subject:"Re\: \[PATCH v7 0\/3\] Add support for TPM devices over I2C bus"

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Stefan Berger





On 3/27/23 08:31, Stefan Berger wrote:



On 3/27/23 07:11, Stefan Berger wrote:






We get this message when booting from a kernel:

[    0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[    0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[    0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?


The firmware did not initialize the TPM 2.




However on a clean boot into the TPM, the u-boot tpm commands fail:

ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
ast# tpINTERRUPT>


Is this normal output? Is it an indication of some sort of IRQ?


ast# tpm init
ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
ast# tpm pcr_read 0 0x8100
Error: 256


If this is an error from the TPM 2 , then the 256 error code is the same as 
reported by Linux above:

$ tssreturncode 0x100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized


I will try to reproduce this today. u-boot should have a sent TPM2_Startup as 
part of 'tpm init' command above or even before on its own.


One needs to do this here:

ast# tpm2 startup TPM2_SU_CLEAR
ast# tpm2 pcr_read 0 0x8100
PCR #0 content (332 known updates):
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

   Stefan

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Stefan Berger





On 3/27/23 07:11, Stefan Berger wrote:






We get this message when booting from a kernel:

[    0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[    0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[    0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?


The firmware did not initialize the TPM 2.




However on a clean boot into the TPM, the u-boot tpm commands fail:

ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
ast# tpINTERRUPT>


Is this normal output? Is it an indication of some sort of IRQ?


ast# tpm init
ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
ast# tpm pcr_read 0 0x8100
Error: 256


If this is an error from the TPM 2 , then the 256 error code is the same as 
reported by Linux above:

$ tssreturncode 0x100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized


I will try to reproduce this today. u-boot should have a sent TPM2_Startup as 
part of 'tpm init' command above or even before on its own.

Stefan

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Stefan Berger





On 3/27/23 07:18, Joel Stanley wrote:

On Mon, 27 Mar 2023 at 11:11, Stefan Berger  wrote:




On 3/26/23 21:05, Joel Stanley wrote:

Hi Ninad,

On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:


Hello,

I have incorporated review comments from Stefan. Please review.

This drop adds support for the TPM devices attached to the I2C bus. It
only supports the TPM2 protocol. You need to run it with the external
TPM emulator like swtpm. I have tested it with swtpm.


Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.

We get this message when booting from a kernel:

[0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?


The firmware did not initialize the TPM 2.


Which firmware are we talking about here?


This happens if either no firmware is used or the firmware doesn't know how to 
talk to the TPM 2.
Linux detects that the TPM 2 wasn't initialized (TPM2_Startup was not sent).
  
   Stefan

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Joel Stanley

On Mon, 27 Mar 2023 at 11:11, Stefan Berger  wrote:
>
>
>
> On 3/26/23 21:05, Joel Stanley wrote:
> > Hi Ninad,
> >
> > On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:
> >>
> >> Hello,
> >>
> >> I have incorporated review comments from Stefan. Please review.
> >>
> >> This drop adds support for the TPM devices attached to the I2C bus. It
> >> only supports the TPM2 protocol. You need to run it with the external
> >> TPM emulator like swtpm. I have tested it with swtpm.
> >
> > Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> > the rainier machine and the openbmc dev-6.1 kernel.
> >
> > We get this message when booting from a kernel:
> >
> > [0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> > [0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> > [0.586623] tpm tpm0: starting up the TPM manually
> >
> > Do we understand why the error appears?
>
> The firmware did not initialize the TPM 2.

Which firmware are we talking about here?

In the case of these systems, we (u-boot+linux) are what would
traditionally be referred to as firmware.

> > # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> > /sys/class/tpm/tpm0/pcr-sha256/0:
> > /sys/class/tpm/tpm0/pcr-sha256/1:
> > /sys/class/tpm/tpm0/pcr-sha256/2:
> > /sys/class/tpm/tpm0/pcr-sha256/3:
> > /sys/class/tpm/tpm0/pcr-sha256/4:
> > /sys/class/tpm/tpm0/pcr-sha256/5:
> > /sys/class/tpm/tpm0/pcr-sha256/6:
> > /sys/class/tpm/tpm0/pcr-sha256/7:
> > /sys/class/tpm/tpm0/pcr-sha256/8:
> > /sys/class/tpm/tpm0/pcr-sha256/9:
> > /sys/class/tpm/tpm0/pcr-sha256/10:
> > /sys/class/tpm/tpm0/pcr-sha256/11:
> > /sys/class/tpm/tpm0/pcr-sha256/12:
> > /sys/class/tpm/tpm0/pcr-sha256/13:
> > /sys/class/tpm/tpm0/pcr-sha256/14:
> > /sys/class/tpm/tpm0/pcr-sha256/15:
> > /sys/class/tpm/tpm0/pcr-sha256/16:
> > /sys/class/tpm/tpm0/pcr-sha256/17:
> > /sys/class/tpm/tpm0/pcr-sha256/18:
> > /sys/class/tpm/tpm0/pcr-sha256/19:
> > /sys/class/tpm/tpm0/pcr-sha256/20:
> > /sys/class/tpm/tpm0/pcr-sha256/21:
> > /sys/class/tpm/tpm0/pcr-sha256/22:
> > /sys/class/tpm/tpm0/pcr-sha256/23:
> >
> > If I boot through the openbmc u-boot for the p10bmc machine, which
> > measures things into the PCRs:
> >
> > [0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>
> In this case the firmware started up the TPM 2. Also the PCRs have been 
> touched by the firmware in this case.
>
> >
> > / # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> > /sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
> > /sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
> > /sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
> >

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Stefan Berger





On 3/27/23 04:04, Joel Stanley wrote:

On Mon, 27 Mar 2023 at 03:52, Ninad Palsule  wrote:


Hi Joel,

On 3/26/23 8:05 PM, Joel Stanley wrote:

Hi Ninad,

On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:

Hello,

I have incorporated review comments from Stefan. Please review.

This drop adds support for the TPM devices attached to the I2C bus. It
only supports the TPM2 protocol. You need to run it with the external
TPM emulator like swtpm. I have tested it with swtpm.

Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.

We get this message when booting from a kernel:

[0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?



Yes, As per kernel code this is an expected error for some emulators.

On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not
initialized. I searched it in swtpm and it indicated that selftest
requested before it is initialized. I meant to ask Stefan but busy with
the review comments.


The swtpm man page mentions some flags we can set. Perhaps they would help?

--flags [not-need-init]
[,startup-clear|startup-state|startup-deactivated|startup-none]


With firmware initializing the TPM 2 neither of these options is necessary.
If firmware doesn't initialize the TPM 2 then Linux will show that error 
message and initialize it.



   Stefan

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Stefan Berger





On 3/26/23 21:05, Joel Stanley wrote:

Hi Ninad,

On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:


Hello,

I have incorporated review comments from Stefan. Please review.

This drop adds support for the TPM devices attached to the I2C bus. It
only supports the TPM2 protocol. You need to run it with the external
TPM emulator like swtpm. I have tested it with swtpm.


Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.

We get this message when booting from a kernel:

[0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?


The firmware did not initialize the TPM 2.





# grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:
/sys/class/tpm/tpm0/pcr-sha256/1:
/sys/class/tpm/tpm0/pcr-sha256/2:
/sys/class/tpm/tpm0/pcr-sha256/3:
/sys/class/tpm/tpm0/pcr-sha256/4:
/sys/class/tpm/tpm0/pcr-sha256/5:
/sys/class/tpm/tpm0/pcr-sha256/6:
/sys/class/tpm/tpm0/pcr-sha256/7:
/sys/class/tpm/tpm0/pcr-sha256/8:
/sys/class/tpm/tpm0/pcr-sha256/9:
/sys/class/tpm/tpm0/pcr-sha256/10:
/sys/class/tpm/tpm0/pcr-sha256/11:
/sys/class/tpm/tpm0/pcr-sha256/12:
/sys/class/tpm/tpm0/pcr-sha256/13:
/sys/class/tpm/tpm0/pcr-sha256/14:
/sys/class/tpm/tpm0/pcr-sha256/15:
/sys/class/tpm/tpm0/pcr-sha256/16:
/sys/class/tpm/tpm0/pcr-sha256/17:
/sys/class/tpm/tpm0/pcr-sha256/18:
/sys/class/tpm/tpm0/pcr-sha256/19:
/sys/class/tpm/tpm0/pcr-sha256/20:
/sys/class/tpm/tpm0/pcr-sha256/21:
/sys/class/tpm/tpm0/pcr-sha256/22:
/sys/class/tpm/tpm0/pcr-sha256/23:

If I boot through the openbmc u-boot for the p10bmc machine, which
measures things into the PCRs:

[0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)


In this case the firmware started up the TPM 2. Also the PCRs have been touched 
by the firmware in this case.



/ # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
/sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
/sys/class/tpm/tpm0/pcr-sha256/10:
/sys/class/tpm/tpm0/pcr-sha256/11:
/sys/class/tpm/tpm0/pcr-sha256/12:
/sys/class/tpm/tpm0/pcr-sha256/13:

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Joel Stanley

On Mon, 27 Mar 2023 at 08:21, Cédric Le Goater  wrote:
>
> >>> However on a clean boot into the TPM, the u-boot tpm commands fail:
> >>>
> >>> ast# tpm info
> >>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> >>> ast# tpINTERRUPT>
> >>> ast# tpm init
> >>> ast# tpm info
> >>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> >>> ast# tpm pcr_read 0 0x8100
> >>> Error: 256
> >>> ast# md.l 0x8100 16
> >>> 8100:    
> >>> 8110:    
> >>> 8120:    
> >>> 8130:    
> >>> 8140:    
> >>> 8150:    
> >>>
> >>> This doesn't need to block merging into qemu, as the model works fine
> >>> for pcr measurement and accessing under Linux. However it would be
> >>> good to work though these issues in case there's a modelling
> >>> discrepancy.
> >>
> >>
> >> Yes, Please provide me details on how to reproduce it. I will take a look.
> >
> > This is the buildroot tree I've been using for testing:
> >
> > https://github.com/shenki/buildroot/commits/ast2600-tpm
> >
> > git clone https://github.com/shenki/buildroot -b ast2600-tpm
> > cd buildroot
> > make O=ast2600evb aspeed_ast2600evb_defconfig
>
> I have pushed binaries here also :
>
>
> https://github.com/legoater/qemu-aspeed-boot/tree/master/images/ast2600-evb/buildroot-2023.02-tpm

Thank you!

The non-zero PCRs I see with this are:

#  grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/8:C840364040A0F98631A48A4C401C567226BFE5A2A30B958F1800E4849A140F69
/sys/class/tpm/tpm0/pcr-sha256/9:9D00428C528120A3F2D0D8CB0EB5D036D87C0D0F8D2990B8C1F12DEFAE3890C7

They seem to be stable across boots, which is good! We could use these
images and that pcr0 value for an avocado test.

Perhaps we could add an init script that binds the driver and prints
the value to the console to save having to log in.

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Cédric Le Goater


However on a clean boot into the TPM, the u-boot tpm commands fail:

ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
ast# tpINTERRUPT>
ast# tpm init
ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
ast# tpm pcr_read 0 0x8100
Error: 256
ast# md.l 0x8100 16
8100:    
8110:    
8120:    
8130:    
8140:    
8150:    

This doesn't need to block merging into qemu, as the model works fine
for pcr measurement and accessing under Linux. However it would be
good to work though these issues in case there's a modelling
discrepancy.



Yes, Please provide me details on how to reproduce it. I will take a look.


This is the buildroot tree I've been using for testing:

https://github.com/shenki/buildroot/commits/ast2600-tpm

git clone https://github.com/shenki/buildroot -b ast2600-tpm
cd buildroot
make O=ast2600evb aspeed_ast2600evb_defconfig


I have pushed binaries here also :

  
https://github.com/legoater/qemu-aspeed-boot/tree/master/images/ast2600-evb/buildroot-2023.02-tpm

Cheers,

C.

