[PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[Mikko Rapeli]

All other firmware boot components also continue booting
if TPM is not found. It is up to subsequent SW components
to e.g. fail if rootfs can't be decrypted. Enables policies
like fall back to unencrypted rootfs if TPM device is
not found with qemu and swtpm.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 +++++++++++++++++++
 .../trusted-firmware-a_2.10.3.bb              |  5 +++
 2 files changed, 41 insertions(+)
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch

diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
new file mode 100644
index 00000000..2d189d8e
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
@@ -0,0 +1,36 @@
+From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Mon, 15 Jan 2024 09:26:56 +0000
+Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
+
+If firmware is configured with TPM support but it's missing
+on HW, e.g. swtpm not started and/or configured with qemu,
+then continue booting. Missing TPM is not a fatal error.
+Enables testing boot without TPM device to see that
+missing TPM is detected further up the SW stack and correct
+fallback actions are taken.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
+index 122bb23b14..731b081c47 100644
+--- a/plat/qemu/qemu/qemu_measured_boot.c
++++ b/plat/qemu/qemu/qemu_measured_boot.c
+@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
+ 		 * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
+ 		 * secure Event Log buffer address.
+ 		 */
+-		panic();
++		ERROR("Ignoring TPM errors, continuing without\n");
++		return;
+ 	}
+ 
+ 	/* Copy Event Log to Non-secure memory */
+-- 
+2.34.1
+
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
index b30ac725..13942dbb 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
@@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
 SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
 
 LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+# continue to boot also without TPM
+SRC_URI += "\
+    file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
+"
-- 
2.34.1

[PATCH 2/2] optee-ftpm: enumerate also without tee-supplicant

[Mikko Rapeli]

Userspace like systemd boot manager would need to know
how to find TPM and fTPM devices for rootfs encryption.
Thus expose an fTPM TA enumeration also without tee-supplicant
so that early boot managers can start tee-supplicant and
wait for the fTPM device before continuing with TPM2
use cases.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 .../optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
index 7c61105b..175875c1 100644
--- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
@@ -21,7 +21,7 @@ index 92c33c1..e83619d 100644
  #define TA_UUID                     TA_FTPM_UUID
  
 -#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE)
-+#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
++#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM )
  #define TA_STACK_SIZE               (64 * 1024)
  #define TA_DATA_SIZE                (32 * 1024)
  
-- 
2.34.1

Re: [PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[Jon Mason]

On Wed, Apr 17, 2024 at 02:07:21PM +0300, Mikko Rapeli wrote:
> All other firmware boot components also continue booting
> if TPM is not found. It is up to subsequent SW components
> to e.g. fail if rootfs can't be decrypted. Enables policies
> like fall back to unencrypted rootfs if TPM device is
> not found with qemu and swtpm.
> 
> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>

This series is failing on all instances of qemuarm64-secureboot and
qemuarm-secureboot.  You can see it on my gitlab CI at:
https://gitlab.com/jonmason00/meta-arm/-/pipelines/1261200728

All of them appear to be due to detecting the following error (snipped
from the dmesg of the errorlog):
optee-ftpm optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896: ftpm_tee_probe: tee_client_open_session failed, err=ffff3024
optee-ftpm: probe of optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896 failed with error -22

Thanks,
Jon

> ---
>  ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 +++++++++++++++++++
>  .../trusted-firmware-a_2.10.3.bb              |  5 +++
>  2 files changed, 41 insertions(+)
>  create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> 
> diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> new file mode 100644
> index 00000000..2d189d8e
> --- /dev/null
> +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> @@ -0,0 +1,36 @@
> +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
> +From: Mikko Rapeli <mikko.rapeli@linaro.org>
> +Date: Mon, 15 Jan 2024 09:26:56 +0000
> +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
> +
> +If firmware is configured with TPM support but it's missing
> +on HW, e.g. swtpm not started and/or configured with qemu,
> +then continue booting. Missing TPM is not a fatal error.
> +Enables testing boot without TPM device to see that
> +missing TPM is detected further up the SW stack and correct
> +fallback actions are taken.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> +---
> + plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
> +index 122bb23b14..731b081c47 100644
> +--- a/plat/qemu/qemu/qemu_measured_boot.c
> ++++ b/plat/qemu/qemu/qemu_measured_boot.c
> +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
> + 		 * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
> + 		 * secure Event Log buffer address.
> + 		 */
> +-		panic();
> ++		ERROR("Ignoring TPM errors, continuing without\n");
> ++		return;
> + 	}
> + 
> + 	/* Copy Event Log to Non-secure memory */
> +-- 
> +2.34.1
> +
> diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> index b30ac725..13942dbb 100644
> --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> @@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
>  SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
>  
>  LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
> +
> +# continue to boot also without TPM
> +SRC_URI += "\
> +    file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
> +"
> -- 
> 2.34.1
> 
> 

