From: Aidan <[email protected]> Hook the wolfTPM source tree (imported as a subtree at lib/wolftpm/ in the preceding commits) into the U-Boot build and add upstream-pull support to tools/update-subtree.sh, matching how mbedtls, dts, and lwip are maintained.
lib/Kconfig: Adds CONFIG_TPM_WOLF under library routines, depending on DM, implying DM_RNG, and selecting SHA1. lib/Makefile: When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c, tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c). Sets -I include paths and -DWOLFTPM_USER_SETTINGS so wolfTPM picks up include/configs/user_settings.h. tools/update-subtree.sh: Registers the wolftpm subtree (path lib/wolftpm, upstream https://github.com/wolfssl/wolfTPM.git) so the existing pull/pick workflow can be used for future wolfTPM updates. Signed-off-by: Aidan Garske <[email protected]> --- lib/Kconfig | 13 +++++++++++++ lib/Makefile | 17 +++++++++++++++++ tools/update-subtree.sh | 7 ++++++- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index 931d5206936..b7dc422e94c 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -500,6 +500,19 @@ config TPM If you want a fully functional TPM enable all hashing algorithms. If you enabled measured boot all hashing algorithms are selected. +config TPM_WOLF + bool "Enable wolfTPM support" + depends on DM + imply DM_RNG + select SHA1 + help + This option enables support for wolfTPM in U-Boot. wolfTPM is a + portable, open-source TPM 2.0 stack licensed under GPLv2. Enabling + this option allows U-Boot to interact with the TPM via wolfTPM, + including firmware updates, PCR extend, and other TPM 2.0 + operations. The wolfTPM source tree lives under lib/wolftpm/ as + a subtree (see tools/update-subtree.sh). + config SPL_TPM bool "Trusted Platform Module (TPM) Support in SPL" depends on SPL_DM diff --git a/lib/Makefile b/lib/Makefile index 70667f3728c..0753e33d69e 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -64,6 +64,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o endif +# wolfTPM (TPM 2.0 stack, including firmware update support) +ifeq ($(CONFIG_TPM_WOLF),y) +ifeq ($(CONFIG_TPM_V2),y) +ccflags-y += -I$(srctree)/lib/wolftpm \ + -I$(srctree)/include/configs \ + -DWOLFTPM_USER_SETTINGS +obj-y += wolftpm/hal/tpm_io.o +obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o +obj-y += wolftpm/src/tpm2.o +obj-y += wolftpm/src/tpm2_packet.o +obj-y += wolftpm/src/tpm2_tis.o +obj-y += wolftpm/src/tpm2_wrap.o +obj-y += wolftpm/src/tpm2_param_enc.o +obj-y += wolftpm.o +endif +endif + obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o diff --git a/tools/update-subtree.sh b/tools/update-subtree.sh index 536b3318573..c5963e6a3ae 100755 --- a/tools/update-subtree.sh +++ b/tools/update-subtree.sh @@ -17,7 +17,7 @@ set -e print_usage() { echo "usage: $0 <op> <subtree-name> <ref>" echo " <op> pull or pick" - echo " <subtree-name> mbedtls or dts or lwip" + echo " <subtree-name> mbedtls or dts or lwip or wolftpm" echo " <ref> release tag [pull] or commit id [pick]" } @@ -47,6 +47,11 @@ set_params() { repo_url=https://git.savannah.gnu.org/git/lwip.git remote_name="lwip_upstream" ;; + wolftpm) + path=lib/wolftpm + repo_url=https://github.com/wolfssl/wolfTPM.git + remote_name="wolftpm_upstream" + ;; *) echo "Invalid subtree name: $subtree_name" print_usage -- 2.49.0
