Re: [PATCH v8] tpm_crb: fix fTPM on AMD Zen+ CPUs

[Jerry Snitselaar]

On Wed Oct 23 19, Jarkko Sakkinen wrote:
> On Mon, Oct 21, 2019 at 06:57:35PM +0300, Jarkko Sakkinen wrote:
> > Almost tested this today. Unfortunately the USB stick at hand was
> > broken.  I'll retry tomorrow or Wed depending on which day I visit at
> > the office and which day I WFH.
> >
> > At least the AMI BIOS had all the TPM stuff in it. The hardware I'll be
> > using is Udoo Bolt V8 (thanks Jerry for pointing me out this device)
> > with AMD Ryzen Embedded V1605B [1]
> >
> > Thanks for the patience with your patch.
> >
> > [1] https://en.wikichip.org/wiki/amd/ryzen_embedded/v1605b
>
> Jerry, are you confident to give this tested-by?
>
> I'm still in process of finding what I should put to .config in order
> to get USB keyboard working with UDOO BOLT.
>
> /Jarkko

I ran it through the tpm2 kselftests and it passed:

TAP version 13
1..2
# selftests: tpm2: test_smoke.sh
# test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
# test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
# test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
# test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
# test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
# test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
# test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 9 tests in 12.305s
#
# OK
ok 1 selftests: tpm2: test_smoke.sh
# selftests: tpm2: test_space.sh
# test_flush_context (tpm2_tests.SpaceTest) ... ok
# test_get_handles (tpm2_tests.SpaceTest) ... ok
# test_invalid_cc (tpm2_tests.SpaceTest) ... ok
# test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
#
# ----------------------------------------------------------------------
# Ran 4 tests in 11.355s
#
# OK
ok 2 selftests: tpm2: test_space.sh


I also did some other testing of tpm2-tools commands, creating a
trusted key and encrypted key, and running rngtest against /dev/random
with the current hwrng being tpm-rng-0.

I ran the selftests on an intel nuc as well:

TAP version 13
1..2
# selftests: tpm2: test_smoke.sh
# test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
# test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
# test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
# test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
# test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
# test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
# test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
# test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
# 
# ----------------------------------------------------------------------
# Ran 9 tests in 29.620s
# 
# OK
ok 1 selftests: tpm2: test_smoke.sh
# selftests: tpm2: test_space.sh
# test_flush_context (tpm2_tests.SpaceTest) ... ok
# test_get_handles (tpm2_tests.SpaceTest) ... ok
# test_invalid_cc (tpm2_tests.SpaceTest) ... ok
# test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
# 
# ----------------------------------------------------------------------
# Ran 4 tests in 26.337s
# 
# OK
ok 2 selftests: tpm2: test_space.sh


So,

Tested-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>



One thing I've noticed on the bolt and the nuc:

[    0.808935] tpm_tis MSFT0101:00: IRQ index 0 not found

I'm guessing this is Stefan's patches causing this?

1ea32c83c699 | 2019-09-02 | tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (Stefan Berger)
5b359c7c4372 | 2019-09-02 | tpm_tis_core: Turn on the TPM before probing IRQ's (Stefan Berger)

I've never noticed tpm_tis messages before on a tpm_crb system, and doublechecked that I don't see it with 5.3.