[PATCH] doc: board: ti: k3: Add fTPM support documentation

Simon Glass sjg at chromium.org
Tue Apr 28 19:58:11 CEST 2026 

Hi Shiva,

On 2026-04-22T09:19:49, Shiva Tripathi <s-tripathi1 at ti.com> wrote:
> doc: board: ti: k3: Add fTPM support documentation
>
> Add fTPM support documentation including an overview, configuration
> steps for RPMB provisioning, OP-TEE TA build instructions, and
> verification procedure.
>
> Signed-off-by: Shiva Tripathi <s-tripathi1 at ti.com>
>
> doc/board/ti/k3.rst | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 83 insertions(+)

> diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst
> @@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing
> +Enabling fTPM in U-Boot
> +^^^^^^^^^^^^^^^^^^^^^^^
> +
> +The following are the steps to enable fTPM in uboot:

The section is titled 'Enabling fTPM in U-Boot' but the three steps
only cover building OP-TEE — nothing tells the reader which U-Boot
options to enable (CONFIG_TPM_V2, CONFIG_TEE, CONFIG_OPTEE,
CONFIG_TPM2_FTPM_TEE, plus the relevant tpm2 command configs) or how
to wire the fTPM node into the board's device tree. Please can you add
a step covering the U-Boot side. Also 'uboot' should be 'U-Boot' here
and further down ('u-boot prompt').

> diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst
> @@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing
> +Since fTPM uses RPMB for persistent storage, the eMMC RPMB must be
> +provisioned with an authentication key on first boot. This requires
> +building optee_os with the `CFG_RPMB_WRITE_KEY=y flag

Missing full stop. Same with the paragraph ending 'OP-TEE fTPM Github
repository' below.

> diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst
> @@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing
> +2. Generate fTPM TA binary
> +""""""""""""""""""""""""""
> +
> +To generate fTPM TA binary, follow the
> +Building the TA <https://github.com/OP-TEE/optee_ftpm#building-the-ta>`_
> +steps mentioned in the OP-TEE fTPM Github repository
> +
> +3. Build OP-TEE with TA:
> +""""""""""""""""""""""""

Please drop the trailing colon on step 3's heading for consistency
with steps 1 and 2.

> diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst
> @@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing
> +Expected Outcome
> +^^^^^^^^^^^^^^^^
> +
> +To verify fTPM support is working, run tpm2 commands in u-boot prompt:
> +
> +.. code-block:: console
> +
> +  => tpm2 info
> +  Microsoft OP-TEE fTPM
> +  => tpm2 init

'tpm2 init' needs to run before 'tpm2 info' will talk to the device,
so the ordering is backwards. Also, showing 'tpm2 init' with no output
tells the reader nothing about what success looks like please include
the expected response (empty?), and ideally a 'tpm2 startup
TPM2_SU_CLEAR' / 'tpm2 get_capability' round-trip so readers can
confirm the stack is working end-to-end.

Regards,
Simon

More information about the U-Boot mailing list