[PATCH v2] arm: k3: Kconfig: Enable fTPM and RPMB support

Tom Rini trini at konsulko.com
Tue Mar 17 15:07:55 CET 2026 

On Tue, Mar 17, 2026 at 05:04:29PM +0530, Shiva Tripathi wrote:
> 
> 
> On 3/11/26 02:15, Tom Rini wrote:
> > On Wed, 25 Feb 2026 16:54:38 +0530, Shiva Tripathi wrote:
> > 
> >> Enable firmware TPM (fTPM) support via OP-TEE for K3 platforms with
> >> MMC hardware. This provides TPM 2.0 functionality through
> >> Microsoft's fTPM Trusted Application running in OP-TEE secure world,
> >> using eMMC RPMB as persistent storage.
> >>
> >> fTPM support in U-Boot provides the foundation for measured boot
> >> and disk encryption use cases.
> >>
> >> [...]
> > 
> > Applied to u-boot/next, thanks!
> 
> Hi Tom,
> 
> Thanks for applying the patch. Following are the steps to test these
> (I'll soon update the relevant docs for this):
> 
> a. First step is to generate fTPM TA binary using ms-tpm-20-ref [1] and
> optee_ftpm [2]. I have been using yocto to generate this fTPM TA Binary,
> for reference, the binary I used [3].
> 
> b. Second step is to use above fTPM TA and build optee-os with RPMB and
> early TA enabled:
>   make -j$(nproc) \
>        CROSS_COMPILE=arm-linux-gnueabihf- \
>        CROSS_COMPILE64=aarch64-linux-gnu- \
>        PLATFORM=k3 \
>        PLATFORM_FLAVOR=am62x \
>        CFG_ARM64_core=y \
>        CFG_RPMB_FS=y \
>        CFG_REE_FS=n \
>        CFG_EARLY_TA=y \
>        CFG_RPMB_ANNOUNCE_PROBE_CAP=n \
> 
> EARLY_TA_PATHS=/path/to/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
> 
> c. The optee binary can then be used to built final u-boot images,
> testing logs for reference [4]
> 
> [1]: https://github.com/microsoft/ms-tpm-20-ref.git
> [2]: https://github.com/OP-TEE/optee_ftpm.git
> [3]:
> https://github.com/shiva-ti/ftpm-binaries/blob/main/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
> [4]: https://gist.github.com/shiva-ti/8ac6aded2bf0a3c9bd99627a45b50f6b

I will try this manually when I have a chance, thanks. Please update the
generic TI K3 documents to include this as well, too.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260317/bb129444/attachment.sig>

More information about the U-Boot mailing list