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -20,21 +20,14 @@ config NO_TPM
 
 config TPM1
 	bool "TPM 1.2"
-	depends on MAINBOARD_HAS_LPC_TPM || \
-		   MAINBOARD_HAS_I2C_TPM_GENERIC || \
-		   MAINBOARD_HAS_I2C_TPM_ATMEL
+	depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
 	depends on !MAINBOARD_HAS_TPM2
 	help
 	  Select this option if your TPM uses the older TPM 1.2 protocol.
 
 config TPM2
 	bool "TPM 2.0"
-	depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
-		   MAINBOARD_HAS_LPC_TPM || \
-		   MAINBOARD_HAS_I2C_TPM_ATMEL || \
-		   MAINBOARD_HAS_I2C_TPM_CR50 || \
-		   MAINBOARD_HAS_SPI_TPM || \
-		   MAINBOARD_HAS_CRB_TPM
+	depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
 	depends on !MAINBOARD_HAS_TPM1
 	help
 	  Select this option if your TPM uses the newer TPM 2.0 protocol.
@@ -77,7 +70,7 @@ config DEBUG_TPM
 config TPM_RDRESP_NEED_DELAY
 	bool "Enable Delay Workaround for TPM"
 	default n
-	depends on MAINBOARD_HAS_LPC_TPM
+	depends on MEMORY_MAPPED_TPM
 	help
 	  Certain TPMs seem to need some delay when reading response
 	  to work around a race-condition-related issue, possibly
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index c36183dd9b..8f633a89bf 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -1,4 +1,4 @@
-subdirs-$(CONFIG_TPM_CR50) += tss/vendor/cr50
+subdirs-$(CONFIG_TPM_GOOGLE) += tss/vendor/cr50
 
 ## TSS
 
diff --git a/src/security/tpm/tss/vendor/cr50/Kconfig b/src/security/tpm/tss/vendor/cr50/Kconfig
index c4ecdef2fd..f98b8efeb9 100644
--- a/src/security/tpm/tss/vendor/cr50/Kconfig
+++ b/src/security/tpm/tss/vendor/cr50/Kconfig
@@ -1,11 +1,21 @@
 # SPDX-License-Identifier: GPL-2.0-only
 
-config TPM_CR50
+config TPM_GOOGLE
 	bool
-	depends on TPM2
-	default y if MAINBOARD_HAS_I2C_TPM_CR50 || MAINBOARD_HAS_SPI_TPM_CR50
 
-if TPM_CR50
+config TPM_GOOGLE_CR50
+	bool
+	select TPM_GOOGLE
+
+config TPM_GOOGLE_TI50
+	bool
+	select TPM_GOOGLE
+
+if TPM_GOOGLE
+
+config TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA
+	bool
+	default y
 
 config POWER_OFF_ON_CR50_UPDATE
 	bool
diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c
index 5792b41633..57aed61a71 100644
--- a/src/security/vboot/secdata_mock.c
+++ b/src/security/vboot/secdata_mock.c
@@ -31,7 +31,7 @@ vb2_error_t antirollback_read_space_kernel(struct vb2_context *ctx)
 	/*
 	 * The new kernel secdata v1 stores the last read EC hash, and reboots the
 	 * device during EC software sync when that hash didn't match the currently
-	 * active hash on the EC (this is used with TPM_CR50 to support EC-EFS2 and
+	 * active hash on the EC (this is used with TPM_GOOGLE to support EC-EFS2 and
 	 * pretty much a no-op for other devices). Generally, of course the whole
 	 * point of secdata is always that it persists across reboots, but with
 	 * MOCK_SECDATA we can't do that. Previously we always happened to somewhat
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 847a9597fb..450c681c06 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -384,8 +384,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 	 * Define and write zero-touch enrollment (ZTE) spaces.  For Cr50 devices,
 	 * these are set up elsewhere via TPM vendor commands.
 	 */
-	if (CONFIG(CHROMEOS) && (!(CONFIG(MAINBOARD_HAS_SPI_TPM_CR50) ||
-				   CONFIG(MAINBOARD_HAS_I2C_TPM_CR50))))
+	if (CONFIG(CHROMEOS) && !(CONFIG(TPM_GOOGLE)))
 		RETURN_ON_FAILURE(setup_zte_spaces());
 
 	/* Define widevine counter space. No need to increment/write to the secure counters
@@ -613,7 +612,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
 
 uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
 {
-	if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
+	if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
 		tlcl_cr50_enable_nvcommits();
 	return safe_write(FIRMWARE_NV_INDEX, ctx->secdata_firmware,
 			  VB2_SECDATA_FIRMWARE_SIZE);
@@ -632,7 +631,7 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
 	 * recovery, software sync, or other special boot flows. When the AP
 	 * wants to write, it is imporant to actually commit changes.
 	 */
-	if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
+	if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
 		tlcl_cr50_enable_nvcommits();
 
 	return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 509169fc95..2230b5ab57 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -303,7 +303,7 @@ void verstage_main(void)
 	 * If there is an communication error, a recovery reason will be set and
 	 * vb2api_fw_phase1 will route us to recovery mode.
 	 */
-	if (CONFIG(TPM_CR50))
+	if (CONFIG(TPM_GOOGLE))
 		check_boot_mode(ctx);
 
 	if (get_ec_is_trusted())