2020-05-07 12:38:15 +02:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2017-10-18 17:13:07 +02:00
|
|
|
|
2018-02-27 19:40:52 +01:00
|
|
|
source "src/security/tpm/tss/vendor/cr50/Kconfig"
|
|
|
|
|
|
2017-10-18 17:13:07 +02:00
|
|
|
menu "Trusted Platform Module"
|
|
|
|
|
|
2021-05-19 02:15:50 +02:00
|
|
|
choice
|
|
|
|
|
prompt "Trusted Platform Module"
|
|
|
|
|
default TPM2 if MAINBOARD_HAS_TPM2
|
|
|
|
|
default TPM1 if MAINBOARD_HAS_TPM1
|
|
|
|
|
default NO_TPM
|
|
|
|
|
|
|
|
|
|
config NO_TPM
|
|
|
|
|
bool "No TPM"
|
|
|
|
|
help
|
|
|
|
|
No TPM support. Select this option if your system doesn't have a TPM,
|
|
|
|
|
or if you don't want coreboot to communicate with your TPM in any way.
|
|
|
|
|
(If your board doesn't offer a TPM interface, this will be the only
|
|
|
|
|
possible option.)
|
|
|
|
|
|
2018-02-27 19:40:52 +01:00
|
|
|
config TPM1
|
2021-05-19 02:15:50 +02:00
|
|
|
bool "TPM 1.2"
|
2022-04-19 23:00:33 +02:00
|
|
|
depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
|
2021-05-19 02:15:50 +02:00
|
|
|
depends on !MAINBOARD_HAS_TPM2
|
|
|
|
|
help
|
|
|
|
|
Select this option if your TPM uses the older TPM 1.2 protocol.
|
2017-10-18 17:13:07 +02:00
|
|
|
|
|
|
|
|
config TPM2
|
2021-05-19 02:15:50 +02:00
|
|
|
bool "TPM 2.0"
|
2022-04-19 23:00:33 +02:00
|
|
|
depends on I2C_TPM || MEMORY_MAPPED_TPM || SPI_TPM || CRB_TPM
|
2021-05-19 02:15:50 +02:00
|
|
|
depends on !MAINBOARD_HAS_TPM1
|
|
|
|
|
help
|
|
|
|
|
Select this option if your TPM uses the newer TPM 2.0 protocol.
|
|
|
|
|
|
|
|
|
|
endchoice
|
2018-02-27 19:40:52 +01:00
|
|
|
|
2021-04-29 14:33:07 +02:00
|
|
|
config TPM
|
|
|
|
|
bool
|
|
|
|
|
default y
|
|
|
|
|
depends on TPM1 || TPM2
|
|
|
|
|
|
2018-02-27 19:40:52 +01:00
|
|
|
config MAINBOARD_HAS_TPM1
|
|
|
|
|
bool
|
2021-05-19 02:15:50 +02:00
|
|
|
help
|
|
|
|
|
This option can be selected by a mainboard to represent that its TPM
|
|
|
|
|
always uses the 1.2 protocol, and that it should be on by default.
|
2018-02-27 19:40:52 +01:00
|
|
|
|
|
|
|
|
config MAINBOARD_HAS_TPM2
|
|
|
|
|
bool
|
2017-10-18 17:13:07 +02:00
|
|
|
help
|
2021-05-19 02:15:50 +02:00
|
|
|
This option can be selected by a mainboard to represent that its TPM
|
|
|
|
|
always uses the 2.0 protocol, and that it should be on by default.
|
2018-02-27 19:40:52 +01:00
|
|
|
|
|
|
|
|
config TPM_DEACTIVATE
|
|
|
|
|
bool "Deactivate TPM"
|
|
|
|
|
default n
|
|
|
|
|
depends on !VBOOT
|
|
|
|
|
depends on TPM1
|
2017-10-18 17:13:07 +02:00
|
|
|
help
|
2018-02-27 19:40:52 +01:00
|
|
|
Deactivate TPM by issuing deactivate command.
|
2017-10-18 17:13:07 +02:00
|
|
|
|
2018-02-27 19:40:52 +01:00
|
|
|
config DEBUG_TPM
|
|
|
|
|
bool "Output verbose TPM debug messages"
|
2017-10-18 17:13:07 +02:00
|
|
|
default n
|
2018-02-27 19:40:52 +01:00
|
|
|
select DRIVER_TPM_DISPLAY_TIS_BYTES if I2C_TPM
|
2021-05-27 18:33:57 +02:00
|
|
|
depends on TPM
|
2017-10-18 17:13:07 +02:00
|
|
|
help
|
2018-02-27 19:40:52 +01:00
|
|
|
This option enables additional TPM related debug messages.
|
2017-10-18 17:13:07 +02:00
|
|
|
|
2018-02-27 19:40:52 +01:00
|
|
|
config TPM_RDRESP_NEED_DELAY
|
|
|
|
|
bool "Enable Delay Workaround for TPM"
|
2017-10-18 17:13:07 +02:00
|
|
|
default n
|
2022-04-19 23:00:33 +02:00
|
|
|
depends on MEMORY_MAPPED_TPM
|
2017-10-18 17:13:07 +02:00
|
|
|
help
|
2018-02-27 19:40:52 +01:00
|
|
|
Certain TPMs seem to need some delay when reading response
|
|
|
|
|
to work around a race-condition-related issue, possibly
|
|
|
|
|
caused by ill-programmed TPM firmware.