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-27 Thread Joel Stanley

On Mon, 27 Mar 2023 at 03:52, Ninad Palsule  wrote:
>
> Hi Joel,
>
> On 3/26/23 8:05 PM, Joel Stanley wrote:
> > Hi Ninad,
> >
> > On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:
> >> Hello,
> >>
> >> I have incorporated review comments from Stefan. Please review.
> >>
> >> This drop adds support for the TPM devices attached to the I2C bus. It
> >> only supports the TPM2 protocol. You need to run it with the external
> >> TPM emulator like swtpm. I have tested it with swtpm.
> > Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> > the rainier machine and the openbmc dev-6.1 kernel.
> >
> > We get this message when booting from a kernel:
> >
> > [0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> > [0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> > [0.586623] tpm tpm0: starting up the TPM manually
> >
> > Do we understand why the error appears?
>
>
> Yes, As per kernel code this is an expected error for some emulators.
>
> On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not
> initialized. I searched it in swtpm and it indicated that selftest
> requested before it is initialized. I meant to ask Stefan but busy with
> the review comments.

The swtpm man page mentions some flags we can set. Perhaps they would help?

   --flags [not-need-init]
[,startup-clear|startup-state|startup-deactivated|startup-none]


>
> This function comment in the driver mentioned below indicate that this
> case possible with emulators.
>
> /**
>   * tpm2_startup - turn on the TPM
>   * @chip: TPM chip to use
>   *
>   * Normally the firmware should start the TPM. This function is
> provided as a
>   * workaround if this does not happen. A legal case for this could be for
>   * example when a TPM emulator is used.
>   *
>   * Return: same as tpm_transmit_cmd()
>   */
>
> static int tpm2_startup(struct tpm_chip *chip)
>

> > However on a clean boot into the TPM, the u-boot tpm commands fail:
> >
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> > ast# tpINTERRUPT>
> > ast# tpm init
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> > ast# tpm pcr_read 0 0x8100
> > Error: 256
> > ast# md.l 0x8100 16
> > 8100:    
> > 8110:    
> > 8120:    
> > 8130:    
> > 8140:    
> > 8150:    
> >
> > This doesn't need to block merging into qemu, as the model works fine
> > for pcr measurement and accessing under Linux. However it would be
> > good to work though these issues in case there's a modelling
> > discrepancy.
>
>
> Yes, Please provide me details on how to reproduce it. I will take a look.

This is the buildroot tree I've been using for testing:

https://github.com/shenki/buildroot/commits/ast2600-tpm

git clone https://github.com/shenki/buildroot -b ast2600-tpm
cd buildroot
make O=ast2600evb aspeed_ast2600evb_defconfig

I launch it with this qemu commandline:

swtpm socket --tpmstate dir=$XDG_RUNTIME_DIR --ctrl
type=unixio,path=$XDG_RUNTIME_DIR/swtpm-socket --tpm2

qemu-system-arm -M ast2600-evb -nographic -drive
file=ast2600evb/images/flash.img,if=mtd,format=raw -chardev
socket,id=chrtpm,path=$XDG_RUNTIME_DIR/swtpm-socket -tpmdev
emulator,id=tpm0,chardev=chrtpm -device
tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e

If you want to reproduce the u-boot behaviour, press any key to
interrupt the boot.

Booting this way, you can also test the u-boot behaviour. Once you're
in userspace:

# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[   13.637081] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[   13.665239] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

# cat /sys/class/tpm/tpm0/pcr-sha256/0
FE9A732EAA7842D77DEECFC1DC610EBEA9414BFC39BEEBC8D2F071CF030FA592

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-26 Thread Ninad Palsule


Hi Joel,

On 3/26/23 8:05 PM, Joel Stanley wrote:

Hi Ninad,

On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:

Hello,

I have incorporated review comments from Stefan. Please review.

This drop adds support for the TPM devices attached to the I2C bus. It
only supports the TPM2 protocol. You need to run it with the external
TPM emulator like swtpm. I have tested it with swtpm.

Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.

We get this message when booting from a kernel:

[0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?



Yes, As per kernel code this is an expected error for some emulators.

On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not 
initialized. I searched it in swtpm and it indicated that selftest 
requested before it is initialized. I meant to ask Stefan but busy with 
the review comments.


This function comment in the driver mentioned below indicate that this 
case possible with emulators.