Re: [PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[Mikko Rapeli]

Hi,

On Sat, Apr 20, 2024 at 06:40:54PM -0400, Jon Mason wrote:
> On Wed, Apr 17, 2024 at 02:07:21PM +0300, Mikko Rapeli wrote:
> > All other firmware boot components also continue booting
> > if TPM is not found. It is up to subsequent SW components
> > to e.g. fail if rootfs can't be decrypted. Enables policies
> > like fall back to unencrypted rootfs if TPM device is
> > not found with qemu and swtpm.
> > 
> > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> 
> This series is failing on all instances of qemuarm64-secureboot and
> qemuarm-secureboot.  You can see it on my gitlab CI at:
> https://gitlab.com/jonmason00/meta-arm/-/pipelines/1261200728
> 
> All of them appear to be due to detecting the following error (snipped
> from the dmesg of the errorlog):
> optee-ftpm optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896: ftpm_tee_probe: tee_client_open_session failed, err=ffff3024
> optee-ftpm: probe of optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896 failed with error -22

Bummer, checking what I missed here.

Did optee-test/xtest run and possibly pass despite of this? I don't see this from the logs.

Cheers,

-Mikko

> Thanks,
> Jon
> 
> > ---
> >  ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 +++++++++++++++++++
> >  .../trusted-firmware-a_2.10.3.bb              |  5 +++
> >  2 files changed, 41 insertions(+)
> >  create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > 
> > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > new file mode 100644
> > index 00000000..2d189d8e
> > --- /dev/null
> > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > @@ -0,0 +1,36 @@
> > +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
> > +From: Mikko Rapeli <mikko.rapeli@linaro.org>
> > +Date: Mon, 15 Jan 2024 09:26:56 +0000
> > +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
> > +
> > +If firmware is configured with TPM support but it's missing
> > +on HW, e.g. swtpm not started and/or configured with qemu,
> > +then continue booting. Missing TPM is not a fatal error.
> > +Enables testing boot without TPM device to see that
> > +missing TPM is detected further up the SW stack and correct
> > +fallback actions are taken.
> > +
> > +Upstream-Status: Pending
> > +
> > +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > +---
> > + plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
> > + 1 file changed, 2 insertions(+), 1 deletion(-)
> > +
> > +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
> > +index 122bb23b14..731b081c47 100644
> > +--- a/plat/qemu/qemu/qemu_measured_boot.c
> > ++++ b/plat/qemu/qemu/qemu_measured_boot.c
> > +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
> > + 		 * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
> > + 		 * secure Event Log buffer address.
> > + 		 */
> > +-		panic();
> > ++		ERROR("Ignoring TPM errors, continuing without\n");
> > ++		return;
> > + 	}
> > + 
> > + 	/* Copy Event Log to Non-secure memory */
> > +-- 
> > +2.34.1
> > +
> > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > index b30ac725..13942dbb 100644
> > --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > @@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
> >  SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
> >  
> >  LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
> > +
> > +# continue to boot also without TPM
> > +SRC_URI += "\
> > +    file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
> > +"
> > -- 
> > 2.34.1
> > 
> > 

Re: [meta-arm] [PATCH 2/2] optee-ftpm: enumerate also without tee-supplicant

[Sumit Garg]

Hi Mikko,

On Wed, 17 Apr 2024 at 04:08, Mikko Rapeli via lists.yoctoproject.org
<mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
>
> Userspace like systemd boot manager would need to know
> how to find TPM and fTPM devices for rootfs encryption.
> Thus expose an fTPM TA enumeration also without tee-supplicant

fTPM TA due to secure storage requirements needs a tee-supplicant to
be up and running for a successful kernel driver probe. So CI failure
is expected as you see in the other thread.

So it's a chicken and egg situation for your rootfs encryption
use-case. I suppose once the RPMB subsystem [1] makes its way into the
mainline kernel then the dependency on tee-supplicant can be dropped.

