[PATCH] rng: tpm_rng: start TPM before reading random numbers

Begari, Padmarao Padmarao.Begari at amd.com
Wed Jun 10 17:03:10 CEST 2026 

AMD General

Hi Ilias,

> From: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Sent: Tuesday, June 9, 2026 4:06 PM
> To: Begari, Padmarao <Padmarao.Begari at amd.com>
> Cc: u-boot at lists.denx.de; Simek, Michal <michal.simek at amd.com>; git (AMD-
> Xilinx) <git at amd.com>; Sughosh Ganu <sughosh.ganu at arm.com>; Heinrich
> Schuchardt <xypron.glpk at gmx.de>; Tom Rini <trini at konsulko.com>
> Subject: Re: [PATCH] rng: tpm_rng: start TPM before reading random numbers
>
> Hi Padmarao
>
>
> On Tue, 9 Jun 2026 at 13:10, Padmarao Begari <padmarao.begari at amd.com>
> wrote:
> >
> > The tpm-rng driver calls tpm_get_random() without first ensuring the
> > TPM device is opened and started. When systemd-boot or fdt_fixup_kaslr
> > triggers an RNG read early in boot, the TPM2 device hasn't been
> > initialized yet, causing the command to fail:
>
> Is systemd_boot called via EFI? If so the TPM should be up already.

You're right, The EFI TCG2 protocol does start the TPM, but only when tcg2_platform_get_tpm2() returns a probed TPM2 device. That function iterates with for_each_tpm_device(), and the uclass iterator silently skips any device whose probe fails, returning -ENODEV. So, a failed probe means EFI never starts the TPM.

The failure (tpm-rng tpm-rng: dm_rng_read failed: -1) does not come from systemd-boot, it comes from U-Boot's own fdt_kaslrseed() call, which runs during bootefi/bootmgr setup before control is handed to the EFI app.

> About fdt_fixup_kaslr(), why do you need this? We specifically clear the kaslr-seed
> when booting via EFI and EFI_RNG is installed, since the kernel ignores it.

Agree, referencing fdt_fixup_kaslr() in the commit message is a mistake,  I'll correct the commit message.

Regards
Padmarao

>
> Thanks
> /Ilias
> >
> >   tpm-rng tpm-rng: dm_rng_read failed: -1
> >
> > Fix this by calling tpm_auto_start() on the parent TPM device before
> > tpm_get_random(). This ensures the TPM is initialized before use.
> >
> > Fixes: e67ffb5aa5ab ("tpm: rng: Add driver model interface for TPM RNG
> > device")
> > Signed-off-by: Padmarao Begari <padmarao.begari at amd.com>
> > ---
> >  drivers/rng/tpm_rng.c | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/rng/tpm_rng.c b/drivers/rng/tpm_rng.c index
> > 1a5e9e2e4b4..374e0ac1ff8 100644
> > --- a/drivers/rng/tpm_rng.c
> > +++ b/drivers/rng/tpm_rng.c
> > @@ -4,12 +4,20 @@
> >   */
> >
> >  #include <dm.h>
> > +#include <log.h>
> >  #include <rng.h>
> >  #include <tpm_api.h>
> >
> >  static int rng_tpm_random_read(struct udevice *dev, void *data,
> > size_t count)  {
> > -       return tpm_get_random(dev_get_parent(dev), data, count);
> > +       struct udevice *tpm_dev = dev_get_parent(dev);
> > +       u32 rc;
> > +
> > +       rc = tpm_auto_start(tpm_dev);
> > +       if (rc)
> > +               return log_msg_ret("start", -EIO);
> > +
> > +       return tpm_get_random(tpm_dev, data, count);
> >  }
> >
> >  static const struct dm_rng_ops tpm_rng_ops = {
> > --
> > 2.34.1
> >

More information about the U-Boot mailing list