SPI driver for Raspberry Pi 4 (BMC2835)

J. Holland joh.ho at gmx.de
Mon Mar 30 11:41:22 CEST 2020

Hi Pierre,

> I'm also trying to make a secure boot using an SLB9670 TPM (SPI), Yocto
> and a Raspberry 3, and as far as I'm documented
> there are no hardware SPI driver due to the fact that `start.elf` and
> `bootcode.bin` are being closed binaries
> (https://pi3g.com/2019/02/04/qa-letstrust-tpm/).

There is no driver because nobody wrote one for u-boot, yet. The linux kernel
does have the right driver, so closed source is not the problem. The thing is,
that nobody ported it to u-boot, yet.

What the Let's Trust website refers to is that *secure boot* is not possible
because there is no open-source first-level bootloader, only a closed-source
proprietary one. You can use u-boot as a second-stage bootloader and use the
TPM. It's just not secure boot since you need a so-called Root of Trust in the
first-stage bootloader, which we do not have.

> However some people tried to deal with software SPI driver as a
> workaround, but I don't know yet if it works (@see:
> https://www.mail-archive.com/u-boot@lists.denx.de/msg330403.html).
> Hope it brings some clues, if you manage to do something keep me updated !

Thanks for the hint. In fact, I managed to solve the issue. The problem is, that
the soft-spi driver does not implement the SPI modes properly. The Infineon TPM
slb9670 expects mode 0 (CPOL=0, CPHA=0), but the driver has CPOL=1 hardcoded and
operates on CPHA=1 by default. After fixing the issue, using the TPM works.
However, you might not be able to use the TPM in the Raspbian kernel anymore.
I'm working on that, currently.

See my patch:


More information about the U-Boot mailing list