security/tpm: replace CONFIG(TPMx) checks with runtime check

This prepares the code for enabling both CONFIG_TPM1 and CONFIG_TPM2
during compilation, in which case actual TPM family in use can be
determined at runtime.

In some places both compile-time and runtime checks are necessary.
Yet in places like probe functions runtime state checks don't make sense
as runtime state is defined by results of probing.

Change-Id: Id9cc25aad8d1d7bfad12b7a92059b1b3641bbfa9
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69161
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/vendorcode/google/chromeos/cse_board_reset.c

@@ -19,6 +19,11 @@ void cse_board_reset(void)
 	if (CONFIG(CSE_RESET_CLEAR_EC_AP_IDLE_FLAG))
 		google_chromeec_clear_ec_ap_idle();
 
+	/*
+	 * Assuming that if particular TPM implementation is enabled at compile
+	 * time, it's the one being used.  This isn't generic code, so can
+	 * probably get away with it.
+	 */
 	if (CONFIG(TPM2) && CONFIG(TPM_GOOGLE_CR50)) {
 		/* Initialize TPM and get the cr50 firmware version. */
 		rc = tlcl_lib_init();

src/vendorcode/google/chromeos/tpm2.c

@@ -22,6 +22,10 @@ static void disable_platform_hierarchy(void *unused)
 		return;
 	}
 
+	/* In case both families are enabled, but TPM1 is in use. */
+	if (tlcl_get_family() != TPM_2)
+		return;
+
 	rc = tlcl2_disable_platform_hierarchy();
 	if (rc != TPM_SUCCESS)
 		printk(BIOS_ERR, "Platform hierarchy disablement failed: %#x\n",