tpm: Avoid code bloat when not using EFI_TCG2_PROTOCOL

It does not make sense to enable all SHA algorithms unless they are
needed. It bloats the code and in this case, causes chromebook_link to
fail to build. That board does use the TPM, but not with measured boot,
nor EFI.

Since EFI_TCG2_PROTOCOL already selects these options, we just need to
add them to MEASURED_BOOT as well.

Note that the original commit combines refactoring and new features,
which makes it hard to see what is going on.

Fixes: 97707f12fda tpm: Support boot measurements
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

diff --git a/boot/Kconfig b/boot/Kconfig
index 36bdc83b957cc2488bd5ecf6fe9f43353bc2f96e..4c9d2c0f79a41c4b89dea916a9c90b81a6e055e1 100644 (file)
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
 config MEASURED_BOOT
        bool "Measure boot images and configuration when booting without EFI"
        depends on HASH && TPM_V2
+       select SHA1
+       select SHA256
+       select SHA384
+       select SHA512
        help
          This option enables measurement of the boot process when booting
          without UEFI . Measurement involves creating cryptographic hashes

diff --git a/lib/Kconfig b/lib/Kconfig
index 189e6eb31aa188d9211df51d171d56330fae0a7d..568892fce44925a08c5ecb19e7f8fe4b0929f62a 100644 (file)
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -438,10 +438,6 @@ config TPM
        bool "Trusted Platform Module (TPM) Support"
        depends on DM
        imply DM_RNG
-       select SHA1
-       select SHA256
-       select SHA384
-       select SHA512
        help
          This enables support for TPMs which can be used to provide security
          features for your board. The TPM can be connected via LPC or I2C