[SeaBIOS] TPM 2.0 with SeaBIOS

Piotr Kubaj pkubaj at anongoth.pl
Wed Aug 1 15:39:29 CEST 2018


Hi,

I upgraded to latest master and the error is gone. It looks like only 1.11.2 is affected.

On 18-07-30 11:28:27, Stefan Berger wrote:
>On 07/27/2018 07:43 PM, Kevin O'Connor wrote:
>> On Sat, Jul 21, 2018 at 08:11:14PM +0200, Piotr Kubaj wrote:
>>> Hi,
>>>
>>> I use SeaBIOS 1.11.2 as payload with 4.8-835-g113f670baa on ASUS KGPE-D16 board. I also have ASUS TPM-L R2.0 module with Infineon SLB9665 chip.
>>>
>>> TPM is correctly detected by both Linux and FreeBSD. It's also detected by coreboot in debug console. But SeaBIOS doesn't cooperate with it - there's no TPM menu.
>>>
>>> In serial console, I get:
>>> TCGBIOS: Detected a TPM 1.2.
>>> rsdp=0x000f1930
>>> rsdt=0xbf4b9030
>>> table(41504354)=0xbf4bf460
>>> TCGBIOS: Starting with TPM_Startup(ST_CLEAR)
>>> Return from tpm_simple_cmd(99, 1) = 1e
>>> TCGBIOS: TPM malfunctioning (line 874).
>>> Return from tpm_simple_cmd(73, 0) = 1e
>>>
>>> Note that SeaBIOS detects it as TPM 1.2, even though it's TPM 2.0.
>> The error (0x1e) appears to be a TPM_BADTAG code.  That's probably
>> because it's being treated as a TPM v1.2 instead of v2.0.
>>
>> Stefan and Stephen were recently looking at this - maybe they know why
>> this occurred?
>
>Obviously our algorithm to detect the TPM version by interface works for
>some interfaces correctly but not all of them. The only strategy I can
>suggest now is to add more debugging information into
>src/hw/tpm_drivers.c tis_get_tpm_version():
>
>
>diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c
>index e4770b3..7ba89aa 100644
>--- a/src/hw/tpm_drivers.c
>+++ b/src/hw/tpm_drivers.c
>@@ -144,12 +144,15 @@ static TPMVersion tis_get_tpm_version(void)
>  {
>      u32 reg = readl(TIS_REG(0, TIS_REG_IFACE_ID));
>
>+    dprintf(DEBUG_tcg, "iface_id = 0x%x\n", reg);
>      /*
>       * FIFO interface as defined in TIS1.3 is active
>       * Interface capabilities are defined in TIS_REG_INTF_CAPABILITY
>       */
>      if ((reg & 0xf) == 0xf) {
>          reg = readl(TIS_REG(0, TIS_REG_INTF_CAPABILITY));
>+
>+        dprintf(DEBUG_tcg, "intf_capability = 0x%x\n", reg);
>          /* Interface 1.3 for TPM 2.0 */
>          if (((reg >> 28) & 0x7) == 3)
>              return TPM_VERSION_2;
>
>
>If you could please patch this in and show what it displays.
>
>     Stefan
>
>>
>> -Kevin
>>
>
>
>-- 
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>

-- 
 ________________________________________ 
/ Hi! I'm Larry. This is my brother Bob, \
| and this is my other brother Jimbo. We |
| thought you might like to know the     |
\ names of your assailants.              /
 ---------------------------------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/seabios/attachments/20180801/29b4a9a1/attachment.asc>


More information about the SeaBIOS mailing list