<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/22103">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm: Move tpm TSS and TSPI layer to security section<br><br>* Move code from src/lib and src/include into src/security/tpm<br>* Split TPM TSS 1.2 and 2.0<br>* Fix header includes<br>* Add a new directory structure with kconfig and makefile includes<br><br>Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>M src/Kconfig<br>M src/cpu/intel/haswell/romstage.c<br>M src/drivers/i2c/tpm/cr50.c<br>M src/drivers/i2c/tpm/tis.c<br>M src/drivers/i2c/tpm/tis_atmel.c<br>M src/drivers/i2c/tpm/tpm.c<br>M src/drivers/intel/fsp1_1/romstage.c<br>M src/drivers/intel/fsp2_0/memory_init.c<br>M src/drivers/pc80/tpm/Kconfig<br>M src/drivers/pc80/tpm/romstage.c<br>M src/drivers/pc80/tpm/tpm.c<br>M src/drivers/spi/tpm/tis.c<br>M src/drivers/spi/tpm/tpm.c<br>M src/lib/Makefile.inc<br>M src/mainboard/asus/kgpe-d16/romstage.c<br>M src/mainboard/google/gru/chromeos.c<br>M src/mainboard/google/link/romstage.c<br>M src/mainboard/google/oak/tpm_tis.c<br>M src/mainboard/google/parrot/romstage.c<br>M src/mainboard/google/stout/romstage.c<br>M src/mainboard/intel/emeraldlake2/romstage.c<br>M src/mainboard/lenovo/x201/romstage.c<br>M src/mainboard/pcengines/apu2/romstage.c<br>M src/mainboard/samsung/lumpy/romstage.c<br>M src/mainboard/samsung/stumpy/romstage.c<br>M src/northbridge/intel/sandybridge/romstage.c<br>M src/security/Kconfig<br>M src/security/Makefile.inc<br>A src/security/tpm/Kconfig<br>A src/security/tpm/Makefile.inc<br>R src/security/tpm/antirollback.h<br>R src/security/tpm/tcg-1.2/tlcl.c<br>R src/security/tpm/tcg-1.2/tlcl_internal.h<br>R src/security/tpm/tcg-1.2/tlcl_structures.h<br>R src/security/tpm/tcg-2.0/tpm2_marshaling.c<br>R src/security/tpm/tcg-2.0/tpm2_marshaling.h<br>R src/security/tpm/tcg-2.0/tpm2_tlcl.c<br>R src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h<br>R src/security/tpm/tlcl.h<br>R src/security/tpm/tpm.h<br>R src/security/tpm/tpm_error_messages.h<br>R src/security/tpm/tss_constants.h<br>M src/security/vboot/secdata_mock.c<br>M src/security/vboot/secdata_tpm.c<br>M src/security/vboot/vboot_logic.c<br>M src/soc/intel/baytrail/romstage/romstage.c<br>M src/soc/intel/braswell/romstage/romstage.c<br>M src/soc/intel/broadwell/romstage/romstage.c<br>M src/soc/intel/common/tpm_tis.c<br>M src/vendorcode/google/chromeos/cr50_enable_update.c<br>M src/vendorcode/google/chromeos/tpm2.c<br>51 files changed, 122 insertions(+), 102 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/03/22103/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/src/Kconfig b/src/Kconfig<br>index f57ace7..fe78009 100644<br>--- a/src/Kconfig<br>+++ b/src/Kconfig<br>@@ -304,14 +304,6 @@<br> but in some cases more complex setups are required.<br> When an fmd is specified, it overrides the default format.<br> <br>-config MAINBOARD_HAS_TPM2<br>- bool<br>- default n<br>- help<br>- There is a TPM device installed on the mainboard, and it is<br>- compliant with version 2 TCG TPM specification. Could be connected<br>- over LPC, SPI or I2C.<br>-<br> endmenu<br> <br> # load site-local kconfig to allow user specific defaults and overrides<br>@@ -400,36 +392,10 @@<br> bool<br> default n<br> <br>-config TPM<br>- bool<br>- default n<br>- select LPC_TPM if MAINBOARD_HAS_LPC_TPM<br>- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM<br>- help<br>- Enable this option to enable TPM support in coreboot.