Hello Michael, hello *, just a small comment for the records: As discussed in the last monthly telephone conference (https://wiki.ipfire.org/devel/telco/2021-09-06), we will use a TPM only for HWRNG purposes. Nothing else will depend on it, as there is nothing relevant left to be locked down in IPFire thanks to enforced kernel module signing. So no user needs to worry about introducing TPM support coming with a lack of digital sovereignty - that is, if something like this even exits on today's hardware. :-) Acked-by: Peter Müller Thanks, and best regards, Peter Müller > Signed-off-by: Michael Tremer > --- > config/kernel/kernel.config.aarch64-ipfire | 15 ++++++++++++++- > config/kernel/kernel.config.armv6l-ipfire | 12 +++++++++++- > config/kernel/kernel.config.i586-ipfire | 16 +++++++++++++++- > config/kernel/kernel.config.x86_64-ipfire | 17 ++++++++++++++++- > 4 files changed, 56 insertions(+), 4 deletions(-) > > diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire > index aa34b64db..49ee85970 100644 > --- a/config/kernel/kernel.config.aarch64-ipfire > +++ b/config/kernel/kernel.config.aarch64-ipfire > @@ -3422,7 +3422,19 @@ CONFIG_DEVMEM=y > CONFIG_RAW_DRIVER=y > CONFIG_MAX_RAW_DEVS=8192 > CONFIG_DEVPORT=y > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=m > +CONFIG_HW_RANDOM_TPM=y > +CONFIG_TCG_TIS_CORE=m > +CONFIG_TCG_TIS=m > +CONFIG_TCG_TIS_I2C_ATMEL=m > +CONFIG_TCG_TIS_I2C_INFINEON=m > +CONFIG_TCG_TIS_I2C_NUVOTON=m > +CONFIG_TCG_ATMEL=m > +CONFIG_TCG_INFINEON=m > +CONFIG_TCG_CRB=m > +CONFIG_TCG_VTPM_PROXY=m > +CONFIG_TCG_TIS_ST33ZP24=m > +CONFIG_TCG_TIS_ST33ZP24_I2C=m > # CONFIG_XILLYBUS is not set > # end of Character devices > > @@ -7271,6 +7283,7 @@ CONFIG_IO_WQ=y > CONFIG_KEYS=y > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=y > diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire > index 7b82e87df..b11a179e3 100644 > --- a/config/kernel/kernel.config.armv6l-ipfire > +++ b/config/kernel/kernel.config.armv6l-ipfire > @@ -3463,7 +3463,16 @@ CONFIG_DEVMEM=y > CONFIG_RAW_DRIVER=y > CONFIG_MAX_RAW_DEVS=8192 > CONFIG_DEVPORT=y > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=m > +CONFIG_HW_RANDOM_TPM=y > +CONFIG_TCG_TIS_CORE=m > +CONFIG_TCG_TIS=m > +CONFIG_TCG_TIS_I2C_ATMEL=m > +CONFIG_TCG_TIS_I2C_INFINEON=m > +CONFIG_TCG_TIS_I2C_NUVOTON=m > +CONFIG_TCG_VTPM_PROXY=m > +CONFIG_TCG_TIS_ST33ZP24=m > +CONFIG_TCG_TIS_ST33ZP24_I2C=m > # CONFIG_XILLYBUS is not set > # end of Character devices > > @@ -7366,6 +7375,7 @@ CONFIG_IO_WQ=y > CONFIG_KEYS=y > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=y > diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire > index 90d4ac856..2d7158c96 100644 > --- a/config/kernel/kernel.config.i586-ipfire > +++ b/config/kernel/kernel.config.i586-ipfire > @@ -3449,7 +3449,21 @@ CONFIG_DEVPORT=y > CONFIG_HPET=y > # CONFIG_HPET_MMAP is not set > CONFIG_HANGCHECK_TIMER=m > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=m > +CONFIG_HW_RANDOM_TPM=y > +CONFIG_TCG_TIS_CORE=m > +CONFIG_TCG_TIS=m > +CONFIG_TCG_TIS_I2C_ATMEL=m > +CONFIG_TCG_TIS_I2C_INFINEON=m > +CONFIG_TCG_TIS_I2C_NUVOTON=m > +CONFIG_TCG_NSC=m > +CONFIG_TCG_ATMEL=m > +CONFIG_TCG_INFINEON=m > +CONFIG_TCG_XEN=m > +CONFIG_TCG_CRB=m > +CONFIG_TCG_VTPM_PROXY=m > +CONFIG_TCG_TIS_ST33ZP24=m > +CONFIG_TCG_TIS_ST33ZP24_I2C=m > # CONFIG_TELCLOCK is not set > # CONFIG_XILLYBUS is not set > # end of Character devices > diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire > index fe93d731c..65014f41a 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -3413,7 +3413,21 @@ CONFIG_DEVPORT=y > CONFIG_HPET=y > # CONFIG_HPET_MMAP is not set > CONFIG_HANGCHECK_TIMER=m > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=m > +CONFIG_HW_RANDOM_TPM=y > +CONFIG_TCG_TIS_CORE=m > +CONFIG_TCG_TIS=m > +CONFIG_TCG_TIS_I2C_ATMEL=m > +CONFIG_TCG_TIS_I2C_INFINEON=m > +CONFIG_TCG_TIS_I2C_NUVOTON=m > +CONFIG_TCG_NSC=m > +CONFIG_TCG_ATMEL=m > +CONFIG_TCG_INFINEON=m > +CONFIG_TCG_XEN=m > +CONFIG_TCG_CRB=m > +CONFIG_TCG_VTPM_PROXY=m > +CONFIG_TCG_TIS_ST33ZP24=m > +CONFIG_TCG_TIS_ST33ZP24_I2C=m > # CONFIG_TELCLOCK is not set > # CONFIG_XILLYBUS is not set > # end of Character devices > @@ -6746,6 +6760,7 @@ CONFIG_IO_WQ=y > CONFIG_KEYS=y > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=y >