/**
 * tpm2_startup - turn on the TPM
 * @chip: TPM chip to use
 *
 * Normally the firmware should start the TPM. This function is 
provided as a

 * workaround if this does not happen. A legal case for this could be for
 * example when a TPM emulator is used.
 *
 * Return: same as tpm_transmit_cmd()
 */

static int tpm2_startup(struct tpm_chip *chip)




# grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:
/sys/class/tpm/tpm0/pcr-sha256/1:
/sys/class/tpm/tpm0/pcr-sha256/2:
/sys/class/tpm/tpm0/pcr-sha256/3:
/sys/class/tpm/tpm0/pcr-sha256/4:
/sys/class/tpm/tpm0/pcr-sha256/5:
/sys/class/tpm/tpm0/pcr-sha256/6:
/sys/class/tpm/tpm0/pcr-sha256/7:
/sys/class/tpm/tpm0/pcr-sha256/8:
/sys/class/tpm/tpm0/pcr-sha256/9:
/sys/class/tpm/tpm0/pcr-sha256/10:
/sys/class/tpm/tpm0/pcr-sha256/11:
/sys/class/tpm/tpm0/pcr-sha256/12:
/sys/class/tpm/tpm0/pcr-sha256/13:
/sys/class/tpm/tpm0/pcr-sha256/14:
/sys/class/tpm/tpm0/pcr-sha256/15:
/sys/class/tpm/tpm0/pcr-sha256/16:
/sys/class/tpm/tpm0/pcr-sha256/17:
/sys/class/tpm/tpm0/pcr-sha256/18:
/sys/class/tpm/tpm0/pcr-sha256/19:
/sys/class/tpm/tpm0/pcr-sha256/20:
/sys/class/tpm/tpm0/pcr-sha256/21:
/sys/class/tpm/tpm0/pcr-sha256/22:
/sys/class/tpm/tpm0/pcr-sha256/23:

If I boot through the openbmc u-boot for the p10bmc machine, which
measures things into the PCRs:

[0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)

/ # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

2023-03-26 Thread Joel Stanley

Hi Ninad,

On Sun, 26 Mar 2023 at 22:44, Ninad Palsule  wrote:
>
> Hello,
>
> I have incorporated review comments from Stefan. Please review.
>
> This drop adds support for the TPM devices attached to the I2C bus. It
> only supports the TPM2 protocol. You need to run it with the external
> TPM emulator like swtpm. I have tested it with swtpm.

Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.

We get this message when booting from a kernel:

[0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[0.586623] tpm tpm0: starting up the TPM manually

Do we understand why the error appears?

# grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:
/sys/class/tpm/tpm0/pcr-sha256/1:
/sys/class/tpm/tpm0/pcr-sha256/2:
/sys/class/tpm/tpm0/pcr-sha256/3:
/sys/class/tpm/tpm0/pcr-sha256/4:
/sys/class/tpm/tpm0/pcr-sha256/5:
/sys/class/tpm/tpm0/pcr-sha256/6:
/sys/class/tpm/tpm0/pcr-sha256/7:
/sys/class/tpm/tpm0/pcr-sha256/8:
/sys/class/tpm/tpm0/pcr-sha256/9:
/sys/class/tpm/tpm0/pcr-sha256/10:
/sys/class/tpm/tpm0/pcr-sha256/11:
/sys/class/tpm/tpm0/pcr-sha256/12:
/sys/class/tpm/tpm0/pcr-sha256/13:
/sys/class/tpm/tpm0/pcr-sha256/14:
/sys/class/tpm/tpm0/pcr-sha256/15:
/sys/class/tpm/tpm0/pcr-sha256/16:
/sys/class/tpm/tpm0/pcr-sha256/17:
/sys/class/tpm/tpm0/pcr-sha256/18:
/sys/class/tpm/tpm0/pcr-sha256/19:
/sys/class/tpm/tpm0/pcr-sha256/20:
/sys/class/tpm/tpm0/pcr-sha256/21:
/sys/class/tpm/tpm0/pcr-sha256/22:
/sys/class/tpm/tpm0/pcr-sha256/23:

If I boot through the openbmc u-boot for the p10bmc machine, which
measures things into the PCRs:

[0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)

/ # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
/sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
/sys/class/tpm/tpm0/pcr-sha256/10:
/sys/class/tpm/tpm0/pcr-sha256/11:
/sys/class/tpm/tpm0/pcr-sha256/12:
/sys/class/tpm/tpm0/pcr-sha256/13:
/sys/class/tpm/tpm0/pcr-sha256/14:

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus

11 matches

Site Navigation

Mail list logo

Footer information