On 2/25/26 5:24 AM, Shiva Tripathi wrote:
Enable firmware TPM (fTPM) support via OP-TEE for K3 platforms with
MMC hardware. This provides TPM 2.0 functionality through
Microsoft's fTPM Trusted Application running in OP-TEE secure world,
using eMMC RPMB as persistent storage.
fTPM support in U-Boot provides the foundation for measured boot
and disk encryption use cases.
The ARM64 condition ensures these apply only to A53/A72 cores and the
MMC condition ensures fTPM is enabled only on platforms with eMMC
hardware support.
Signed-off-by: Shiva Tripathi <[email protected]>
---
Changes in v2:
- Moved fTPM enablement from per-board defconfig files to common Kconfig
- Added configs to ARCH_K3 (arch/arm/Kconfig) to enable for all K3 platforms
- Added command configs to TI_COMMON_CMD_OPTIONS (board/ti/common/Kconfig)
- Added MMC dependency to address concern about boards without eMMC hardware
- Link to v1:
https://lore.kernel.org/all/[email protected]/
---
arch/arm/Kconfig | 3 +++
board/ti/common/Kconfig | 2 ++
2 files changed, 5 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 5508fce796a..eb83b5c35f1 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -834,6 +834,9 @@ config ARCH_K3
imply DM_RNG if ARM64
imply TEE if ARM64
imply OPTEE if ARM64
+ imply TPM if ARM64 && MMC
+ imply TPM2_FTPM_TEE if ARM64 && MMC
Although maybe less-so, the fTPM can still be useful outside
of the secure storage bits that require eMMC/RPMB. Anyway,
Acked-by: Andrew Davis <[email protected]>
+ imply SUPPORT_EMMC_RPMB if ARM64 && MMC
config ARCH_OMAP2PLUS
bool "TI OMAP2+"
diff --git a/board/ti/common/Kconfig b/board/ti/common/Kconfig
index 409454813f3..149909093b3 100644
--- a/board/ti/common/Kconfig
+++ b/board/ti/common/Kconfig
@@ -61,4 +61,6 @@ config TI_COMMON_CMD_OPTIONS
imply CMD_SPL
imply CMD_TIME
imply CMD_USB if USB
+ imply CMD_TPM if TPM
+ imply CMD_OPTEE_RPMB if OPTEE && SUPPORT_EMMC_RPMB