<br>-<br>- If unsure, say N.<br>-<br>-config TPM2<br>- bool<br>- select LPC_TPM if MAINBOARD_HAS_LPC_TPM<br>- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM<br>- help<br>- Enable this option to enable TPM2 support in coreboot.<br>-<br>- If unsure, say N.<br>-<br> config POWER_OFF_ON_CR50_UPDATE<br> bool<br> help<br> Power off machine while waiting for CR50 update to take effect.<br>-<br>-config MAINBOARD_HAS_TPM_CR50<br>- bool<br>- default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50<br>- default n<br>- select MAINBOARD_HAS_TPM2<br>- select POWER_OFF_ON_CR50_UPDATE if ARCH_X86<br> <br> config HEAP_SIZE<br> hex<br>@@ -974,13 +940,6 @@<br> Print timing information needed by i915tool.<br> <br> If unsure, say N.<br>-<br>-config DEBUG_TPM<br>- bool "Output verbose TPM debug messages"<br>- default n<br>- depends on TPM || TPM2<br>- help<br>- This option enables additional TPM related debug messages.<br> <br> config DEBUG_SPI_FLASH<br> bool "Output verbose SPI flash debug messages"<br>diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c<br>index 136f098..ffbfbdf 100644<br>--- a/src/cpu/intel/haswell/romstage.c<br>+++ b/src/cpu/intel/haswell/romstage.c<br>@@ -42,7 +42,7 @@<br> #include "northbridge/intel/haswell/raminit.h"<br> #include "southbridge/intel/lynxpoint/pch.h"<br> #include "southbridge/intel/lynxpoint/me.h"<br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> static inline void reset_system(void)<br> {<br>diff --git a/src/drivers/i2c/tpm/cr50.c b/src/drivers/i2c/tpm/cr50.c<br>index baf5fe0..4a1b219 100644<br>--- a/src/drivers/i2c/tpm/cr50.c<br>+++ b/src/drivers/i2c/tpm/cr50.c<br>@@ -39,7 +39,7 @@<br> #include <device/i2c_simple.h><br> #include <endian.h><br> #include <timer.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include "tpm.h"<br> <br> #define CR50_MAX_BUFSIZE 63<br>diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c<br>index 20c2d71..ba5f0e4 100644<br>--- a/src/drivers/i2c/tpm/tis.c<br>+++ b/src/drivers/i2c/tpm/tis.c<br>@@ -22,7 +22,7 @@<br> #include <device/i2c_simple.h><br> #include <endian.h><br> #include <lib.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include "tpm.h"<br> #include <timer.h><br> <br>diff --git a/src/drivers/i2c/tpm/tis_atmel.c b/src/drivers/i2c/tpm/tis_atmel.c<br>index 1512099..d321d24 100644<br>--- a/src/drivers/i2c/tpm/tis_atmel.c<br>+++ b/src/drivers/i2c/tpm/tis_atmel.c<br>@@ -23,7 +23,7 @@<br> #include <device/i2c_simple.h><br> #include <endian.h><br> #include <lib.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <timer.h><br> <br> #define RECV_TIMEOUT (1 * 1000) /* 1 second */<br>diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c<br>index 2ce0401..dede671 100644<br>--- a/src/drivers/i2c/tpm/tpm.c<br>+++ b/src/drivers/i2c/tpm/tpm.c<br>@@ -38,7 +38,7 @@<br> #include <device/i2c_simple.h><br> #include <endian.h><br> #include <timer.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include "tpm.h"<br> <br> /* max. number of iterations after I2C NAK */<br>diff --git a/src/drivers/intel/fsp1_1/romstage.c b/src/drivers/intel/fsp1_1/romstage.c<br>index d79bc2f..751d3d0 100644<br>--- a/src/drivers/intel/fsp1_1/romstage.c<br>+++ b/src/drivers/intel/fsp1_1/romstage.c<br>@@ -37,7 +37,7 @@<br> #include <stage_cache.h><br> #include <string.h><br> #include <timestamp.