On Mon, 27 Mar 2023 at 11:11, Stefan Berger <[email protected]> wrote: > > > > On 3/26/23 21:05, Joel Stanley wrote: > > Hi Ninad, > > > > On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <[email protected]> wrote: > >> > >> Hello, > >> > >> I have incorporated review comments from Stefan. Please review. > >> > >> This drop adds support for the TPM devices attached to the I2C bus. It > >> only supports the TPM2 protocol. You need to run it with the external > >> TPM emulator like swtpm. I have tested it with swtpm. > > > > Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using > > the rainier machine and the openbmc dev-6.1 kernel. > > > > We get this message when booting from a kernel: > > > > [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1) > > [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test > > [ 0.586623] tpm tpm0: starting up the TPM manually > > > > Do we understand why the error appears? > > The firmware did not initialize the TPM 2.
Which firmware are we talking about here? In the case of these systems, we (u-boot+linux) are what would traditionally be referred to as firmware. > > # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t / > > /sys/class/tpm/tpm0/pcr-sha256/0:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/1:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/2:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/3:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/4:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/5:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/6:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/7:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/8:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/9:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000 > > > > If I boot through the openbmc u-boot for the p10bmc machine, which > > measures things into the PCRs: > > > > [ 0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1) > > In this case the firmware started up the TPM 2. Also the PCRs have been > touched by the firmware in this case. > > > > > / # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t / > > /sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC > > /sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714 > > /sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93 > > /sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705 > > /sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C > > /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000 > > /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000 > > However on a clean boot into the TPM, the u-boot tpm commands fail: > > > > ast# tpm info > > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed] > > ast# tpINTERRUPT> > > Is this normal output? Is it an indication of some sort of IRQ? Ignore that line, that was me using ctrl+c to cancel the input. I should have trimmed it from the email before sending. > > > ast# tpm init > > ast# tpm info > > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open] > > ast# tpm pcr_read 0 0x81000000 > > Error: 256 > > ast# md.l 0x81000000 16 > > 81000000: 00000000 00000000 00000000 00000000 ................ > > 81000010: 00000000 00000000 00000000 00000000 ................ > > 81000020: 00000000 00000000 00000000 00000000 ................ > > 81000030: 00000000 00000000 00000000 00000000 ................ > > 81000040: 00000000 00000000 00000000 00000000 ................ > > 81000050: 00000000 00000000 ........ > > > > This doesn't need to block merging into qemu, as the model works fine > > for pcr measurement and accessing under Linux. However it would be > > good to work though these issues in case there's a modelling > > discrepancy. > > > It reads the didvid and rid registers just fine and per the touched PCRs it > knows how to talk to the TPM 2 to extend the PCRs. It hasn't done so in this case; the boot step that extends the PCRs hasn't been executed. > So this is strange. What is the 0x81000000 parameter in this command? Is it > some memory location? Yes, it's an arbitrary DRAM location that we've asked u-boot to place the contents of the PCR. Cheers, Joel
