Hello!
Would anybody be interested in testing the TPM support I added to SeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
Regards, Stefan
Hi Stefan,
Stefan Berger stefanb@linux.vnet.ibm.com writes:
Would anybody be interested in testing the TPM support I added to SeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both models have TPM onboard. I could give it a try, but i don't know if i have to add any code to coreboot for HW initialization. Actually i have no clue how TPM works, never played with it so far... :)
Regards
Sven
Hi
no clue how TPM works, never played with it so far... :)
Well as far I know it is just a LPC device (if it is 1,1 device), make sure the region for that chip is decoded and enable decoding of 0xfed0_0000 (sorry do not remember right range out of my head) in chipset which is needed for special LPC cycles. That is all I know. This special cycles have something in common with SKINIT or maybe with TPM 1.2
http://www.informit.com/articles/article.aspx?p=1154764&seqNum=3
Thanks Rudolf
On 09/08/2011 06:49 AM, Rudolf Marek wrote:
Hi
no clue how TPM works, never played with it so far... :)
Well as far I know it is just a LPC device (if it is 1,1 device), make sure the region for that chip is decoded and enable decoding of 0xfed0_0000 (sorry do not remember right range out of my head) in chipset which is needed for special LPC cycles. That is all I know. This special cycles have something in common with SKINIT or maybe with TPM 1.2
A TPM 1.2 device has its mmio region at fed4 0000 - fed4 4fff. I am not sure whether coreboot needs to program some other hardware to enable that region but in Qemu with TPM device model SeaBIOS either did that or it 'just worked'.
Stefan
http://www.informit.com/articles/article.aspx?p=1154764&seqNum=3
Thanks Rudolf
On 09/08/2011 02:47 AM, Sven Schnelle wrote:
Hi Stefan,
Stefan Bergerstefanb@linux.vnet.ibm.com writes:
Would anybody be interested in testing the TPM support I added to SeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both models have TPM onboard. I could give it a try, but i don't know if i have to add any code to coreboot for HW initialization. Actually i have no clue how TPM works, never played with it so far... :)
Could you pick up the patches from the SeaBIOS mailing list and try them? The latest patches were posted in this thread:
http://www.seabios.org/pipermail/seabios/2011-August/002252.html
For compilation, the .config file in SeaBIOS would have to have
CONFIG_TCGBIOS=y
set for the TPM support to be compiled in.
Regards, Stefan
Regards
Sven
Hi Stefan,
Stefan Berger stefanb@linux.vnet.ibm.com writes:
On 09/08/2011 02:47 AM, Sven Schnelle wrote:
Stefan Bergerstefanb@linux.vnet.ibm.com writes:
Would anybody be interested in testing the TPM support I added to SeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both models have TPM onboard. I could give it a try, but i don't know if i have to add any code to coreboot for HW initialization. Actually i have no clue how TPM works, never played with it so far... :)
Could you pick up the patches from the SeaBIOS mailing list and try them? The latest patches were posted in this thread:
http://www.seabios.org/pipermail/seabios/2011-August/002252.html
I've applied your TPM/TCG patches to seabios. I've seen that CONFIG_TCGBIOS depends on !COREBOOT. Is there a specific reason for this?
tis_probe() failed to read the Device/Vendor ID from the MMIO space. Linux detects the TPM device and can read the register:
[ 0.549893] tpm_tis 00:0a: 1.2 TPM (device-id 0x3202, rev-id 5)
After i added the following, seabios was able to read the DID_VID register:
diff --git a/src/tpm_drivers.c b/src/tpm_drivers.c index e03c9bd..7103d54 100644 --- a/src/tpm_drivers.c +++ b/src/tpm_drivers.c @@ -28,6 +28,8 @@ static u32 tpm_default_durations[3] = { static u32 tis_probe(void) { u32 rc = 0; + + writeb(TIS_REG(0, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE); u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));
if ((didvid != 0) && (didvid != 0xffffffff))
After that i was able to read the IDs. However, this made my Thinkpad take about 15s until seabios showed the SeaBIOS version line on the screen. SeaBIOS also didn't show the F11 message.
I haven't tried to debug that further - fear that this will have to wait for the weekend. Just want to send you the results from the first (short) test.
Sven
On 09/08/2011 03:45 PM, Sven Schnelle wrote:
Hi Stefan,
Stefan Bergerstefanb@linux.vnet.ibm.com writes:
On 09/08/2011 02:47 AM, Sven Schnelle wrote:
Stefan Bergerstefanb@linux.vnet.ibm.com writes:
Would anybody be interested in testing the TPM support I added toSeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both models have TPM onboard. I could give it a try, but i don't know if i have to add any code to coreboot for HW initialization. Actually i have no clue how TPM works, never played with it so far... :)
Could you pick up the patches from the SeaBIOS mailing list and try them? The latest patches were posted in this thread:
http://www.seabios.org/pipermail/seabios/2011-August/002252.html
I've applied your TPM/TCG patches to seabios. I've seen that CONFIG_TCGBIOS depends on !COREBOOT. Is there a specific reason for this?
I believe the reason for this is that SeaBIOS's ACPI table support is not compiled in if compiled for COREBOOT. At least some part of the TPM support does depend on the ACPI tables, i.e., for all the logging.
tis_probe() failed to read the Device/Vendor ID from the MMIO space. Linux detects the TPM device and can read the register:
[ 0.549893] tpm_tis 00:0a: 1.2 TPM (device-id 0x3202, rev-id 5)
After i added the following, seabios was able to read the DID_VID register:
diff --git a/src/tpm_drivers.c b/src/tpm_drivers.c index e03c9bd..7103d54 100644 --- a/src/tpm_drivers.c +++ b/src/tpm_drivers.c @@ -28,6 +28,8 @@ static u32 tpm_default_durations[3] = { static u32 tis_probe(void) { u32 rc = 0;
- writeb(TIS_REG(0, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE);
I suppose reading 'didvid' returned 0xFFFFFFFF before? I am surprised that these most basic registers are 'hidden' if the locality is not in use. This for sure isn't the case for registers of other localities where one can read at least the state if another locality is currently active.
u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID)); if ((didvid != 0)&& (didvid != 0xffffffff))After that i was able to read the IDs. However, this made my Thinkpad take about 15s until seabios showed the SeaBIOS version line on the screen. SeaBIOS also didn't show the F11 message.
I haven't tried to debug that further - fear that this will have to wait for the weekend. Just want to send you the results from the first (short) test.
Let me know how this went. Maybe enabling the debugging messages shows something useful. Try setting the DEBUG_tcg to 0 in src/config.h.
Stefan
Sven
On Wed, Sep 7, 2011 at 8:30 AM, Stefan Berger stefanb@linux.vnet.ibm.com wrote:
Hello!
Would anybody be interested in testing the TPM support I added to SeaBIOS. I unfortunately don't have a motherboard myself where I could try it. I have added the support to SeaBIOS for the TPM device model in Qemu. What you would need for trying it is a motherboard with a TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize the TPM and allow the user to enter another SeaBIOS menu.
Regards, Stefan
Hi Stefan,
This is excelent stuff. i am at the Linux Plumbers Conf this week, but I really want to try your TPM on hardware soon.I need to identify a some hardwar e to test with and I'll keep you posted on my results.
Marc
-
Marc Jones -
Rudolf Marek -
Stefan Berger -
Sven Schnelle