[1] https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/thread/6A62HMDQST2O3T2UGGN6UPXZKLKLUNM4/

-Sumit

> so that early boot managers can start tee-supplicant and
> wait for the fTPM device before continuing with TPM2
> use cases.
>
> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> ---
>  .../optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch       | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
> index 7c61105b..175875c1 100644
> --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
> @@ -21,7 +21,7 @@ index 92c33c1..e83619d 100644
>   #define TA_UUID                     TA_FTPM_UUID
>
>  -#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE)
> -+#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
> ++#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM )
>   #define TA_STACK_SIZE               (64 * 1024)
>   #define TA_DATA_SIZE                (32 * 1024)
>
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#5555): https://lists.yoctoproject.org/g/meta-arm/message/5555
> Mute This Topic: https://lists.yoctoproject.org/mt/105574761/1777089
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [sumit.garg@linaro.org]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [meta-arm] [PATCH 2/2] optee-ftpm: enumerate also without tee-supplicant

[Mikko Rapeli]

Hi,

On Mon, Apr 22, 2024 at 01:02:49AM -0700, Sumit Garg wrote:
> Hi Mikko,
> 
> On Wed, 17 Apr 2024 at 04:08, Mikko Rapeli via lists.yoctoproject.org
> <mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
> >
> > Userspace like systemd boot manager would need to know
> > how to find TPM and fTPM devices for rootfs encryption.
> > Thus expose an fTPM TA enumeration also without tee-supplicant
> 
> fTPM TA due to secure storage requirements needs a tee-supplicant to
> be up and running for a successful kernel driver probe. So CI failure
> is expected as you see in the other thread.
> 
> So it's a chicken and egg situation for your rootfs encryption
> use-case. I suppose once the RPMB subsystem [1] makes its way into the
> mainline kernel then the dependency on tee-supplicant can be dropped.
> 
> [1] https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/thread/6A62HMDQST2O3T2UGGN6UPXZKLKLUNM4/

Yes, optee and kernel RPMB support without tee-supplicant in userspace are
the reason why I'm testing changes like this. I actually have both the
optee and kernel changes applied in the setup I'm testing and am trying to
upstream some of the changes. It can be that this fTPM enumeration change
doesn't work without the optee and kernel RPMB changes. For testing
purposes the tf-a change is very nice to have so that qemu boot with
and without swtpm can be tested. I'll look into details of this fTPM enumeration
related error.

Cheers,

-Mikko

Re: [PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[Jon Mason]

On Mon, Apr 22, 2024 at 10:29:01AM +0300, Mikko Rapeli wrote:
> Hi,
> 
> On Sat, Apr 20, 2024 at 06:40:54PM -0400, Jon Mason wrote:
> > On Wed, Apr 17, 2024 at 02:07:21PM +0300, Mikko Rapeli wrote:
> > > All other firmware boot components also continue booting
> > > if TPM is not found. It is up to subsequent SW components
> > > to e.g. fail if rootfs can't be decrypted. Enables policies
> > > like fall back to unencrypted rootfs if TPM device is
> > > not found with qemu and swtpm.
> > > 
> > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > 
> > This series is failing on all instances of qemuarm64-secureboot and
> > qemuarm-secureboot.  You can see it on my gitlab CI at:
> > https://gitlab.com/jonmason00/meta-arm/-/pipelines/1261200728
> > 
> > All of them appear to be due to detecting the following error (snipped
> > from the dmesg of the errorlog):
> > optee-ftpm optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896: ftpm_tee_probe: tee_client_open_session failed, err=ffff3024
> > optee-ftpm: probe of optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896 failed with error -22
> 
> Bummer, checking what I missed here.
> 
> Did optee-test/xtest run and possibly pass despite of this? I don't see this from the logs.

optee-test is only being compiled, not being run as part of CI
(patches very much wanted and welcomed).  So, nothing exciting here
except the kernel trying to load the modules and erroring out.

