Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp494938ybi; Tue, 2 Jul 2019 23:59:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqy5Bc74MXJQO1x6+dtJZA0wDqhLAg741RcsvK3PzQFsTzEj0D0feXYxH/xbU6oZfQXNfAQ3 X-Received: by 2002:a63:6883:: with SMTP id d125mr35881279pgc.281.1562137150901; Tue, 02 Jul 2019 23:59:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562137150; cv=none; d=google.com; s=arc-20160816; b=v1SeWmVNCEbU1EgyUz4vBrTxwT3BpStFVyUkfci+zQTPtR5JGC5l++mIfle6cna6xA rkHV154CGIUfwW3M9MiePotQ+d+9mMxTLAs862E5nVQDzO4N7fWUtdtSBCAlIEBsPlXO 0/1znzx83gphVw2ODenl9+XcicQ8xaK+KpBCONuIk1ecLzqc4cZafJR24TMLy1yqwfcJ FHhD+Q8VaCHxJNjfF6WUtbPauwciQg50FMOtBSemZ1n042jcmI+HgPXR7gHGYtl+NLzU msu0bmr0u7p6+8fp5i7QTKxOXUnHuE9SHPzW0faAikSBATsg/0pSOPkiK2FdstBnXsYk wQ3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=7NIH8CFjAMNOmJLuHgmNt9jeNJYxR5K2QbGvBFYhPyM=; b=tQo0O9zyfWZPfgTSfwPb/RZRBlfcu8SC7Pem1kH6rr8jZntDlss9J8GoZQEzNkfTwG z30xi6Q99kCdrfoQxIsIaUWoOZ7gzlsp9GDl8RIoSK8W8TpzuWDrJ4l7SC6EIJl1c+RG dkWjnAf4bPtfZGMTh3VGsdHetJuBa/7w/ddp0ZyIrTF5BziL5y2T38a5vCOQiKnDDiOC cnaPMGL51PwjWjFOWmQh+6eVKXnTWWqCHaOpkzFHxJFttkzLjQ2D6PZQObJOIgW0TY1G cLGpUCNOzNL6tlbsRb3V8UN0jEX43MK3XkpC653nmFodOe7VwIgjKnK4QB+5FtLbSuSN stXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zQl30MMY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d22si1540566pgg.256.2019.07.02.23.58.55; Tue, 02 Jul 2019 23:59:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zQl30MMY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727052AbfGCG6T (ORCPT + 99 others); Wed, 3 Jul 2019 02:58:19 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:43140 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726684AbfGCG6T (ORCPT ); Wed, 3 Jul 2019 02:58:19 -0400 Received: by mail-wr1-f65.google.com with SMTP id p13so1349943wru.10 for ; Tue, 02 Jul 2019 23:58:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=7NIH8CFjAMNOmJLuHgmNt9jeNJYxR5K2QbGvBFYhPyM=; b=zQl30MMYhx8iWYLwIlLcv/0wck1BuceVHDEuRd2T38gMScJknOBuV9dIia/OxTsOne UiekeRlnsmdKKem6TxZ7FnAX7OwFWc0t1yboi4SJPCLz0SePEH6zy9YglOjh3zK3As7e U5frAhWsfFf2lcvoSrnaeCOKdho5ZmrzWbcbgW31fh6FCLixroxYU/emHdGuqsj8+xZX 5P1osZUnAolbMmu6Uyw6cMoqYTwq37eWPnCvDjLXvg3hkv/3ZyxqRoBKnIeQlX0NBIub hkiOCkOscL99ZtTxTaY2pFPk236kNhq13Et10x2UsdzqorQ3g2R76Mt4H7Vk/6UDLbbZ Spmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=7NIH8CFjAMNOmJLuHgmNt9jeNJYxR5K2QbGvBFYhPyM=; b=jZlLKEJdiAGCnKowpBdTkT35st5nuiYc6wJ/BKupel3mJGsX/IQgBMtg+rTzhWPrkY psrhBpmJxzaODgL8Pk1DLywGYrRD5l8pvX5J1EVFJiSQd6tfzQx/PSlIGAFXpz28fO9Z JKrq/dz7OExQve8DZZVmyk9y+2y9bQ0Z4cZy2ae5OZIhtVIUupL1C6hNeDIEcyc/dUv8 ojvygYdXtvu6Fv5fetkmVF3DFTbC+PWOjYQ5vqLsgRGtQsRJkDvnaPj6dKxtgT7gieXK WiazTRBogSqiezA5iQEQeVJZKvWsuOEzMSlFvihbUy/kgNhsYOCU/rr7VMW3iY/vGAnS WSuQ== X-Gm-Message-State: APjAAAX9sUc0MlBiitTuxmeimnPjAan5mBQi4NZcbg0ghHRj4Az95MMP i0RnWlqmwY4ExifXTRIme3RUFw== X-Received: by 2002:adf:b748:: with SMTP id n8mr1825265wre.268.1562137096980; Tue, 02 Jul 2019 23:58:16 -0700 (PDT) Received: from apalos (athedsl-428434.home.otenet.gr. [79.131.225.144]) by smtp.gmail.com with ESMTPSA id g14sm1287678wro.11.2019.07.02.23.58.