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <vendorcode/google/chromeos/chromeos.h><br> <br> asmlinkage void *romstage_main(FSP_INFO_HEADER *fih)<br>diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c<br>index 0aea1ad..dbbe5c6 100644<br>--- a/src/drivers/intel/fsp2_0/memory_init.c<br>+++ b/src/drivers/intel/fsp2_0/memory_init.c<br>@@ -12,7 +12,7 @@<br> */<br> <br> #include <compiler.h><br>-#include <antirollback.h><br>+#include <security/tpm/antirollback.h><br> #include <arch/io.h><br> #include <arch/cpu.h><br> #include <arch/symbols.h><br>@@ -31,7 +31,7 @@<br> #include <string.h><br> #include <symbols.h><br> #include <timestamp.h><br>-#include <tpm_lite/tlcl.h><br>+#include <security/tpm/tlcl.h><br> #include <security/vboot/vboot_common.h><br> #include <vb2_api.h><br> <br>diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig<br>index f32071c..3bd9083 100644<br>--- a/src/drivers/pc80/tpm/Kconfig<br>+++ b/src/drivers/pc80/tpm/Kconfig<br>@@ -1,9 +1,3 @@<br>-config MAINBOARD_HAS_LPC_TPM<br>- bool<br>- default n<br>- help<br>- Board has TPM support<br>-<br> config LPC_TPM<br> bool "Enable TPM support"<br> depends on MAINBOARD_HAS_LPC_TPM<br>diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c<br>index 5531458..20413d8 100644<br>--- a/src/drivers/pc80/tpm/romstage.c<br>+++ b/src/drivers/pc80/tpm/romstage.c<br>@@ -17,7 +17,7 @@<br> #include <console/cbmem_console.h><br> #include <console/console.h><br> #include <arch/acpi.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <reset.h><br> <br> //#define EXTRA_LOGGING<br>diff --git a/src/drivers/pc80/tpm/tpm.c b/src/drivers/pc80/tpm/tpm.c<br>index c0afd4c..83abb4e 100644<br>--- a/src/drivers/pc80/tpm/tpm.c<br>+++ b/src/drivers/pc80/tpm/tpm.c<br>@@ -32,7 +32,7 @@<br> #include <arch/acpi_device.h><br> #include <device/device.h><br> #include <console/console.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <arch/early_variables.h><br> #include <device/pnp.h><br> #include "chip.h"<br>diff --git a/src/drivers/spi/tpm/tis.c b/src/drivers/spi/tpm/tis.c<br>index 481c9da..f561a97 100644<br>--- a/src/drivers/spi/tpm/tis.c<br>+++ b/src/drivers/spi/tpm/tis.c<br>@@ -7,7 +7,7 @@<br> #include <arch/early_variables.h><br> #include <console/console.h><br> #include <string.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "tpm.h"<br> <br>diff --git a/src/drivers/spi/tpm/tpm.c b/src/drivers/spi/tpm/tpm.c<br>index 0b5a835..2105e02 100644<br>--- a/src/drivers/spi/tpm/tpm.c<br>+++ b/src/drivers/spi/tpm/tpm.c<br>@@ -23,7 +23,7 @@<br> #include <endian.h><br> #include <string.h><br> #include <timer.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "tpm.h"<br> <br>diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc<br>index dfb23b6..9441c7c 100644<br>--- a/src/lib/Makefile.inc<br>+++ b/src/lib/Makefile.inc<br>@@ -53,16 +53,6 @@<br> verstage-y += boot_device.c<br> verstage-$(CONFIG_CONSOLE_CBMEM) += cbmem_console.c<br> <br>-verstage-$(CONFIG_TPM) += tlcl.c<br>-verstage-$(CONFIG_TPM2) += tpm2_marshaling.c<br>-verstage-$(CONFIG_TPM2) += tpm2_tlcl.c<br>-<br>-ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)<br>-romstage-$(CONFIG_TPM) += tlcl.c<br>-romstage-$(CONFIG_TPM2) += tpm2_marshaling.c<br>-romstage-$(CONFIG_TPM2) += tpm2_tlcl.c<br>-endif # CONFIG_VBOOT_SEPARATE_VERSTAGE<br>-<br> verstage-$(CONFIG_GENERIC_UDELAY) += timer.c<br> verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c<br> <br>@@ -144,8 +134,6 @@<br> ramstage-$(CONFIG_GENERIC_UDELAY) += timer.c<br> ramstage-y += b64_decode.c<br> ramstage-$(CONFIG_ACPI_NHLT) += nhlt.c<br>-ramstage-$(CONFIG_TPM2) += tpm2_marshaling.c<br>-ramstage-$(CONFIG_TPM2) += tpm2_tlcl.c<br> <br> romstage-y += cbmem_common.c<br> romstage-y += imd_cbmem.c<br>diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c<br>index a5437e6..9b63e51 100644<br>--- a/src/mainboard/asus/kgpe-d16/romstage.c<br>+++ b/src/mainboard/asus/kgpe-d16/romstage.c<br>@@ -46,7 +46,7 @@<br> #include <cpu/amd/family_10h-family_15h/init_cpus.h><br> #include <arch/early_variables.h><br> #include <cbmem.