From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH 11/13] kernel: Enable support for TPM hardware Date: Sat, 18 Sep 2021 16:15:01 +0000 Message-ID: In-Reply-To: <20210917114229.10704-11-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2064202736815717868==" List-Id: --===============2064202736815717868== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, hello *, just a small comment for the records: As discussed in the last monthly teleph= one conference (https://wiki.ipfire.org/devel/telco/2021-09-06), we will use a TP= M only for HWRNG purposes. Nothing else will depend on it, as there is nothing relev= ant left to be locked down in IPFire thanks to enforced kernel module signing. So no user needs to worry about introducing TPM support coming with a lack of digital sovereignty - that is, if something like this even exits on today's h= ardware. :-) Acked-by: Peter M=C3=BCller Thanks, and best regards, Peter M=C3=BCller > Signed-off-by: Michael Tremer > --- > config/kernel/kernel.config.aarch64-ipfire | 15 ++++++++++++++- > config/kernel/kernel.config.armv6l-ipfire | 12 +++++++++++- > config/kernel/kernel.config.i586-ipfire | 16 +++++++++++++++- > config/kernel/kernel.config.x86_64-ipfire | 17 ++++++++++++++++- > 4 files changed, 56 insertions(+), 4 deletions(-) >=20 > diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/ker= nel.config.aarch64-ipfire > index aa34b64db..49ee85970 100644 > --- a/config/kernel/kernel.config.aarch64-ipfire > +++ b/config/kernel/kernel.config.aarch64-ipfire > @@ -3422,7 +3422,19 @@ CONFIG_DEVMEM=3Dy > CONFIG_RAW_DRIVER=3Dy > CONFIG_MAX_RAW_DEVS=3D8192 > CONFIG_DEVPORT=3Dy > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=3Dm > +CONFIG_HW_RANDOM_TPM=3Dy > +CONFIG_TCG_TIS_CORE=3Dm > +CONFIG_TCG_TIS=3Dm > +CONFIG_TCG_TIS_I2C_ATMEL=3Dm > +CONFIG_TCG_TIS_I2C_INFINEON=3Dm > +CONFIG_TCG_TIS_I2C_NUVOTON=3Dm > +CONFIG_TCG_ATMEL=3Dm > +CONFIG_TCG_INFINEON=3Dm > +CONFIG_TCG_CRB=3Dm > +CONFIG_TCG_VTPM_PROXY=3Dm > +CONFIG_TCG_TIS_ST33ZP24=3Dm > +CONFIG_TCG_TIS_ST33ZP24_I2C=3Dm > # CONFIG_XILLYBUS is not set > # end of Character devices > =20 > @@ -7271,6 +7283,7 @@ CONFIG_IO_WQ=3Dy > CONFIG_KEYS=3Dy > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=3Dy > diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kern= el.config.armv6l-ipfire > index 7b82e87df..b11a179e3 100644 > --- a/config/kernel/kernel.config.armv6l-ipfire > +++ b/config/kernel/kernel.config.armv6l-ipfire > @@ -3463,7 +3463,16 @@ CONFIG_DEVMEM=3Dy > CONFIG_RAW_DRIVER=3Dy > CONFIG_MAX_RAW_DEVS=3D8192 > CONFIG_DEVPORT=3Dy > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=3Dm > +CONFIG_HW_RANDOM_TPM=3Dy > +CONFIG_TCG_TIS_CORE=3Dm > +CONFIG_TCG_TIS=3Dm > +CONFIG_TCG_TIS_I2C_ATMEL=3Dm > +CONFIG_TCG_TIS_I2C_INFINEON=3Dm > +CONFIG_TCG_TIS_I2C_NUVOTON=3Dm > +CONFIG_TCG_VTPM_PROXY=3Dm > +CONFIG_TCG_TIS_ST33ZP24=3Dm > +CONFIG_TCG_TIS_ST33ZP24_I2C=3Dm > # CONFIG_XILLYBUS is not set > # end of Character devices > =20 > @@ -7366,6 +7375,7 @@ CONFIG_IO_WQ=3Dy > CONFIG_KEYS=3Dy > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=3Dy > diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel= .config.i586-ipfire > index 90d4ac856..2d7158c96 100644 > --- a/config/kernel/kernel.config.i586-ipfire > +++ b/config/kernel/kernel.config.i586-ipfire > @@ -3449,7 +3449,21 @@ CONFIG_DEVPORT=3Dy > CONFIG_HPET=3Dy > # CONFIG_HPET_MMAP is not set > CONFIG_HANGCHECK_TIMER=3Dm > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=3Dm > +CONFIG_HW_RANDOM_TPM=3Dy > +CONFIG_TCG_TIS_CORE=3Dm > +CONFIG_TCG_TIS=3Dm > +CONFIG_TCG_TIS_I2C_ATMEL=3Dm > +CONFIG_TCG_TIS_I2C_INFINEON=3Dm > +CONFIG_TCG_TIS_I2C_NUVOTON=3Dm > +CONFIG_TCG_NSC=3Dm > +CONFIG_TCG_ATMEL=3Dm > +CONFIG_TCG_INFINEON=3Dm > +CONFIG_TCG_XEN=3Dm > +CONFIG_TCG_CRB=3Dm > +CONFIG_TCG_VTPM_PROXY=3Dm > +CONFIG_TCG_TIS_ST33ZP24=3Dm > +CONFIG_TCG_TIS_ST33ZP24_I2C=3Dm > # CONFIG_TELCLOCK is not set > # CONFIG_XILLYBUS is not set > # end of Character devices > diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kern= el.config.x86_64-ipfire > index fe93d731c..65014f41a 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -3413,7 +3413,21 @@ CONFIG_DEVPORT=3Dy > CONFIG_HPET=3Dy > # CONFIG_HPET_MMAP is not set > CONFIG_HANGCHECK_TIMER=3Dm > -# CONFIG_TCG_TPM is not set > +CONFIG_TCG_TPM=3Dm > +CONFIG_HW_RANDOM_TPM=3Dy > +CONFIG_TCG_TIS_CORE=3Dm > +CONFIG_TCG_TIS=3Dm > +CONFIG_TCG_TIS_I2C_ATMEL=3Dm > +CONFIG_TCG_TIS_I2C_INFINEON=3Dm > +CONFIG_TCG_TIS_I2C_NUVOTON=3Dm > +CONFIG_TCG_NSC=3Dm > +CONFIG_TCG_ATMEL=3Dm > +CONFIG_TCG_INFINEON=3Dm > +CONFIG_TCG_XEN=3Dm > +CONFIG_TCG_CRB=3Dm > +CONFIG_TCG_VTPM_PROXY=3Dm > +CONFIG_TCG_TIS_ST33ZP24=3Dm > +CONFIG_TCG_TIS_ST33ZP24_I2C=3Dm > # CONFIG_TELCLOCK is not set > # CONFIG_XILLYBUS is not set > # end of Character devices > @@ -6746,6 +6760,7 @@ CONFIG_IO_WQ=3Dy > CONFIG_KEYS=3Dy > # CONFIG_KEYS_REQUEST_CACHE is not set > # CONFIG_PERSISTENT_KEYRINGS is not set > +# CONFIG_TRUSTED_KEYS is not set > # CONFIG_ENCRYPTED_KEYS is not set > # CONFIG_KEY_DH_OPERATIONS is not set > CONFIG_SECURITY_DMESG_RESTRICT=3Dy >=20 --===============2064202736815717868==--