Hi Thirupathaiah,
First of all, Thanks a lot for trying to test the driver.
np
[...]
I managed to do some quick testing in QEMU. Everything works fine when i build this as a module (using IBM's TPM 2.0 TSS)
- As module
# insmod /lib/modules/5.2.0-rc1/kernel/drivers/char/tpm/tpm_ftpm_tee.ko # getrandom -by 8 randomBytes length 8 23 b9 3d c3 90 13 d9 6b
- Built-in
# dmesg | grep optee ftpm-tee firmware:optee: ftpm_tee_probe:tee_client_open_session failed, err=ffff0008
This (0xffff0008) translates to TEE_ERROR_ITEM_NOT_FOUND.
Where is fTPM TA located in the your test setup? Is it stitched into TEE binary as an EARLY_TA or Is it expected to be loaded during run-time with the help of user mode OP-TEE supplicant?
My guess is that you are trying to load fTPM TA through user mode OP-TEE supplicant. Can you confirm?
I tried both
If that is the true,
- In the case of driver built as a module (CONFIG_TCG_FTPM_TEE=m), this is works fine
as user mode supplicant is ready.
- In the built-in case (CONFIG_TCG_FTPM_TEE=y),
This would result in the above error 0xffff0008 as TEE is unable to find fTPM TA.
Maybe i did something wrong and never noticed it wasn't built as an earlyTA
The expectation is that fTPM TA is built as an EARLY_TA (in BL32) so that U-boot and Linux driver stacks work seamlessly without dependency on supplicant.
You can add my tested-by tag for the module. I'll go back to testing it as built-in at some point in real hardware and let you know if i have any issues.
If someone's is interested in the QEMU testing: 1. compile this https://github.com/jbech-linaro/manifest/blob/ftpm/README.md 2. replace the whole linux kernel on the root-dir with a latest version + fTPM char driver 3. Apply a hack on kernel and disable dynamic shm (Need for this depends on kernel + op-tee version)
diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 1854a3db..7aea8a5 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -588,13 +588,15 @@ static struct optee *optee_probe(struct device_node *np) /* * Try to use dynamic shared memory if possible */ +#if 0 if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) pool = optee_config_dyn_shm(); +#endif
/* * If dynamic shared memory is not available or failed - try static one */ - if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) + if (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM) pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm);
if (IS_ERR(pool))
For the module part: Tested-by: Ilias Apalodimas ilias.apalodimas@linaro.org