Thanks,
Jon

> 
> Cheers,
> 
> -Mikko
> 
> > Thanks,
> > Jon
> > 
> > > ---
> > >  ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 +++++++++++++++++++
> > >  .../trusted-firmware-a_2.10.3.bb              |  5 +++
> > >  2 files changed, 41 insertions(+)
> > >  create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > > 
> > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > > new file mode 100644
> > > index 00000000..2d189d8e
> > > --- /dev/null
> > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
> > > @@ -0,0 +1,36 @@
> > > +From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
> > > +From: Mikko Rapeli <mikko.rapeli@linaro.org>
> > > +Date: Mon, 15 Jan 2024 09:26:56 +0000
> > > +Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
> > > +
> > > +If firmware is configured with TPM support but it's missing
> > > +on HW, e.g. swtpm not started and/or configured with qemu,
> > > +then continue booting. Missing TPM is not a fatal error.
> > > +Enables testing boot without TPM device to see that
> > > +missing TPM is detected further up the SW stack and correct
> > > +fallback actions are taken.
> > > +
> > > +Upstream-Status: Pending
> > > +
> > > +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > > +---
> > > + plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
> > > + 1 file changed, 2 insertions(+), 1 deletion(-)
> > > +
> > > +diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
> > > +index 122bb23b14..731b081c47 100644
> > > +--- a/plat/qemu/qemu/qemu_measured_boot.c
> > > ++++ b/plat/qemu/qemu/qemu_measured_boot.c
> > > +@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
> > > + 		 * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
> > > + 		 * secure Event Log buffer address.
> > > + 		 */
> > > +-		panic();
> > > ++		ERROR("Ignoring TPM errors, continuing without\n");
> > > ++		return;
> > > + 	}
> > > + 
> > > + 	/* Copy Event Log to Non-secure memory */
> > > +-- 
> > > +2.34.1
> > > +
> > > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > > index b30ac725..13942dbb 100644
> > > --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
> > > @@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
> > >  SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
> > >  
> > >  LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
> > > +
> > > +# continue to boot also without TPM
> > > +SRC_URI += "\
> > > +    file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
> > > +"
> > > -- 
> > > 2.34.1
> > > 
> > > 
> 

Re: [PATCH 1/2] trusted-firmware-a: continue if TPM device is missing

[Mikko Rapeli]

Hi,

On Tue, Apr 23, 2024 at 02:21:12PM -0400, Jon Mason wrote:
> On Mon, Apr 22, 2024 at 10:29:01AM +0300, Mikko Rapeli wrote:
> > Hi,
> > 
> > On Sat, Apr 20, 2024 at 06:40:54PM -0400, Jon Mason wrote:
> > > On Wed, Apr 17, 2024 at 02:07:21PM +0300, Mikko Rapeli wrote:
> > > > All other firmware boot components also continue booting
> > > > if TPM is not found. It is up to subsequent SW components
> > > > to e.g. fail if rootfs can't be decrypted. Enables policies
> > > > like fall back to unencrypted rootfs if TPM device is
> > > > not found with qemu and swtpm.
> > > > 
> > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> > > 
> > > This series is failing on all instances of qemuarm64-secureboot and
> > > qemuarm-secureboot.  You can see it on my gitlab CI at:
> > > https://gitlab.com/jonmason00/meta-arm/-/pipelines/1261200728
> > > 
> > > All of them appear to be due to detecting the following error (snipped
> > > from the dmesg of the errorlog):
> > > optee-ftpm optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896: ftpm_tee_probe: tee_client_open_session failed, err=ffff3024
> > > optee-ftpm: probe of optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896 failed with error -22
> > 
> > Bummer, checking what I missed here.
> > 
> > Did optee-test/xtest run and possibly pass despite of this? I don't see this from the logs.
> 
> optee-test is only being compiled, not being run as part of CI
> (patches very much wanted and welcomed).  So, nothing exciting here
> except the kernel trying to load the modules and erroring out.

Ok. I managed to reproduce this issue and also saw that optee-test xtest was
failing on the core-image-base. The image needs

IMAGE_INSTALL:append = " optee-client optee-os-ta optee-test"

and then optee-test/xtest passes. So optee itself is working and fine.

What exact config and commands does the CI job run? I could provide
the patches for optee-test/xtest.

Looking into the ftpm kernel error now...

Cheers,

-Mikko

[PATCH v2 0/6] TPM and fTPM test

[Mikko Rapeli]

v1: https://lists.yoctoproject.org/g/meta-arm/topic/105574754

v2: Dropped "optee-ftpm: enumerate also without tee-supplicant" since it
    depends on not-yet-merged kernel and optee patches. Added optee and
    ftpm tests which now pass on qemuarm-secureboot and
    qemuarm64-secureboot machines.

