Re: [coreboot] SPI TPM question
Hi Julius! Thanks for the report! It seems it will not be easy to add SPI TPM support... I'm waiting for some TPMs 1.2 and 2.0 over LPC and the demoboard (AMD Bettong) I'm using has the LPC connector available to test.. In the meantime I'll try to find any solution. Regards Jorge De: Julius Werner <jwer...@chromium.org> Enviado: sábado, 19 de mayo de 2018 2:05:42 Para: Jorge Fernandez Monteagudo Cc: zao...@das-labor.org; Coreboot Asunto: Re: [coreboot] SPI TPM question > build/romstage/drivers/spi/spi-generic.o: In function `spi_setup_slave': /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:129: undefined reference to `spi_ctrlr_bus_map' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:131: undefined reference to `spi_ctrlr_bus_map_count' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:134: undefined reference to `spi_ctrlr_bus_map' This indicates that your chipset does not support the SPI API. Even if the generic TPM SPI driver would work with your TPM, you still need chipset code that tells it how to work with your particular SPI controller. This would usually be part of the southbridge code (e.g. compare src/southbridge/intel/common/spi.c, which defines the spi_ctrlr_bus_map array for some Intel chipsets... although that particular controller would not work for TPMs either). > build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_tick': > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:155: undefined reference to `timer_monotonic_get' > build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_init': > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' This indicates that your chipset does not support the monotonic timer API. Without timers the stopwatch API doesn't work that's used by the TPM drivers to measure certain transfer timeouts. Looks like some older AMD CPUs have that support (see src/cpu/amd/family_10h-family_15h/monotonic_timer.c), not sure why yours doesn't (probably nobody ever bothered to add it). > The SPI tpm driver was written for tpm 2.0 only. It's even worse than that... I think the current SPI TPM driver only supports Cr50, which is a special TPM 2.0 with a bunch of custom quirks that is only used in Chromebooks. Patches to expand it to support other TPMs are welcome, of course, but I don't think anybody has worked on that for now. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] SPI TPM question
Hi Taiidan! Thanks for the info! I forgot to say that I'm working with an AMD demoboard yet supported, the Bettong one. But there are a lot of features still missing but I can boot the board and I trying to test new thing with the board. Thanks again Jorge De: taii...@gmx.com <taii...@gmx.com> Enviado: sábado, 19 de mayo de 2018 5:37:55 Para: Jorge Fernandez Monteagudo; coreboot@coreboot.org Asunto: Re: [coreboot] SPI TPM question On 05/15/2018 01:53 PM, Jorge Fernandez Monteagudo wrote: > Hi all! > > > This is my first message to the list. Welcome sir! we are always pleased to see new users and companies using coreboot - please feel free to ask any and all questions. Coreboot will be a secure and affordable choice for what I presume is your application. if you wish to use coreboot in a production environment it might be a good idea to inquire with your board vendor as to if you can save money by purchasing "raw" boards without the usual AMI/Phoenix firmware/licenses. > I would like to know if the TPM1.2 is supported through SPI? > > Enabling SPI_TPM and TPM in my board configuration throw an error. From > src/drivers/spi/tpm/Kconfig If your company permits I would suggest posting the board model, .config file, etc whenever you have an issue as the wiki advises - remember sure to remove identifiers such as MAC address and serials. > Any options to get TPM1.2 SPI support? I would suggest emailing the people behind the HEADS project such as Trammel Hudson - AFAIK they are the only ones currently doing major coreboot related TPM work and would probably be willing to provide some assistance... https://trmm.net/About and https://github.com/osresearch/heads https://github.com/osresearch/heads/issues/287 - interesting thread -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] SPI TPM question
On 05/15/2018 01:53 PM, Jorge Fernandez Monteagudo wrote: > Hi all! > > > This is my first message to the list. Welcome sir! we are always pleased to see new users and companies using coreboot - please feel free to ask any and all questions. Coreboot will be a secure and affordable choice for what I presume is your application. if you wish to use coreboot in a production environment it might be a good idea to inquire with your board vendor as to if you can save money by purchasing "raw" boards without the usual AMI/Phoenix firmware/licenses. > I would like to know if the TPM1.2 is supported through SPI? > > Enabling SPI_TPM and TPM in my board configuration throw an error. From > src/drivers/spi/tpm/Kconfig If your company permits I would suggest posting the board model, .config file, etc whenever you have an issue as the wiki advises - remember sure to remove identifiers such as MAC address and serials. > Any options to get TPM1.2 SPI support? I would suggest emailing the people behind the HEADS project such as Trammel Hudson - AFAIK they are the only ones currently doing major coreboot related TPM work and would probably be willing to provide some assistance... https://trmm.net/About and https://github.com/osresearch/heads https://github.com/osresearch/heads/issues/287 - interesting thread 0xDF372A17.asc Description: application/pgp-keys -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] SPI TPM question
