[coreboot] TPM support for SeaBIOS -- looking for a tester on real hardware

Sven Schnelle svens at stackframe.org
Thu Sep 8 21:45:27 CEST 2011 

Hi Stefan,

Stefan Berger <stefanb at linux.vnet.ibm.com> writes:

> On 09/08/2011 02:47 AM, Sven Schnelle wrote:
>> Stefan Berger<stefanb at linux.vnet.ibm.com>  writes:
>>
>>>    Would anybody be interested in testing the TPM support I added to
>>> SeaBIOS. I unfortunately don't have a motherboard myself where I could
>>> try it. I have added the support to SeaBIOS for the TPM device model
>>> in Qemu.  What you would need for trying it is a motherboard with a
>>> TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize
>>> the TPM and allow the user to enter another SeaBIOS menu.
>> I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both
>> models have TPM onboard. I could give it a try, but i don't know if i
>> have to add any code to coreboot for HW initialization. Actually i have
>> no clue how TPM works, never played with it so far... :)
>>
> Could you pick up the patches from the SeaBIOS mailing list and try them?
> The latest patches were posted in this thread:
>
> http://www.seabios.org/pipermail/seabios/2011-August/002252.html

I've applied your TPM/TCG patches to seabios. I've seen that
CONFIG_TCGBIOS depends on !COREBOOT. Is there a specific reason for
this?

tis_probe() failed to read the Device/Vendor ID from the MMIO space. 
Linux detects the TPM device and can read the register:

[    0.549893] tpm_tis 00:0a: 1.2 TPM (device-id 0x3202, rev-id 5)

After i added the following, seabios was able to read the DID_VID register:

diff --git a/src/tpm_drivers.c b/src/tpm_drivers.c
index e03c9bd..7103d54 100644
--- a/src/tpm_drivers.c
+++ b/src/tpm_drivers.c
@@ -28,6 +28,8 @@ static u32 tpm_default_durations[3] = {
 static u32 tis_probe(void)
 {
     u32 rc = 0;
+
+    writeb(TIS_REG(0, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE);
     u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));

     if ((didvid != 0) && (didvid != 0xffffffff))

After that i was able to read the IDs. However, this made my Thinkpad
take about 15s until seabios showed the SeaBIOS version line on the
screen. SeaBIOS also didn't show the F11 message.

I haven't tried to debug that further - fear that this will have to wait
for the weekend. Just want to send you the results from the first
(short) test.

Sven

More information about the coreboot mailing list