Skip to content

Files

Latest commit

SergiiDmytrukmacpijan
SergiiDmytruk
and
macpijan
Fixes for TPM
May 9, 2022
bfac9e7 · May 9, 2022

History

History
109 lines (81 loc) · 5.1 KB

tpm_over_i2c.md

File metadata and controls

109 lines (81 loc) · 5.1 KB

This document is about TPM chips with I2C interface, their availability, documentation, drivers and other relevant sources that could help in supporting I2C TPM on Talos.

Known I2C chips

Implementation efforts

coreboot driver

coreboot already has drivers for two kinds of chips from above:

Drivers for Nuvoton or ST33 could be derived from Linux sources if needed.

Linux driver

Drivers for Atmel, Infineon and NPCT650 are in upstream Linux. NPCT750 driver is available as a set of patches for v5.6

Driver for ST33 is available as a patch for v5.4.83

coreboot DT

TPM should be added to device tree in a way compatible with skiboot and Linux.

skiboot driver

Looks like only NPCT650 is supported.

Drivers for other TPMs can be derived from coreboot or Linux drivers.

Existing drivers

The smallest drivers are for Atmel: coreboot ~100 lines, Linux ~200 lines.

Drivers for Infineon are ~600 lines in coreboot and ~750 in Linux (coreboot driver derived from the Linux driver).

Linux driver for Nuvoton is ~700 lines.

Linux driver for ST is ~300 lines.

Drivers like these are copied between projects and adapted, sometimes one device driver is derived from the other explicitly. This likely means that it won't be a major task to make a missing driver for chips whose documentation is available and is clear enough.

Implementations seem to be centered around transfer functions, which implement send and receive operations on registers.

Other potentially relevant sources

wolfTPM seems to implement drivers in userspace using I2C devices exposed through devfs.

There are also QEMU patches for Atmel I2C TPM AT97SC3204T.

"If you have a TPM security chip which is connected to a regular, non-tcg I2C master (i.e. most embedded platforms)" (not sure if applicable):