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "resourcemap.c"<br> #include "cpu/amd/quadcore/quadcore.c"<br>diff --git a/src/mainboard/google/gru/chromeos.c b/src/mainboard/google/gru/chromeos.c<br>index b28e9fc..92e18bb 100644<br>--- a/src/mainboard/google/gru/chromeos.c<br>+++ b/src/mainboard/google/gru/chromeos.c<br>@@ -17,7 +17,7 @@<br> #include <bootmode.h><br> #include <boot/coreboot_tables.h><br> #include <gpio.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "board.h"<br> <br>diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c<br>index 733aa30..e23eced 100644<br>--- a/src/mainboard/google/link/romstage.c<br>+++ b/src/mainboard/google/link/romstage.c<br>@@ -35,7 +35,7 @@<br> #include <arch/cpu.h><br> #include <cpu/x86/msr.h><br> #include <halt.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <cbfs.h><br> <br> #include <southbridge/intel/bd82x6x/chip.h><br>diff --git a/src/mainboard/google/oak/tpm_tis.c b/src/mainboard/google/oak/tpm_tis.c<br>index 018f02d..ba019a6 100644<br>--- a/src/mainboard/google/oak/tpm_tis.c<br>+++ b/src/mainboard/google/oak/tpm_tis.c<br>@@ -14,7 +14,7 @@<br> */<br> <br> #include <gpio.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "gpio.h"<br> <br>diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c<br>index d9f2f8f..f34dac0 100644<br>--- a/src/mainboard/google/parrot/romstage.c<br>+++ b/src/mainboard/google/parrot/romstage.c<br>@@ -35,7 +35,7 @@<br> #include <cpu/x86/msr.h><br> #include <halt.h><br> #include <cbfs.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include "ec/compal/ene932/ec.h"<br> <br> void pch_enable_lpc(void)<br>diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c<br>index d054b39..90313fb 100644<br>--- a/src/mainboard/google/stout/romstage.c<br>+++ b/src/mainboard/google/stout/romstage.c<br>@@ -35,7 +35,7 @@<br> #include <cpu/x86/msr.h><br> #include <halt.h><br> #include <bootmode.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <cbfs.h><br> #include <ec/quanta/it8518/ec.h><br> #include "ec.h"<br>diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c<br>index 446164f..3827337 100644<br>--- a/src/mainboard/intel/emeraldlake2/romstage.c<br>+++ b/src/mainboard/intel/emeraldlake2/romstage.c<br>@@ -35,7 +35,7 @@<br> #include <arch/cpu.h><br> #include <cpu/x86/msr.h><br> #include <halt.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #define SIO_PORT 0x164e<br> <br>diff --git a/src/mainboard/lenovo/x201/romstage.c b/src/mainboard/lenovo/x201/romstage.c<br>index e8312d7..f19f555 100644<br>--- a/src/mainboard/lenovo/x201/romstage.c<br>+++ b/src/mainboard/lenovo/x201/romstage.c<br>@@ -35,7 +35,7 @@<br> #include <timestamp.h><br> #include <arch/acpi.h><br> #include <cbmem.