Re: [PATCH v8] tpm_crb: fix fTPM on AMD Zen+ CPUs
From: Jerry Snitselaar
Date: Wed Oct 23 2019 - 19:20:47 EST
On Wed Oct 23 19, Jarkko Sakkinen wrote:
On Mon, Oct 21, 2019 at 06:57:35PM +0300, Jarkko Sakkinen wrote:
Almost tested this today. Unfortunately the USB stick at hand was
broken. I'll retry tomorrow or Wed depending on which day I visit at
the office and which day I WFH.
At least the AMI BIOS had all the TPM stuff in it. The hardware I'll be
using is Udoo Bolt V8 (thanks Jerry for pointing me out this device)
with AMD Ryzen Embedded V1605B [1]
Thanks for the patience with your patch.
[1] https://en.wikichip.org/wiki/amd/ryzen_embedded/v1605b
Jerry, are you confident to give this tested-by?
I'm still in process of finding what I should put to .config in order
to get USB keyboard working with UDOO BOLT.
/Jarkko
I ran it through the tpm2 kselftests and it passed:
TAP version 13
1..2
# selftests: tpm2: test_smoke.sh
# test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
# test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
# test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
# test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
# test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
# test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
# test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 9 tests in 12.305s
#
# OK
ok 1 selftests: tpm2: test_smoke.sh
# selftests: tpm2: test_space.sh
# test_flush_context (tpm2_tests.SpaceTest) ... ok
# test_get_handles (tpm2_tests.SpaceTest) ... ok
# test_invalid_cc (tpm2_tests.SpaceTest) ... ok
# test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 4 tests in 11.355s
#
# OK
ok 2 selftests: tpm2: test_space.sh
I also did some other testing of tpm2-tools commands, creating a
trusted key and encrypted key, and running rngtest against /dev/random
with the current hwrng being tpm-rng-0.
I ran the selftests on an intel nuc as well:
TAP version 13
1..2
# selftests: tpm2: test_smoke.sh
# test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
# test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
# test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
# test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
# test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
# test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
# test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 9 tests in 29.620s
#
# OK
ok 1 selftests: tpm2: test_smoke.sh
# selftests: tpm2: test_space.sh
# test_flush_context (tpm2_tests.SpaceTest) ... ok
# test_get_handles (tpm2_tests.SpaceTest) ... ok
# test_invalid_cc (tpm2_tests.SpaceTest) ... ok
# test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 4 tests in 26.337s
#
# OK
ok 2 selftests: tpm2: test_space.sh
So,
Tested-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>
One thing I've noticed on the bolt and the nuc:
[ 0.808935] tpm_tis MSFT0101:00: IRQ index 0 not found
I'm guessing this is Stefan's patches causing this?
1ea32c83c699 | 2019-09-02 | tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (Stefan Berger)
5b359c7c4372 | 2019-09-02 | tpm_tis_core: Turn on the TPM before probing IRQ's (Stefan Berger)
I've never noticed tpm_tis messages before on a tpm_crb system, and doublechecked that I don't see it with 5.3.