|
2017-10-18 17:13:07 +02:00
|
|
|
|
2019-10-14 17:06:27 +02:00
|
|
|
config TPM_STARTUP_IGNORE_POSTINIT
|
|
|
|
|
bool
|
|
|
|
|
help
|
|
|
|
|
Select this to ignore POSTINIT INVALID return codes on TPM
|
|
|
|
|
startup. This is useful on platforms where a previous stage
|
|
|
|
|
issued a TPM startup. Examples of use cases are Intel TXT
|
2020-02-17 14:04:28 +01:00
|
|
|
or VBOOT on the Intel Arrandale processor, which issues a
|
2019-10-14 17:06:27 +02:00
|
|
|
CPU-only reset during the romstage.
|
|
|
|
|
|
security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-08-22 14:28:36 +02:00
|
|
|
config TPM_MEASURED_BOOT
|
|
|
|
|
bool "Enable Measured Boot"
|
|
|
|
|
default n
|
|
|
|
|
select VBOOT_LIB
|
2021-05-27 18:33:57 +02:00
|
|
|
depends on TPM
|
security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-08-22 14:28:36 +02:00
|
|
|
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
|
|
|
|
help
|
|
|
|
|
Enables measured boot (experimental)
|
|
|
|
|
|
2022-10-22 23:24:37 +02:00
|
|
|
choice
|
|
|
|
|
prompt "TPM event log format"
|
|
|
|
|
depends on TPM_MEASURED_BOOT
|
2022-10-22 23:34:32 +02:00
|
|
|
default TPM_LOG_TPM1 if TPM1
|
2022-10-22 23:47:55 +02:00
|
|
|
default TPM_LOG_TPM2 if TPM2
|
2022-10-22 23:24:37 +02:00
|
|
|
|
|
|
|
|
config TPM_LOG_CB
|
|
|
|
|
bool "coreboot's custom format"
|
|
|
|
|
help
|
|
|
|
|
Custom coreboot-specific format of the log derived from TPM1 log format.
|
2022-10-22 23:34:32 +02:00
|
|
|
config TPM_LOG_TPM1
|
|
|
|
|
bool "TPM 1.2 format"
|
|
|
|
|
depends on TPM1
|
|
|
|
|
help
|
|
|
|
|
Log per TPM 1.2 specification.
|
|
|
|
|
See "TCG PC Client Specific Implementation Specification for Conventional BIOS".
|
2022-10-22 23:47:55 +02:00
|
|
|
config TPM_LOG_TPM2
|
|
|
|
|
bool "TPM 2.0 format"
|
|
|
|
|
depends on TPM2
|
|
|
|
|
help
|
|
|
|
|
Log per TPM 2.0 specification.
|
|
|
|
|
See "TCG PC Client Platform Firmware Profile Specification".
|
|
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
|
|
choice
|
|
|
|
|
prompt "TPM2 hashing algorithm"
|
|
|
|
|
depends on TPM_MEASURED_BOOT && TPM_LOG_TPM2
|
|
|
|
|
default TPM_HASH_SHA1 if TPM1
|
|
|
|
|
default TPM_HASH_SHA256 if TPM2
|
|
|
|
|
|
|
|
|
|
config TPM_HASH_SHA1
|
|
|
|
|
bool "SHA1"
|
|
|
|
|
config TPM_HASH_SHA256
|
|
|
|
|
bool "SHA256"
|
|
|
|
|
config TPM_HASH_SHA384
|
|
|
|
|
bool "SHA384"
|
|
|
|
|
config TPM_HASH_SHA512
|
|
|
|
|
bool "SHA512"
|
2022-10-22 23:24:37 +02:00
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
2021-03-29 14:23:53 +02:00
|
|
|
config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
|
|
|
|
|
bool
|
|
|
|
|
depends on TPM_MEASURED_BOOT && !VBOOT
|
|
|
|
|
help
|
|
|
|
|
Initialize TPM inside the bootblock instead of ramstage. This is
|
|
|
|
|
useful with some form of hardware assisted root of trust
|
|
|
|
|
measurement like Intel TXT/CBnT.
|
|
|
|
|
|
security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-08-22 14:28:36 +02:00
|
|
|
config TPM_MEASURED_BOOT_RUNTIME_DATA
|
|
|
|
|
string "Runtime data whitelist"
|
|
|
|
|
default ""
|
|
|
|
|
depends on TPM_MEASURED_BOOT
|
|
|
|
|
help
|
|
|
|
|
Runtime data whitelist of cbfs filenames. Needs to be a
|
2020-05-12 09:25:39 +02:00
|
|
|
space delimited list
|
security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-08-22 14:28:36 +02:00
|
|
|
|
2022-10-24 00:17:41 +02:00
|
|
|
config PCR_BOOT_MODE
|
|
|
|
|
int
|
|
|
|
|
default 0 if CHROMEOS
|
|
|
|
|
default 1
|
|
|
|
|
|
|
|
|
|
config PCR_HWID
|
|
|
|
|
int
|
|
|
|
|
default 1
|
|
|
|
|
|
|
|
|
|
config PCR_SRTM
|
|
|
|
|
int
|
|
|
|
|
default 2
|
|
|
|
|
|
|
|
|
|
# PCR for measuring data which changes during runtime
|
|
|
|
|
# e.g. CMOS, NVRAM...
|
|
|
|
|
config PCR_RUNTIME_DATA
|
|
|
|
|
int
|
|
|
|
|
default 3
|
|
|
|
|
|
2017-10-18 17:13:07 +02:00
|
|
|
endmenu # Trusted Platform Module (tpm)
|
