Re: [PATCH 2/2] ftpm: firmware TPM running in TEE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 03, 2019 at 09:27:28PM +0300, Jarkko Sakkinen wrote:
On Wed, Apr 03, 2019 at 09:18:27PM +0300, Jarkko Sakkinen wrote:
On Tue, Apr 02, 2019 at 03:33:16PM -0400, Sasha Levin wrote:
> This patch adds support for a software-only implementation of a TPM
> running in TEE.
>
> There is extensive documentation of the design here:
> https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/ .
>
> As well as reference code for the firmware available here:
> https://github.com/Microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM
>
> Signed-off-by: Thirupathaiah Annapureddy <thiruan@xxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

What is the context anyway? I mean tpm_crb already supports fTPM running
in TZ.

Might take 2-3 weeks before I have time to go through ftpm1.pdf with
full concentration. I did search through the PDF for CRB and found
zero hits.

The fTPM as described in that paper and implemented in practice does not
use the CRB interface, thus we can't use tpm_crb to interface with the
firmware TPM.

The commit message should absolutely better explain what is going on
and preferably there should be some more broad documentation in
Documentation/security/tpm.

The code itself is just a small shim between the firmware TPM and the
kernel's TPM interface. There's really not much else to expand on in the
commit log.

I'll add some background to Documentation/security/tpm.

Now this is just a random code dump and nothing else.

It pretty much is, but that's because this is just a "stupid" shim,
there heavy lifting is done outside of the kernel.

Also, I have zero idea how to test this. Any recommendations on ARM
board that can be easily used to test custom TZ applications would be
nice.

We are testing this on a Broadcom's Stingray SST100 board, and if you
have one we can help out with setting up a test environment. Otherwise,
we haven't really tried it on other boards.

--
Thanks,
Sasha



[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]


  Powered by Linux