blob: 96ab2e658ff59777acd063156c2a35d0cb0f1691 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# SPDX-License-Identifier: GPL-2.0-only
source "src/security/tpm/tss/vendor/cr50/Kconfig"
menu "Trusted Platform Module"
config TPM1
bool
default y if MAINBOARD_HAS_TPM1 || USER_TPM1
depends on MAINBOARD_HAS_LPC_TPM || \
MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_I2C_TPM_ATMEL
config TPM2
bool
default y if MAINBOARD_HAS_TPM2 || USER_TPM2
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_LPC_TPM || \
MAINBOARD_HAS_I2C_TPM_ATMEL || \
MAINBOARD_HAS_I2C_TPM_CR50 || \
MAINBOARD_HAS_SPI_TPM || \
MAINBOARD_HAS_CRB_TPM
config TPM
bool
default y
depends on TPM1 || TPM2
config MAINBOARD_HAS_TPM1
bool
config MAINBOARD_HAS_TPM2
bool
if !MAINBOARD_HAS_TPM1 && !MAINBOARD_HAS_TPM2
choice
prompt "Trusted Platform Module"
default USER_NO_TPM
config USER_NO_TPM
bool "disabled"
config USER_TPM1
bool "1.2"
depends on MAINBOARD_HAS_LPC_TPM || \
MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_I2C_TPM_ATMEL
help
Enable this option to enable TPM 1.0 - 1.2 support in coreboot.
If unsure, say N.
config USER_TPM2
bool "2.0"
depends on MAINBOARD_HAS_I2C_TPM_GENERIC || \
MAINBOARD_HAS_LPC_TPM || \
MAINBOARD_HAS_I2C_TPM_ATMEL || \
MAINBOARD_HAS_I2C_TPM_CR50 || \
MAINBOARD_HAS_SPI_TPM || \
MAINBOARD_HAS_CRB_TPM
help
Enable this option to enable TPM 2.0 support in coreboot.
If unsure, say N.
endchoice
endif
config TPM_DEACTIVATE
bool "Deactivate TPM"
default n
depends on !VBOOT
depends on TPM1
help
Deactivate TPM by issuing deactivate command.
config DEBUG_TPM
bool "Output verbose TPM debug messages"
default n
select DRIVER_TPM_DISPLAY_TIS_BYTES if I2C_TPM
depends on TPM1 || TPM2
help
This option enables additional TPM related debug messages.
config TPM_RDRESP_NEED_DELAY
bool "Enable Delay Workaround for TPM"
default n
depends on MAINBOARD_HAS_LPC_TPM
help
Certain TPMs seem to need some delay when reading response
to work around a race-condition-related issue, possibly
caused by ill-programmed TPM firmware.
config TPM_STARTUP_IGNORE_POSTINIT
bool
help
Select this to ignore POSTINIT INVALID return codes on TPM
startup. This is useful on platforms where a previous stage
issued a TPM startup. Examples of use cases are Intel TXT
or VBOOT on the Intel Arrandale processor, which issues a
CPU-only reset during the romstage.
config TPM_MEASURED_BOOT
bool "Enable Measured Boot"
default n
select VBOOT_LIB
depends on TPM1 || TPM2
depends on !VBOOT_RETURN_FROM_VERSTAGE
help
Enables measured boot (experimental)
config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
bool
depends on TPM_MEASURED_BOOT && !VBOOT
help
Initialize TPM inside the bootblock instead of ramstage. This is
useful with some form of hardware assisted root of trust
measurement like Intel TXT/CBnT.
config TPM_MEASURED_BOOT_RUNTIME_DATA
string "Runtime data whitelist"
default ""
depends on TPM_MEASURED_BOOT
help
Runtime data whitelist of cbfs filenames. Needs to be a
space delimited list
endmenu # Trusted Platform Module (tpm)
|