Mikko Rapeli (6):
  trusted-firmware-a: continue if TPM device is missing
  optee-os: inrease heap size with fTPM
  oeqa runtime: add optee.py test
  oeqa runtime: add ftpm.py test
  ci/qemuarm64-secureboot.yml: install optee and test both optee and
    ftpm
  ci/qemuarm-secureboot.yml: install optee and test both optee and ftpm

 ci/qemuarm-secureboot.yml                     |  8 ++--
 ci/qemuarm64-secureboot.yml                   |  8 ++--
 meta-arm/lib/oeqa/runtime/cases/ftpm.py       | 41 +++++++++++++++++++
 meta-arm/lib/oeqa/runtime/cases/optee.py      | 24 +++++++++++
 ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 ++++++++++++++++
 .../trusted-firmware-a_2.10.3.bb              |  5 +++
 .../optee-ftpm/optee-os_%.bbappend            | 16 +++-----
 7 files changed, 122 insertions(+), 16 deletions(-)
 create mode 100644 meta-arm/lib/oeqa/runtime/cases/ftpm.py
 create mode 100644 meta-arm/lib/oeqa/runtime/cases/optee.py
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch

-- 
2.34.1

[PATCH 1/6] trusted-firmware-a: continue if TPM device is missing

[Mikko Rapeli]

All other firmware boot components also continue booting
if TPM is not found. It is up to subsequent SW components
to e.g. fail if rootfs can't be decrypted. Enables policies
like fall back to unencrypted rootfs if TPM device is
not found with qemu and swtpm.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 ...ot.c-ignore-TPM-error-and-continue-w.patch | 36 +++++++++++++++++++
 .../trusted-firmware-a_2.10.3.bb              |  5 +++
 2 files changed, 41 insertions(+)
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch

diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
new file mode 100644
index 00000000..2d189d8e
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
@@ -0,0 +1,36 @@
+From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Mon, 15 Jan 2024 09:26:56 +0000
+Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
+
+If firmware is configured with TPM support but it's missing
+on HW, e.g. swtpm not started and/or configured with qemu,
+then continue booting. Missing TPM is not a fatal error.
+Enables testing boot without TPM device to see that
+missing TPM is detected further up the SW stack and correct
+fallback actions are taken.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
+index 122bb23b14..731b081c47 100644
+--- a/plat/qemu/qemu/qemu_measured_boot.c
++++ b/plat/qemu/qemu/qemu_measured_boot.c
+@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
+ 		 * Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
+ 		 * secure Event Log buffer address.
+ 		 */
+-		panic();
++		ERROR("Ignoring TPM errors, continuing without\n");
++		return;
+ 	}
+ 
+ 	/* Copy Event Log to Non-secure memory */
+-- 
+2.34.1
+
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
index b30ac725..13942dbb 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
@@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
 SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
 
 LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+# continue to boot also without TPM
+SRC_URI += "\
+    file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
+"
-- 
2.34.1

[PATCH 2/6] optee-os: inrease heap size with fTPM

[Mikko Rapeli]

If firmware TPM TA is compiled into optee, it needs a bit more
heap to pass optee-test/xtest suite.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 .../optee-ftpm/optee-os_%.bbappend               | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
index 4829bc10..31be0e8f 100644
--- a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
+++ b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
@@ -1,15 +1,11 @@
 FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
 
 DEPENDS:append = "\
-                  ${@bb.utils.contains('MACHINE_FEATURES', \
-                 'optee-ftpm', \
-                 'optee-ftpm', \
-                 '' , \
-                 d)}"
+    ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', 'optee-ftpm', '' , d)} \
+"
 
 EXTRA_OEMAKE:append = "\
-                       ${@bb.utils.contains('MACHINE_FEATURES', \
-                      'optee-ftpm', \
-                      'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \
-                      '', \
-                      d)} "
+    ${@bb.utils.contains('MACHINE_FEATURES', 'optee-ftpm', \
+        'CFG_CORE_HEAP_SIZE=131072 CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \
+        '', d)} \
+"
-- 
2.34.1

[PATCH 3/6] oeqa runtime: add optee.py test

[Mikko Rapeli]

The test runs xtest test suite from optee-tests package.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta-arm/lib/oeqa/runtime/cases/optee.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 meta-arm/lib/oeqa/runtime/cases/optee.py

diff --git a/meta-arm/lib/oeqa/runtime/cases/optee.py b/meta-arm/lib/oeqa/runtime/cases/optee.py
new file mode 100644
index 00000000..0a0bc31e
--- /dev/null
+++ b/meta-arm/lib/oeqa/runtime/cases/optee.py
@@ -0,0 +1,24 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.oetimeout import OETimeout
+
+class OpteeTestSuite(OERuntimeTestCase):
+    """
+    Run OP-TEE tests (xtest).
+    """
+    @OETimeout(800)
+    @OEHasPackage(['optee-test'])
+    def test_opteetest_xtest(self):
+        # clear storage before executing tests
+        cmd = "xtest --clear-storage || true"
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+        cmd = "xtest"
+        status, output = self.target.run(cmd, timeout=600)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
-- 
2.34.1

