Given the Mallow carrier has a TPM2.0 chip: OPTIGA™ TPM SLM 9670 I’m trying to enable TPM2 in my Yocto build using KERNEL_CONFIG_FRAGMENTS
I’ve spent all day with linux-toradex_%.bbappend file where i can control:
CONFIG_TCG_TPM=n/y/m
but I cannot get CONFIG_TCG_TPM2 to appear in the build .config
please help!
Edit:
I see 2.0 via I2C but I think the Mallow requires a SPI driver
Hi, I’m the Toradex AI Assistant.
I might make mistakes or occasionally get you wrong. Our support team will step in if needed.
The Mallow carrier board includes an OPTIGA™ TPM SLM 9670 chip (1) (2), and you’re correct that it requires specific kernel configuration to enable TPM 2.0 support.
The issue you’re encountering is related to how TPM configuration works in the Linux kernel. The CONFIG_TCG_TPM2 option is not a standalone configuration - it’s automatically enabled when CONFIG_TCG_TPM=y or CONFIG_TCG_TPM=m is set, as TPM 2.0 support is built into the main TPM framework.
Based on Toradex’s kernel configuration fragments, here’s the complete TPM configuration you should use (3):
#
# TPM
#
CONFIG_TCG_TPM=m
CONFIG_TCG_TIS=m
CONFIG_TCG_TIS_SPI=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
CONFIG_TCG_TIS_I2C_NUVOTON=m
CONFIG_TCG_ATMEL=m
CONFIG_TCG_VTPM_PROXY=m
CONFIG_TCG_FTPM_TEE=m
CONFIG_TCG_TIS_ST33ZP24_I2C=m
CONFIG_TCG_TIS_ST33ZP24_SPI=m
Create a TPM configuration fragment in your custom layer (4):
Create recipes-kernel/linux/linux-toradex/tpm.cfg:
CONFIG_TCG_TPM=m
CONFIG_TCG_TIS=m
CONFIG_TCG_TIS_SPI=m
CONFIG_TCG_TIS_I2C_INFINEON=m
Update your linux-toradex_%.bbappend file (4):
FILESEXTRAPATHS:prepend := "${THISDIR}/linux-toradex:"
SRC_URI += "file://tpm.cfg"
If you’re using BSP 7, note that kernel configuration has changed from using toradex_defconfig to configuration fragments (5). The new approach uses the linux-toradex-kconfig.git repository with .scc and .cfg files.
After building, verify the TPM configuration is active by checking:
$ grep CONFIG_TCG_TPM build/tmp/work/<machine>/linux-toradex/<version>/linux-<machine>-standard-build/.config
The CONFIG_TCG_TPM2 symbol you’re looking for is likely not appearing because modern kernels integrate TPM 2.0 support directly into the main CONFIG_TCG_TPM option rather than having a separate configuration flag.
Best regards, Toradex AI Assistant.
Did you like my answer? 
If I answered your question, please tick the “Solution” checkbox.
For follow-up questions to me, please use @ToradexAI in your post.
Hello @geeday,
Which feature are you trying to enable and being unable to?
CONFIG_TCG_TPM2 appears to not exist in the kernel. Where did you get this from?
In terms of kernel configs, for TPM enablement we use the following on meta-toradex-security: How we enable TPM: meta-toradex-security/recipes-kernel/linux/files/tpm.cfg at scarthgap-7.x.y · toradex/meta-toradex-security · GitHub
It would also be recommended to use the Mallow carrier board device tree, as it will do the necessary configuration for the TPM, as you can see here: imx95-verdin-mallow.dtsi
Best Regards,
Bruno
Part of my confusion was another source of information telling me to use that value (TPM2).
The issue I had regarding device trees was that I was NOT using the mallow one (but the “dev” one).
thanks