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "dock.h"<br> #include "arch/early_variables.h"<br>diff --git a/src/mainboard/pcengines/apu2/romstage.c b/src/mainboard/pcengines/apu2/romstage.c<br>index 1ccf7c4..092c626 100644<br>--- a/src/mainboard/pcengines/apu2/romstage.c<br>+++ b/src/mainboard/pcengines/apu2/romstage.c<br>@@ -32,7 +32,7 @@<br> #include <cpu/x86/lapic.h><br> #include <southbridge/amd/pi/hudson/hudson.h><br> #include <Fch/Fch.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> #include "gpio_ftns.h"<br> <br>diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c<br>index 3afb196..a04d538 100644<br>--- a/src/mainboard/samsung/lumpy/romstage.c<br>+++ b/src/mainboard/samsung/lumpy/romstage.c<br>@@ -28,7 +28,7 @@<br> #include <cbmem.h><br> #include <console/console.h><br> #include <bootmode.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <northbridge/intel/sandybridge/sandybridge.h><br> #include <northbridge/intel/sandybridge/raminit.h><br> #include <northbridge/intel/sandybridge/raminit_native.h><br>diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c<br>index ec5368d..367a438 100644<br>--- a/src/mainboard/samsung/stumpy/romstage.c<br>+++ b/src/mainboard/samsung/stumpy/romstage.c<br>@@ -37,7 +37,7 @@<br> #include <arch/cpu.h><br> #include <cpu/x86/msr.h><br> #include <halt.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #if IS_ENABLED(CONFIG_DRIVERS_UART_8250IO)<br> #include <superio/smsc/lpc47n207/lpc47n207.h><br> #endif<br>diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c<br>index 8608d5a..1f31ad6 100644<br>--- a/src/northbridge/intel/sandybridge/romstage.c<br>+++ b/src/northbridge/intel/sandybridge/romstage.c<br>@@ -28,7 +28,7 @@<br> #include <device/pci_def.h><br> #include <device/device.h><br> #include <halt.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <northbridge/intel/sandybridge/chip.h><br> #include "southbridge/intel/bd82x6x/pch.h"<br> #include <southbridge/intel/common/gpio.h><br>diff --git a/src/security/Kconfig b/src/security/Kconfig<br>index 7d105b8..6a334ac 100644<br>--- a/src/security/Kconfig<br>+++ b/src/security/Kconfig<br>@@ -13,3 +13,4 @@<br> ##<br> <br> source "src/security/vboot/Kconfig"<br>+source "src/security/tpm/Kconfig"<br>diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc<br>index d2e1e60..ac4df5e 100644<br>--- a/src/security/Makefile.inc<br>+++ b/src/security/Makefile.inc<br>@@ -1 +1,3 @@<br> subdirs-y += vboot<br>+subdirs-y += tpm<br>+subdirs-y += vboot<br>diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig<br>new file mode 100644<br>index 0000000..47979d2<br>--- /dev/null<br>+++ b/src/security/tpm/Kconfig<br>@@ -0,0 +1,64 @@<br>+## This file is part of the coreboot project.<br>+##<br>+## Copyright (C) 2017 Philipp Deppenwiese, Facebook, Inc.<br>+##<br>+## This program is free software; you can redistribute it and/or modify<br>+## it under the terms of the GNU General Public License as published by<br>+## the Free Software Foundation; version 2 of the License.<br>+##<br>+## This program is distributed in the hope that it will be useful,<br>+## but WITHOUT ANY WARRANTY; without even the implied warranty of<br>+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the<br>+## GNU General Public License for more details.<br>+##<br>+<br>+menu "Trusted Platform Module"<br>+<br>+config TPM<br>+ bool<br>+ default n<br>+ select LPC_TPM if MAINBOARD_HAS_LPC_TPM<br>+ select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM<br>+ help<br>+ Enable this option to enable TPM support in coreboot.<br>+<br>+ If unsure, say N.