sandbox TPM
Ilias Apalodimas
ilias.apalodimas at linaro.org
Mon Aug 30 08:10:48 CEST 2021
On Sun, 29 Aug 2021 at 13:53, Peter Robinson <pbrobinson at gmail.com> wrote:
>
> On Sat, Aug 28, 2021 at 10:19 PM Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Heinrich,
> >
> > On Sat, 28 Aug 2021 at 06:18, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> > >
> > > The current TPM emulation in drivers/tpm/tpm(2)_tis_sandbox.c is not
> > > spec compliant.
> >
> > Do you mean it is incomplete or that it has bugs? If it is incomplete,
> > what is needed by U-Boot?
> >
> > >
> > > A TPM emulation as UNIX socket exists with
> > > https://github.com/stefanberger/swtpm.git. QEMU already uses this emulator.
> > >
> > > Couldn't the sandbox do the same? I think this is the fastest way to get
> > > a compliant sandbox TPM.
> >
> > Well we could if we need it. Are you sure it is a good idea? There is
> > a lot of code there. Are you thinking it would be copied into the
> > U-Boot tree and kept in sync with a script, perhaps? Presumably the
> > project would accept changes we need?
>
> qemu doesn't copy it in, why can't it just run independently as part
> of the CI process? The rust TPM2 bindings do that here:
> https://github.com/parallaxsecond/rust-tss-esapi/blob/main/tss-esapi/tests/all-fedora.sh#L13
Keep in mind this is exposed as an MMIIO device. I did send a driver
for it a while back [1]. In case we decide to use this, we can
probably re-use that
[1] https://lore.kernel.org/u-boot/20210707162604.84196-1-ilias.apalodimas@linaro.org/
Regards
/Ilias
More information about the U-Boot
mailing list