security/tpm: Unify the coreboot TPM software stack

* Remove 2nd software stack in pc80 drivers directory. * Create TSPI interface for common usage. * Refactor TSS / TIS code base. * Add vendor tss (Cr50) directory. * Change kconfig options for TPM to TPM1. * Add user / board configuration with: * MAINBOARD_HAS_*_TPM # * BUS driver * MAINBOARD_HAS_TPM1 or MAINBOARD_HAS_TPM2 * Add kconfig TPM user selection (e.g. pluggable TPMs) * Fix existing headers and function calls. * Fix vboot for interface usage and antirollback mode. Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24903 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
author: Philipp Deppenwiese <zaolin@das-labor.org> 2018-02-27 19:40:52 +0100
committer: Martin Roth <martinroth@google.com> 2018-06-04 20:33:07 +0000
commit: c07f8fbe6fd13e4245da71574b52b47e9733db84 (patch)
tree: 12db8b3c40552eab81045c6165538e2d3ba36ce8 /src/security/tpm/Kconfig
parent: 961d31bdb3c97e177156ed335d6f2c726d08ab51 (diff)
download: coreboot-c07f8fbe6fd13e4245da71574b52b47e9733db84.tar.xz
1 files changed, 62 insertions, 35 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 111f91a5c1..e6414d385f 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -1,6 +1,7 @@
 ## This file is part of the coreboot project.
 ##
-## Copyright (C) 2017 Philipp Deppenwiese, Facebook, Inc.
+## Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+## Copyright (C) 2018 Facebook Inc.
 ##
 ## This program is free software; you can redistribute it and/or modify
 ## it under the terms of the GNU General Public License as published by
@@ -12,58 +13,84 @@
 ## GNU General Public License for more details.
 ##
 
+source "src/security/tpm/tss/vendor/cr50/Kconfig"
+
 menu "Trusted Platform Module"
 
-config TPM
+config TPM1
 	bool
-	default n
-	select LPC_TPM if MAINBOARD_HAS_LPC_TPM
-	select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
-	help
-	  Enable this option to enable TPM support in coreboot.
-
-	  If unsure, say N.
+	default y if MAINBOARD_HAS_TPM1 || USER_TPM1
+	depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \
+						 || MAINBOARD_HAS_I2C_TPM_ATMEL
 
 config TPM2
 	bool
-	select LPC_TPM if MAINBOARD_HAS_LPC_TPM
-	select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM
+	default y if MAINBOARD_HAS_TPM2 || USER_TPM2
+	depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \
+						 || MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \
+						 || MAINBOARD_HAS_SPI_TPM_CR50
+
+config MAINBOARD_HAS_TPM1
+	bool
+
+config MAINBOARD_HAS_TPM2
+	bool
+
+if !MAINBOARD_HAS_TPM1 && !MAINBOARD_HAS_TPM2
+
+choice
+	prompt "Trusted Platform Module"
+	default USER_NO_TPM
+
+config USER_NO_TPM
+	bool "disabled"
+
+config USER_TPM1
+	bool "1.2"
+	depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \
+						 || MAINBOARD_HAS_I2C_TPM_ATMEL
 	help
-	  Enable this option to enable TPM2 support in coreboot.
+		Enable this option to enable TPM 1.0 - 1.2 support in coreboot.
 
-	  If unsure, say N.
+		If unsure, say N.
 
-config DEBUG_TPM
-	bool "Output verbose TPM debug messages"
-	default n
-	depends on TPM || TPM2
+config USER_TPM2
+	bool "2.0"
+	depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \
+						 || MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \
+						 || MAINBOARD_HAS_SPI_TPM_CR50
 	help
-	  This option enables additional TPM related debug messages.
+		Enable this option to enable TPM 2.0 support in coreboot.
 
-config MAINBOARD_HAS_TPM_CR50
-	bool
-	default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50
-	default n
-	select MAINBOARD_HAS_TPM2
-	select POWER_OFF_ON_CR50_UPDATE if ARCH_X86
+		If unsure, say N.
 
-config POWER_OFF_ON_CR50_UPDATE
-	bool
+endchoice
+
+endif
+
+config TPM_DEACTIVATE
+	bool "Deactivate TPM"
+	default n
+	depends on !VBOOT
+	depends on TPM1
 	help
-	  Power off machine while waiting for CR50 update to take effect.
+	  Deactivate TPM by issuing deactivate command.
 
-config MAINBOARD_HAS_LPC_TPM
-	bool
+config DEBUG_TPM
+	bool "Output verbose TPM debug messages"
 	default n
+	select DRIVER_TPM_DISPLAY_TIS_BYTES if I2C_TPM
+	depends on TPM1 || TPM2
 	help
-	  Board has TPM support
+	  This option enables additional TPM related debug messages.
 
-config MAINBOARD_HAS_TPM2
-	bool
+config TPM_RDRESP_NEED_DELAY
+	bool "Enable Delay Workaround for TPM"
 	default n
+	depends on LPC_TPM
 	help
-	  There is a TPM device installed on the mainboard, and it is
-	  compliant with version 2 TCG TPM specification. Could be connected
-	  over LPC, SPI or I2C.
+	  Certain TPMs seem to need some delay when reading response
+	  to work around a race-condition-related issue, possibly
+	  caused by ill-programmed TPM firmware.
 
 endmenu # Trusted Platform Module (tpm)
author	Philipp Deppenwiese <zaolin@das-labor.org>	2018-02-27 19:40:52 +0100
committer	Martin Roth <martinroth@google.com>	2018-06-04 20:33:07 +0000
commit	c07f8fbe6fd13e4245da71574b52b47e9733db84 (patch)
tree	12db8b3c40552eab81045c6165538e2d3ba36ce8 /src/security/tpm/Kconfig
parent	961d31bdb3c97e177156ed335d6f2c726d08ab51 (diff)
download	coreboot-c07f8fbe6fd13e4245da71574b52b47e9733db84.tar.xz