ANDROID: Add TPM support and the vTPM proxy to Cuttlefish.

This module allows presenting the kernel TPM interface while proxying the TPM commands into a file descriptor. The module was originally implemented to support running a TPM simulator on the same host system and exposing a kernel TPM interface to a Linux container, but it is also a convenient incremental step while we figure out our long-term strategy with crosvm, which does not have TPM support following the same standards as qemu. CONFIG_TCG_TPM, the base config for the various TPM drivers, required CONFIG_SECURITYFS. CONFIG_SECURITYFS exists only as a boolean and not a tristate, so we can't install it as a module. Bug: 148102533 Test: Build and run locally with cuttlefish, check for /dev/vtpmx Change-Id: I568a50c2ecb7899aae70e7a20efaedc84443511d Signed-off-by: A. Cody Schuffelen <schuffelen@google.com>
2026-06-07 05:55:44 +02:00 · 2020-02-11 18:01:10 -08:00 · 2020-02-11 18:01:10 -08:00 · 0a800312bc
commit 0a800312bc
parent a985435d7b
3 changed files with 4 additions and 0 deletions
--- a/arch/arm64/configs/gki_defconfig
+++ b/arch/arm64/configs/gki_defconfig
@ -459,6 +459,7 @@ CONFIG_NLS_MAC_TURKISH=y
 CONFIG_NLS_UTF8=y
 CONFIG_UNICODE=y
 CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
--- a/arch/x86/configs/gki_defconfig
+++ b/arch/x86/configs/gki_defconfig
@ -398,6 +398,7 @@ CONFIG_NLS_MAC_TURKISH=y
 CONFIG_NLS_UTF8=y
 CONFIG_UNICODE=y
 CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
--- a/cuttlefish.fragment
+++ b/cuttlefish.fragment
@ -19,3 +19,5 @@ CONFIG_INCREMENTAL_FS=m
 CONFIG_TEST_STACKINIT=m
 CONFIG_TEST_MEMINIT=m
 CONFIG_SDCARD_FS=m
+CONFIG_TCG_TPM=m
+CONFIG_TCG_VTPM_PROXY=m