[PATCH v7 0/7] tpm: rng: Move TPM RNG functionality to driver model

Ilias Apalodimas ilias.apalodimas at linaro.org
Thu Jul 21 10:16:29 CEST 2022 

Hi Sughosh,

On Wed, 20 Jul 2022 at 15:30, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
>
>
> The TPM device provides the random number generator(RNG)
> functionality, whereby sending a command to the TPM device results in
> the TPM device responding with random bytes.
>
> There was a discussion on the mailing list earlier[1], where it was
> explained that platforms with a TPM device can install the
> EFI_RNG_PROTOCOL for getting the random bytes instead of populating
> the dtb with the kaslr-seed property. That would make it possible to
> measure the dtb.
>
> The TPM uclass driver adds the RNG child device as part of it's
> post_probe function.
>
> Some additional changes have also been made to facilitate the
> use of the RNG devices, including extending the 'rng' command to take
> the RNG device as one of the command-line parameters.
>
> This series depends on a patch[2] from Simon Glass for moving the TPM
> device version detection functions to the tpm_api.h header as static
> inline functions.
>
> These patches were under discussion earlier, specifically the patch to
> add the RNG functionality under the TPM device as a child, either
> through manual binding or through the device tree. Ilias had commented
> on the discussion last[3]. The discussion can be resumed through this
> version.
>
> I have dropped certain patches which were changing some of the TPM API
> functions to return an int instead of the current u32. These patches
> have been dropped due to review comments from Simon[4]. This work can
> be taken up separately, if desired.
>
> [1] - https://lore.kernel.org/u-boot/20220103120738.47835-1-ilias.apalodimas@linaro.org/
> [2] - https://lore.kernel.org/u-boot/20220301001125.1554442-2-sjg@chromium.org/T/#u
> [3] - https://lists.denx.de/pipermail/u-boot/2022-April/481708.html
> [4] - https://lists.denx.de/pipermail/u-boot/2022-March/477883.html
>
>
[...]

Most of the series seems fine to me, however the RNG protocol is not
being properly registered.  The reason is that the TPM due to u-boot's
lazy binding won't be initialized.  You'll need something like

diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 492ecf4cb1..751beda590 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -246,13 +246,6 @@ efi_status_t efi_init_obj_list(void)
    /* Set up console modes */
    efi_setup_console_size();

-   /* Install EFI_RNG_PROTOCOL */
-   if (IS_ENABLED(CONFIG_EFI_RNG_PROTOCOL)) {
-       ret = efi_rng_register();
-       if (ret != EFI_SUCCESS)
-           goto out;
-   }
-
    /* Initialize variable services */
    ret = efi_init_variables();
    if (ret != EFI_SUCCESS)
@@ -289,6 +282,13 @@ efi_status_t efi_init_obj_list(void)
            goto out;
    }

+   /* Install EFI_RNG_PROTOCOL */
+   if (IS_ENABLED(CONFIG_EFI_RNG_PROTOCOL)) {
+       ret = efi_rng_register();
+       if (ret != EFI_SUCCESS)
+           goto out;
+   }
+
    if (IS_ENABLED(CONFIG_EFI_RISCV_BOOT_PROTOCOL)) {
        ret = efi_riscv_register();
        if (ret != EFI_SUCCESS)


Cheers
/Ilias

More information about the U-Boot mailing list