Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp685453ybi; Wed, 3 Jul 2019 03:04:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqwlIFPqT2bK7cF4rP8vj3Btaocs7d1h9Pdg4p0HSC1LT4o9Zm8cfI70VEy/QOIEdItNDWT4 X-Received: by 2002:a17:90a:cb01:: with SMTP id z1mr11619497pjt.93.1562148270236; Wed, 03 Jul 2019 03:04:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562148270; cv=none; d=google.com; s=arc-20160816; b=BCIM5E+Xxe+xDAFWUYQ15eG0VO1Qz0HB/6c/LxOUlwVIpm6wBh9mZ8t6paR682tL07 2F/Vgg5rFoKKG+Be59/UlocFzJLJWRCobzG2cssizRnfxABOnGZNXLez1ARF/k7Nnil9 SyNolLVwVAY71Q5WRGadZoY09I/bVnVF56z+YoB2ZXLH3ckK5toKCDWfCxiJOekduSm+ hVXDpQg10+smvZZifMYllFCoCevSHreT+K7gjFKD7SX911HJnTE9Afj3h1O6WpCV58/t 6roZj/oQHNqY3viecUw/SX85gzLhI/PXBBlwNcdaBKeXMtjgDSo7fTkOrRkPwVvVU1gp diWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BieYfjEM2Jzy6tm0eGzkxdcdk7kSkZqMecgJYNDMGV0=; b=tyfFoG+j1x4F/62YztxOngJJPkIMWUmy9Lcp8I1pVSspkyrzEjNwyPol8BVHVOr53p R9HhVEOHDLHQImk4NM9VWWZqqfhDLWYVSpBJ8oA6zpjjhLby88kfX3eYY7gXJuxZa4zr 8xblwXgfWRRLfbV1wAhjHmOarFjKlisM5z8JbYXGUJ47pBtpwIwyFO1d3djVV8zLYSdJ CUYnGRgiCLdoJahhpgBzXGhOB5F70Ese7mJhgs1HMjn7jgg2gpWS8h+Ipn9j2to615za hBgXc0+hdi5NlhTPVeyAfPsBgSnj6GjGRujhlhyvtXq0ISxFvk1i0OE7QQdhh0gwEXq8 4Vnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cG8ia6T7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s59si1929751plb.294.2019.07.03.03.04.14; Wed, 03 Jul 2019 03:04:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cG8ia6T7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727054AbfGCKD3 (ORCPT + 99 others); Wed, 3 Jul 2019 06:03:29 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:35672 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726434AbfGCKD2 (ORCPT ); Wed, 3 Jul 2019 06:03:28 -0400 Received: by mail-lf1-f68.google.com with SMTP id p197so1351273lfa.2 for ; Wed, 03 Jul 2019 03:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BieYfjEM2Jzy6tm0eGzkxdcdk7kSkZqMecgJYNDMGV0=; b=cG8ia6T7OSJ5BOL1ofr6Yg66FOfMfhI610OF3HU8QW3RUP4A/X2jPWhVUeZ85PwBj4 ZmquHHnWL0GNgchXP1S9U2K6BVJ9pcnkaEIkUbxdIBOt5NNYriWSWPKi3WbhecXYVOH2 ZmHRdorb89XdclWQ9Hrt2uS9CQHedIkTcZCEMckCv3M/Qyaa0NcXx8NSCGd7QbaO+6bW cRIpePtoyGfOYjpzzHM/U5mL+SyMWVmlOKf0UNDKW/ESVJRocMh+CRFqXG+nL3kQoMDv sefMYakUGTLZvoKRHziRK4GbgLIs2NMWTNu7U8JM+Bieg2yBD5fIFYNGI8GqGP2rJOfU bOxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BieYfjEM2Jzy6tm0eGzkxdcdk7kSkZqMecgJYNDMGV0=; b=ZXJ3uQ8FHih7SsPEmAJCcVMYUo4VLlERXA9rtqj65u3OmxxLkGzf4wGBfh7OEWN8Pk 3Sd2cZfFoEIZlEv+AI4gfNOAvMcjTpUG3Eh9BYQVPsz3RYDEElOemY5hIYeGRpQIQziz 9vv2gQnc5yM/gZEJpraUFvjdyrZYbAq5WkxbtVr9X0qt3c8rX/0VuGzdDfgSOAuk7P2P BSTUTUxHHtG5Ah55zD6ywCviF8+lxFVvOni+BoHEmib76ZeWBjvBCX5/KXxCD8DH8fTc o2cxpMnGvrN9y5vsENtF/jyQeoqu9XJvR8o0VWpxqO9UCsTDx0uxNlxriyCmef7fxMks kCwQ== X-Gm-Message-State: APjAAAXmFBDCGb10RYAI343xlzuKUsC6XNTKkXagaeH/umcQQqx66NhN 9efXwrYAPF4dXPjDHBQAzxvIWdxYdqateVeC5GRmow== X-Received: by 2002:a05:6512:15a:: with SMTP id m26mr17277395lfo.71.1562148206208; Wed, 03 Jul 2019 03:03:26 -0700 (PDT) MIME-Version: 1.0 References: <20190625201341.15865-1-sashal@kernel.org> <20190625201341.15865-2-sashal@kernel.org> <673dd30d03e8ed9825bb46ef21b2efef015f6f2a.camel@linux.intel.com> <20190626235653.GL7898@sasha-vm> <20190627133004.GA3757@apalos> <0893dc429d4c3f3b52d423f9e61c08a5012a7519.camel@linux.intel.com> <20190702142109.GA32069@apalos> <20190703065813.GA12724@apalos> In-Reply-To: From: Sumit Garg Date: Wed, 3 Jul 2019 15:33:14 +0530 Message-ID: Subject: Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE To: Ilias Apalodimas , Thirupathaiah Annapureddy Cc: Jarkko Sakkinen , Sasha Levin , "peterhuewe@gmx.de" , "jgg@ziepe.ca" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , Microsoft Linux Kernel List , "Bryan Kelly (CSI)" , "tee-dev@lists.linaro.org" , "rdunlap@infradead.org" , Joakim Bech Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 3 Jul 2019 at 13:42, Ilias Apalodimas wrote: > > Hi Thirupathaiah, > > (+Joakim) > > On Wed, 3 Jul 2019 at 09:58, Ilias Apalodimas > wrote: > > > > Hi Thirupathaiah, > > > > > > First of all, Thanks a lot for trying to test the driver. > > > > > np > > > > [...] > > > > I managed to do some quick testing in QEMU. > > > > Everything works fine when i build this as a module (using IBM's TPM 2.0 > > > > TSS) > > > > > > > > - As module > > > > # insmod /lib/modules/5.2.0-rc1/kernel/drivers/char/tpm/tpm_ftpm_tee.ko > > > > # getrandom -by 8 > > > > randomBytes length 8 > > > > 23 b9 3d c3 90 13 d9 6b > > > > > > > > - Built-in > > > > # dmesg | grep optee > > > > ftpm-tee firmware:optee: ftpm_tee_probe:tee_client_open_session failed, > > > > err=ffff0008 > > > This (0xffff0008) translates to TEE_ERROR_ITEM_NOT_FOUND. > > > > > > Where is fTPM TA located in the your test setup? > > > Is it stitched into TEE binary as an EARLY_TA or > > > Is it expected to be loaded during run-time with the help of user mode OP-TEE supplicant? > > > > > > My guess is that you are trying to load fTPM TA through user mode OP-TEE supplicant. > > > Can you confirm? > > I tried both > > > > Ok apparently there was a failure with my built-in binary which i > didn't notice. I did a full rebuilt and checked the elf this time :) > > Built as an earlyTA my error now is: > ftpm-tee firmware:optee: ftpm_tee_probe:tee_client_open_session > failed, err=ffff3024 (translates to TEE_ERROR_TARGET_DEAD) > Since you tested it on real hardware i guess you tried both > module/built-in. Which TEE version are you using? > > > > U-boot and Linux driver stacks work seamlessly without dependency on supplicant. Is this true? It looks like this fTPM driver can't work as a built-in driver. The reason seems to be secure storage access required by OP-TEE fTPM TA that is provided via OP-TEE supplicant that's not available during kernel boot. Snippet from ms-tpm-20-ref/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/fTPM.c +145: // If we fail to open fTPM storage we cannot continue. if (_plat__NVEnable(NULL) == 0) { TEE_Panic(TEE_ERROR_BAD_STATE); } So it seems like this module will work as a loadable module only after OP-TEE supplicant is up. -Sumit > Thanks > /Ilias