> build/romstage/drivers/spi/spi-generic.o: In function `spi_setup_slave': /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:129: undefined reference to `spi_ctrlr_bus_map' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:131: undefined reference to `spi_ctrlr_bus_map_count' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:134: undefined reference to `spi_ctrlr_bus_map' This indicates that your chipset does not support the SPI API. Even if the generic TPM SPI driver would work with your TPM, you still need chipset code that tells it how to work with your particular SPI controller. This would usually be part of the southbridge code (e.g. compare src/southbridge/intel/common/spi.c, which defines the spi_ctrlr_bus_map array for some Intel chipsets... although that particular controller would not work for TPMs either). > build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_tick': > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:155: undefined reference to `timer_monotonic_get' > build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_init': > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' > /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' This indicates that your chipset does not support the monotonic timer API. Without timers the stopwatch API doesn't work that's used by the TPM drivers to measure certain transfer timeouts. Looks like some older AMD CPUs have that support (see src/cpu/amd/family_10h-family_15h/monotonic_timer.c), not sure why yours doesn't (probably nobody ever bothered to add it). > The SPI tpm driver was written for tpm 2.0 only. It's even worse than that... I think the current SPI TPM driver only supports Cr50, which is a special TPM 2.0 with a bunch of custom quirks that is only used in Chromebooks. Patches to expand it to support other TPMs are welcome, of course, but I don't think anybody has worked on that for now. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] SPI TPM question
Hi! Adding the dependency the code compiles ok, but nothing happens. I've been able to get a TPM2.0 with SPI, a supported SLB9670. I've added select TPM2 select MAINBOARD_HAS_TPM2 select SPI_TPM to the Kconfig of my mainboard/amd/bettong. It compiles ok but nothing happens. I've trace the initialization to tpm2: tlcl_lib_init -> tis_init -> tpm2_init but 'tlcl_lib_init' it seems to depend on vboot and with this AMD board no vboot is implemented. I've tried to call tis_init from the board romstage.c : void agesa_postcar(struct sysinfo *cb) { post_code(0x41); AGESAWRAPPER(amdinitenv); tis_init(); if (acpi_is_wakeup_s4()) { outb(0xEE, PM_INDEX); outb(0x8, PM_DATA); } } but a linking error is show: LINK cbfs/fallback/romstage.debug build/romstage/drivers/spi/spi-generic.o: In function `spi_setup_slave': /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:129: undefined reference to `spi_ctrlr_bus_map' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:131: undefined reference to `spi_ctrlr_bus_map_count' /mnt/develop/bettong/coreboot/master/coreboot/src/drivers/spi/spi-generic.c:134: undefined reference to `spi_ctrlr_bus_map' build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_tick': /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:155: undefined reference to `timer_monotonic_get' build/romstage/drivers/spi/tpm/tpm.o: In function `stopwatch_init': /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' /mnt/develop/bettong/coreboot/master/coreboot/src/include/timer.h:131: undefined reference to `timer_monotonic_get' make: *** [build/cbfs/fallback/romstage.debug] Error 1 Any hint? Thanks! Jorge De: Zaolin <zao...@das-labor.org> Enviado: jueves, 17 de mayo de 2018 0:08:24 Para: Jorge Fernandez Monteagudo; coreboot@coreboot.org Asunto: Re: [coreboot] SPI TPM question Hey, The SPI tpm driver was written for tpm 2.0 only. You can try to add TPM to "depends on" as well and see what happens. Let us know if it works. :) Best Regards, Philipp On 15.05.2018 19:53, Jorge Fernandez Monteagudo wrote: Hi all! This is my first message to the list. I would like to know if the TPM1.2 is supported through SPI? Enabling SPI_TPM and TPM in my board configuration throw an error. From src/drivers/spi/tpm/Kconfig I can see the dependency: config SPI_TPM bool "SPI TPM" depends on TPM2 Any options to get TPM1.2 SPI support? Thanks! Jorge -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] SPI TPM question
Hey, The SPI tpm driver was written for tpm 2.0 only. You can try to add TPM to "depends on" as well and see what happens. Let us know if it works. :) Best Regards, Philipp On 15.05.2018 19:53, Jorge Fernandez Monteagudo wrote: > > Hi all! > > > This is my first message to the list. I would like to know if the > TPM1.2 is supported through SPI? > > Enabling SPI_TPM and TPM in my board configuration throw an error. > From src/drivers/spi/tpm/Kconfig > > I can see the dependency: > > > config SPI_TPM > bool "SPI TPM" > depends on TPM2 > > Any options to get TPM1.2 SPI support? > > > Thanks! > > Jorge > > > -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] SPI TPM question
Hi all! This is my first message to the list. I would like to know if the TPM1.2 is supported through SPI? Enabling SPI_TPM and TPM in my board configuration throw an error. From src/drivers/spi/tpm/Kconfig I can see the dependency: config SPI_TPM bool "SPI TPM" depends on TPM2 Any options to get TPM1.2 SPI support? Thanks! Jorge -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot