[PATCH u-boot-test-hooks 1/2] bin: add helper script for testing swtmp with TF-A

Tom Rini trini at konsulko.com
Tue Sep 16 20:27:24 CEST 2025 

On Tue, Sep 16, 2025 at 09:12:24AM -0700, Raymond Mao wrote:

> The existing 'qemu.swtpm' does not run swtpm_setup to configure the
> algorithm, by default it enables all algorithms it supports, but TF-A
> currently only support sha256 and measured with sha256-only, enabling
> other algorithms causes more measurements at U-Boot and then leads
> to eventlog mismatching.
> 
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
>  bin/qemu.swtpm-tfa | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)
>  create mode 100644 bin/qemu.swtpm-tfa
> 
> diff --git a/bin/qemu.swtpm-tfa b/bin/qemu.swtpm-tfa
> new file mode 100644
> index 0000000..cbcddef
> --- /dev/null
> +++ b/bin/qemu.swtpm-tfa
> @@ -0,0 +1,30 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: BSD-2
> +#
> +# Copyright (c) 2025 Linaro Limited
> +# Author: Raymond Mao <raymond.mao at linaro.org>
> +# Based on qemu.swtpm
> +#
> +# This script launches swtpm to emulate a TPMv2.
> +# It explicitly configures swtpm with sha256-only.
> +#
> +# The parameter -t makes it unload when the connection to QEMU is
> +# terminated.
> +#
> +# To make use of it add
> +#
> +#     qemu_helper_script="swtpm-tfa"
> +#
> +# to the board script and the following arguments to qemu_extra_args
> +#
> +#     -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
> +#     -tpmdev emulator,id=tpm0,chardev=chrtpm \
> +#     -device tpm-tis-device,tpmdev=tpm0
> +#
> +# U-Boot must be built with CONFIG_TPM2_MMIO=y.
> +
> +rm -rf /tmp/tpm
> +mkdir -p /tmp/tpm
> +swtpm_setup --tpmstate /tmp/tpm --tpm2 --pcr-banks sha256
> +swtpm socket -d -t --tpmstate dir=/tmp/tpm --tpm2 \
> +--ctrl type=unixio,path=/tmp/tpm/swtpm-sock

I think we need to abstract the current script to take arguments and
then pass them as needed in the conf.board file.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250916/df2740ad/attachment.sig>

More information about the U-Boot mailing list