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jul 2019 23:58:16 -0700 (PDT) Date: Wed, 3 Jul 2019 09:58:13 +0300 From: Ilias Apalodimas To: Thirupathaiah Annapureddy Cc: Jarkko Sakkinen , Sasha Levin , "peterhuewe@gmx.de" , "jgg@ziepe.ca" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , Microsoft Linux Kernel List , "Bryan Kelly (CSI)" , "tee-dev@lists.linaro.org" , "sumit.garg@linaro.org" , "rdunlap@infradead.org" Subject: Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE Message-ID: <20190703065813.GA12724@apalos> References: <20190625201341.15865-1-sashal@kernel.org> <20190625201341.15865-2-sashal@kernel.org> <673dd30d03e8ed9825bb46ef21b2efef015f6f2a.camel@linux.intel.com> <20190626235653.GL7898@sasha-vm> <20190627133004.GA3757@apalos> <0893dc429d4c3f3b52d423f9e61c08a5012a7519.camel@linux.intel.com> <20190702142109.GA32069@apalos> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Thirupathaiah, > > First of all, Thanks a lot for trying to test the driver. > np [...] > > I managed to do some quick testing in QEMU. > > Everything works fine when i build this as a module (using IBM's TPM 2.0 > > TSS) > > > > - As module > > # insmod /lib/modules/5.2.0-rc1/kernel/drivers/char/tpm/tpm_ftpm_tee.ko > > # getrandom -by 8 > > randomBytes length 8 > > 23 b9 3d c3 90 13 d9 6b > > > > - Built-in > > # dmesg | grep optee > > ftpm-tee firmware:optee: ftpm_tee_probe:tee_client_open_session failed, > > err=ffff0008 > This (0xffff0008) translates to TEE_ERROR_ITEM_NOT_FOUND. > > Where is fTPM TA located in the your test setup? > Is it stitched into TEE binary as an EARLY_TA or > Is it expected to be loaded during run-time with the help of user mode OP-TEE supplicant? > > My guess is that you are trying to load fTPM TA through user mode OP-TEE supplicant. > Can you confirm? I tried both > If that is the true, > - In the case of driver built as a module (CONFIG_TCG_FTPM_TEE=m), this is works fine > as user mode supplicant is ready. > - In the built-in case (CONFIG_TCG_FTPM_TEE=y), > This would result in the above error 0xffff0008 as TEE is unable to find fTPM TA. Maybe i did something wrong and never noticed it wasn't built as an earlyTA > > The expectation is that fTPM TA is built as an EARLY_TA (in BL32) so that > U-boot and Linux driver stacks work seamlessly without dependency on supplicant. > You can add my tested-by tag for the module. I'll go back to testing it as built-in at some point in real hardware and let you know if i have any issues. If someone's is interested in the QEMU testing: 1. compile this https://github.com/jbech-linaro/manifest/blob/ftpm/README.md 2. replace the whole linux kernel on the root-dir with a latest version + fTPM char driver 3. Apply a hack on kernel and disable dynamic shm (Need for this depends on kernel + op-tee version) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 1854a3db..7aea8a5 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -588,13 +588,15 @@ static struct optee *optee_probe(struct device_node *np) /* * Try to use dynamic shared memory if possible */ +#if 0 if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) pool = optee_config_dyn_shm(); +#endif /* * If dynamic shared memory is not available or failed - try static one */ - if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) + if (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM) pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm); if (IS_ERR(pool)) For the module part: Tested-by: Ilias Apalodimas