<br>+<br>+config TPM2<br>+ bool<br>+ select LPC_TPM if MAINBOARD_HAS_LPC_TPM<br>+ select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM<br>+ help<br>+ Enable this option to enable TPM2 support in coreboot.<br>+<br>+ If unsure, say N.<br>+<br>+config DEBUG_TPM<br>+ bool "Output verbose TPM debug messages"<br>+ default n<br>+ depends on TPM || TPM2<br>+ help<br>+ This option enables additional TPM related debug messages.<br>+<br>+config MAINBOARD_HAS_TPM_CR50<br>+ bool<br>+ default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50<br>+ default n<br>+ select MAINBOARD_HAS_TPM2<br>+ select POWER_OFF_ON_CR50_UPDATE if ARCH_X86<br>+<br>+config MAINBOARD_HAS_LPC_TPM<br>+ bool<br>+ default n<br>+ help<br>+ Board has TPM support<br>+<br>+config MAINBOARD_HAS_TPM2<br>+ bool<br>+ default n<br>+ help<br>+ There is a TPM device installed on the mainboard, and it is<br>+ compliant with version 2 TCG TPM specification. Could be connected<br>+ over LPC, SPI or I2C.<br>+<br>+endmenu # Trusted Platform Module (tpm)<br>diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc<br>new file mode 100644<br>index 0000000..48e7010<br>--- /dev/null<br>+++ b/src/security/tpm/Makefile.inc<br>@@ -0,0 +1,12 @@<br>+verstage-$(CONFIG_TPM) += tcg-1.2/tlcl.c<br>+verstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c<br>+verstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c<br>+<br>+ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)<br>+romstage-$(CONFIG_TPM) += tcg-1.2/tlcl.c<br>+romstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c<br>+romstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c<br>+endif # CONFIG_VBOOT_SEPARATE_VERSTAGE<br>+<br>+ramstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_marshaling.c<br>+ramstage-$(CONFIG_TPM2) += tcg-2.0/tpm2_tlcl.c<br>diff --git a/src/include/antirollback.h b/src/security/tpm/antirollback.h<br>similarity index 98%<br>rename from src/include/antirollback.h<br>rename to src/security/tpm/antirollback.h<br>index f61aa85..d1bc433 100644<br>--- a/src/include/antirollback.h<br>+++ b/src/security/tpm/antirollback.h<br>@@ -9,7 +9,7 @@<br> #ifndef ANTIROLLBACK_H_<br> #define ANTIROLLBACK_H_<br> <br>-#include "tpm_lite/tss_constants.h"<br>+#include "tss_constants.h"<br> <br> struct vb2_context;<br> enum vb2_pcr_digest;<br>diff --git a/src/lib/tlcl.c b/src/security/tpm/tcg-1.2/tlcl.c<br>similarity index 99%<br>rename from src/lib/tlcl.c<br>rename to src/security/tpm/tcg-1.2/tlcl.c<br>index 49854cb..c7fcfcb 100644<br>--- a/src/lib/tlcl.c<br>+++ b/src/security/tpm/tcg-1.2/tlcl.c<br>@@ -17,11 +17,11 @@<br> #include <arch/early_variables.h><br> #include <assert.h><br> #include <string.h><br>-#include <tpm_lite/tlcl.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <vb2_api.h><br> #include "tlcl_internal.h"<br> #include "tlcl_structures.h"<br>+#include "../tlcl.h"<br> <br> #ifdef FOR_TEST<br> #include <stdio.h><br>diff --git a/src/lib/tlcl_internal.h b/src/security/tpm/tcg-1.2/tlcl_internal.h<br>similarity index 100%<br>rename from src/lib/tlcl_internal.h<br>rename to src/security/tpm/tcg-1.2/tlcl_internal.h<br>diff --git a/src/lib/tlcl_structures.h b/src/security/tpm/tcg-1.2/tlcl_structures.h<br>similarity index 100%<br>rename from src/lib/tlcl_structures.h<br>rename to src/security/tpm/tcg-1.2/tlcl_structures.h<br>diff --git a/src/lib/tpm2_marshaling.c b/src/security/tpm/tcg-2.0/tpm2_marshaling.c<br>similarity index 100%<br>rename from src/lib/tpm2_marshaling.c<br>rename to