Re: [PATCH 0/4] Add support for the TPM FF-A start method

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+ Jens

Hi Stuart,

On Tue, 11 Feb 2025 at 04:52, Stuart Yoder <stuart.yoder@xxxxxxx> wrote:
>
> These patches add support for the CRB FF-A start method defined
> in the TCG ACPI specification v1.4 and the FF-A ABI defined
> in the Arm TPM Service CRB over FF-A (DEN0138) specification.
> (https://developer.arm.com/documentation/den0138/latest/)

Nice to have a specification standardizing interface to TPM
managed/implemented by the firmware. Care to add corresponding kernel
documentation under Documentation/security/tpm/.

BTW, we already have drivers/char/tpm/tpm_ftpm_tee.c, so do you see
possibilities for an abstraction layer on top of communication channel
based on either FF-A or TEE or platform bus?

>
> FF-A is a messaging framework for Arm-based systems and in the
> context of the TPM driver is used to signal 'start' to a CRB-based
> TPM service which is hosted in an FF-A secure partition running in
> TrustZone.

Is there any open source implementation for such a secure partition
managing the TPM? Also, is that really a discrete TPM or firmware TPM
managed by the firmware?

If it supports firmware TPM, I would be interested to see how you plan
to handle cases related to secure storage.

-Sumit

>
> The first patch adds an FF-A driver to handle the FF-A messaging when
> communicating with a CRB-based TPM secure partition built on FF-A.
> The driver is probed when the TPM secure partition is discovered by
> the Linux FF-A infrastructure.
>
> The second patch consolidates the check for idle support in the CRB
> driver to one place.
>
> The third patch defines the new ACPI start method enumeration for
> CRB over FF-A.
>
> The fourth patch adds support for the FF-A ACPI start method to
> the TPM crb driver.
>
> Stuart Yoder (4):
>   tpm_crb: implement driver compliant to CRB over FF-A
>   tpm_crb: refactor check for idle support into TPM into inline function
>   ACPICA: add start method for Arm FF-A
>   tpm_crb: add support for the Arm FF-A start method
>
>  drivers/char/tpm/Kconfig   |   9 ++
>  drivers/char/tpm/Makefile  |   1 +
>  drivers/char/tpm/ffa_crb.c | 310 +++++++++++++++++++++++++++++++++++++
>  drivers/char/tpm/ffa_crb.h |  30 ++++
>  drivers/char/tpm/tpm_crb.c |  81 +++++++++-
>  include/acpi/actbl3.h      |   1 +
>  6 files changed, 426 insertions(+), 6 deletions(-)
>  create mode 100644 drivers/char/tpm/ffa_crb.c
>  create mode 100644 drivers/char/tpm/ffa_crb.h
>
> --
> 2.34.1
>
>
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux