[PATCH v2] arm: k3: Kconfig: Enable fTPM and RPMB support
Shiva Tripathi
s-tripathi1 at ti.com
Tue Mar 17 12:34:29 CET 2026
On 3/11/26 02:15, Tom Rini wrote:
> On Wed, 25 Feb 2026 16:54:38 +0530, Shiva Tripathi wrote:
>
>> Enable firmware TPM (fTPM) support via OP-TEE for K3 platforms with
>> MMC hardware. This provides TPM 2.0 functionality through
>> Microsoft's fTPM Trusted Application running in OP-TEE secure world,
>> using eMMC RPMB as persistent storage.
>>
>> fTPM support in U-Boot provides the foundation for measured boot
>> and disk encryption use cases.
>>
>> [...]
>
> Applied to u-boot/next, thanks!
Hi Tom,
Thanks for applying the patch. Following are the steps to test these
(I'll soon update the relevant docs for this):
a. First step is to generate fTPM TA binary using ms-tpm-20-ref [1] and
optee_ftpm [2]. I have been using yocto to generate this fTPM TA Binary,
for reference, the binary I used [3].
b. Second step is to use above fTPM TA and build optee-os with RPMB and
early TA enabled:
make -j$(nproc) \
CROSS_COMPILE=arm-linux-gnueabihf- \
CROSS_COMPILE64=aarch64-linux-gnu- \
PLATFORM=k3 \
PLATFORM_FLAVOR=am62x \
CFG_ARM64_core=y \
CFG_RPMB_FS=y \
CFG_REE_FS=n \
CFG_EARLY_TA=y \
CFG_RPMB_ANNOUNCE_PROBE_CAP=n \
EARLY_TA_PATHS=/path/to/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
c. The optee binary can then be used to built final u-boot images,
testing logs for reference [4]
[1]: https://github.com/microsoft/ms-tpm-20-ref.git
[2]: https://github.com/OP-TEE/optee_ftpm.git
[3]:
https://github.com/shiva-ti/ftpm-binaries/blob/main/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
[4]: https://gist.github.com/shiva-ti/8ac6aded2bf0a3c9bd99627a45b50f6b
Thanks,
Shiva
>
> [1/1] arm: k3: Kconfig: Enable fTPM and RPMB support
> commit: 8bc2a5196c1c0bb5dbdaca073323da0015a0de37
More information about the U-Boot
mailing list