src/security/tpm/tcg-2.0/tpm2_marshaling.c<br>diff --git a/src/lib/tpm2_marshaling.h b/src/security/tpm/tcg-2.0/tpm2_marshaling.h<br>similarity index 100%<br>rename from src/lib/tpm2_marshaling.h<br>rename to src/security/tpm/tcg-2.0/tpm2_marshaling.h<br>diff --git a/src/lib/tpm2_tlcl.c b/src/security/tpm/tcg-2.0/tpm2_tlcl.c<br>similarity index 98%<br>rename from src/lib/tpm2_tlcl.c<br>rename to src/security/tpm/tcg-2.0/tpm2_tlcl.c<br>index fde90a0..e111b89 100644<br>--- a/src/lib/tpm2_tlcl.c<br>+++ b/src/security/tpm/tcg-2.0/tpm2_tlcl.c<br>@@ -4,16 +4,16 @@<br> * found in the LICENSE file.<br> */<br> <br>-#include <antirollback.h><br> #include <arch/early_variables.h><br> #include <console/console.h><br> #include <endian.h><br>-#include <lib/tpm2_tlcl_structures.h><br> #include <string.h><br>-#include <tpm.h><br> #include <vb2_api.h><br> <br>+#include "tpm2_tlcl_structures.h"<br> #include "tpm2_marshaling.h"<br>+#include "../tpm.h"<br>+#include "../antirollback.h"<br> <br> /*<br> * This file provides interface between firmware and TPM2 device. The TPM1.2<br>diff --git a/src/lib/tpm2_tlcl_structures.h b/src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h<br>similarity index 99%<br>rename from src/lib/tpm2_tlcl_structures.h<br>rename to src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h<br>index 2a6615d..acd9e74 100644<br>--- a/src/lib/tpm2_tlcl_structures.h<br>+++ b/src/security/tpm/tcg-2.0/tpm2_tlcl_structures.h<br>@@ -13,9 +13,10 @@<br> */<br> #include <stdint.h><br> #include <compiler.h><br>-#include <tpm_lite/tlcl.h><br> #include <types.h><br> <br>+#include "../tlcl.h"<br>+<br> /* This should be plenty for what firmware needs. */<br> #define TPM_BUFFER_SIZE 256<br> <br>diff --git a/src/include/tpm_lite/tlcl.h b/src/security/tpm/tlcl.h<br>similarity index 100%<br>rename from src/include/tpm_lite/tlcl.h<br>rename to src/security/tpm/tlcl.h<br>diff --git a/src/include/tpm.h b/src/security/tpm/tpm.h<br>similarity index 100%<br>rename from src/include/tpm.h<br>rename to src/security/tpm/tpm.h<br>diff --git a/src/lib/tpm_error_messages.h b/src/security/tpm/tpm_error_messages.h<br>similarity index 100%<br>rename from src/lib/tpm_error_messages.h<br>rename to src/security/tpm/tpm_error_messages.h<br>diff --git a/src/include/tpm_lite/tss_constants.h b/src/security/tpm/tss_constants.h<br>similarity index 100%<br>rename from src/include/tpm_lite/tss_constants.h<br>rename to src/security/tpm/tss_constants.h<br>diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c<br>index 72ee5b3..ff8e98e 100644<br>--- a/src/security/vboot/secdata_mock.c<br>+++ b/src/security/vboot/secdata_mock.c<br>@@ -32,9 +32,9 @@<br> * stored in the TPM NVRAM.<br> */<br> <br>-#include <antirollback.h><br>+#include <security/tpm/antirollback.h><br> #include <stdlib.h><br>-#include <tpm_lite/tlcl.h><br>+#include <security/tpm/tlcl.h><br> #include <vb2_api.h><br> <br> uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,<br>diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c<br>index be9d680..2dc11bd 100644<br>--- a/src/security/vboot/secdata_tpm.c<br>+++ b/src/security/vboot/secdata_tpm.c<br>@@ -32,10 +32,10 @@<br> * stored in the TPM NVRAM.<br> */<br> <br>-#include <antirollback.h><br>+#include <security/tpm/antirollback.h><br> #include <stdlib.h><br> #include <string.h><br>-#include <tpm_lite/tlcl.h><br>+#include <security/tpm/tlcl.h><br> #include <vb2_api.h><br> #include <console/console.h><br> <br>diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c<br>index e6b97b9..c76739a 100644<br>--- a/src/security/vboot/vboot_logic.c<br>+++ b/src/security/vboot/vboot_logic.c<br>@@ -13,7 +13,7 @@<br> * GNU General Public License for more details.<br> */<br> <br>-#include <antirollback.h><br>+#include <security/tpm/antirollback.h><br> #include <arch/exception.h><br> #include <assert.h><br> #include <bootmode.h><br>diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c<br>index 9990d84..d8e6449 100644<br>--- a/src/soc/intel/baytrail/romstage/romstage.c<br>+++ b/src/soc/intel/baytrail/romstage/romstage.c<br>@@ -30,7 +30,7 @@<br> #include <stage_cache.h><br> #include <string.h><br> #include <timestamp.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <vendorcode/google/chromeos/chromeos.h><br> #include <soc/gpio.h><br> #include <soc/iomap.h><br>diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c<br>index 0125847..ec0ca54 100644<br>--- a/src/soc/intel/braswell/romstage/romstage.c<br>+++ b/src/soc/intel/braswell/romstage/romstage.c<br>@@ -43,7 +43,7 @@<br> #include <soc/romstage.h><br> #include <soc/smm.h><br> #include <soc/spi.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> void program_base_addresses(void)<br> {<br>diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c<br>index 1417b80..fa4c1ea 100644<br>--- a/src/soc/intel/broadwell/romstage/romstage.c<br>+++ b/src/soc/intel/broadwell/romstage/romstage.c<br>@@ -25,7 +25,7 @@<br> #include <cbmem.h><br> #include <cpu/x86/mtrr.h><br> #include <elog.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> #include <program_loading.h><br> #include <romstage_handoff.h><br> #include <stage_cache.h><br>diff --git a/src/soc/intel/common/tpm_tis.c b/src/soc/intel/common/tpm_tis.c<br>index ed57cef..f088c0d 100644<br>--- a/src/soc/intel/common/tpm_tis.c<br>+++ b/src/soc/intel/common/tpm_tis.c<br>@@ -14,7 +14,7 @@<br> */<br> <br> #include <arch/acpi.h><br>-#include <tpm.h><br>+#include <security/tpm/tpm.h><br> <br> int tis_plat_irq_status(void)<br> {<br>diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c<br>index bad3513..450d71f 100644<br>--- a/src/vendorcode/google/chromeos/cr50_enable_update.c<br>+++ b/src/vendorcode/google/chromeos/cr50_enable_update.c<br>@@ -18,7 +18,7 @@<br> #include <ec/google/chromeec/ec.h><br> #include <elog.h><br> #include <halt.h><br>-#include <tpm_lite/tlcl.h><br>+#include <security/tpm/tlcl.h><br> #include <vb2_api.h><br> #include <security/vboot/vboot_common.h><br> <br>@@ -68,4 +68,3 @@<br> halt();<br> }<br> BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, enable_update, NULL);<br>-<br>diff --git a/src/vendorcode/google/chromeos/tpm2.c b/src/vendorcode/google/chromeos/tpm2.c<br>index fd1dac9..266cf75 100644<br>--- a/src/vendorcode/google/chromeos/tpm2.c<br>+++ b/src/vendorcode/google/chromeos/tpm2.c<br>@@ -15,7 +15,7 @@<br> <br> #include <bootstate.h><br> #include <console/console.h><br>-#include <tpm_lite/tlcl.h><br>+#include <security/tpm/tlcl.h><br> #include <vb2_api.h><br> <br> static void disable_platform_hierarchy(void *unused)<br></pre><p>To view, visit <a href="https://review.coreboot.org/22103">change 22103</a>. To unsubscribe, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/22103"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b </div>
<div style="display:none"> Gerrit-Change-Number: 22103 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>