[PATCH 4/6] oeqa runtime: add ftpm.py test

[Mikko Rapeli]

Test checks that ftpm kernel driver interfaces are available.
If fTPM optee TA is missing or crashes, the kernel driver does not
show the interfaces. A more functional tests would be to use tpm2-tools
from meta-security/meta-tpm but those require additional layer
dependencies which are maybe too much for now. tpm2-tools also depend
on starting tpm2-abrmd before the tools work. The ftpm kernel driver
depends on fully running tee-supplicant in userspace and the optee
side ftpm TA which takes some time. When manually running the tests
some of them failed since ftpm was not yet initialized. The boot
was not complete in those cases so added a workaround for that.
Better would be for all of the tests to start only once boot is
complete, not when ssh is available. Also, the qemuarm64-secureboot
machine includes optee and ftpm TA but does u-boot is not configured
to use the TPM device so boot is not measured.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta-arm/lib/oeqa/runtime/cases/ftpm.py | 41 +++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 meta-arm/lib/oeqa/runtime/cases/ftpm.py

diff --git a/meta-arm/lib/oeqa/runtime/cases/ftpm.py b/meta-arm/lib/oeqa/runtime/cases/ftpm.py
new file mode 100644
index 00000000..1fd3cf88
--- /dev/null
+++ b/meta-arm/lib/oeqa/runtime/cases/ftpm.py
@@ -0,0 +1,41 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.oetimeout import OETimeout
+
+class FtpmTestSuite(OERuntimeTestCase):
+    """
+    Minimal test for optee-ftpm and ftpm kernel driver interfaces
+    """
+    @OETimeout(200)
+    def test_ftpm(self):
+        # device files, need tee-supplicant fully initialized which takes some time
+        # and tests seem to run before boot is complete
+        cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 10; ls -l /dev/tpm0 /dev/tpmrm0 )"
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # tpm version
+        cmd = "cat /sys/class/tpm/tpm0/tpm_version_major"
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+        self.assertEqual(output, "2", msg='\n'.join([cmd, output]))
+
+        # sha384 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # sha256 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # sha1 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
-- 
2.34.1

[PATCH 5/6] ci/qemuarm64-secureboot.yml: install optee and test both optee and ftpm

[Mikko Rapeli]

optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 18
seconds and 430 seconds for optee-test/xtest on an x86_64 build machine.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 ci/qemuarm64-secureboot.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ci/qemuarm64-secureboot.yml b/ci/qemuarm64-secureboot.yml
index c4943cb6..bfd482b9 100644
--- a/ci/qemuarm64-secureboot.yml
+++ b/ci/qemuarm64-secureboot.yml
@@ -7,6 +7,8 @@ machine: qemuarm64-secureboot
 
 target:
   - core-image-base
-  - optee-examples
-  - optee-test
-  - optee-os-tadevkit
+
+local_conf_header:
+  optee: |
+    IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
+    TEST_SUITES:append = " optee ftpm"
-- 
2.34.1

[PATCH 6/6] ci/qemuarm-secureboot.yml: install optee and test both optee and ftpm

[Mikko Rapeli]

optee-os test xtest needs additional test trusted applications (TA) from
optee-os-ta package to pass. Execution time for ftpm test is around 21
seconds and 596 seconds for optee-test/xtest on an x86_64 build machine.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 ci/qemuarm-secureboot.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ci/qemuarm-secureboot.yml b/ci/qemuarm-secureboot.yml
index 97e99039..f0d136c8 100644
--- a/ci/qemuarm-secureboot.yml
+++ b/ci/qemuarm-secureboot.yml
@@ -7,6 +7,8 @@ machine: qemuarm-secureboot
 
 target:
   - core-image-base
-  - optee-examples
-  - optee-test
-  - optee-os-tadevkit
+
+local_conf_header:
+  optee: |
+    IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
+    TEST_SUITES:append = " optee ftpm"
-- 
2.34.1

Re: [PATCH 2/2] optee-ftpm: enumerate also without tee-supplicant

[Mikko Rapeli]

Hi,

On Wed, Apr 17, 2024 at 02:07:22PM +0300, Mikko Rapeli wrote:
> Userspace like systemd boot manager would need to know
> how to find TPM and fTPM devices for rootfs encryption.
> Thus expose an fTPM TA enumeration also without tee-supplicant
> so that early boot managers can start tee-supplicant and
> wait for the fTPM device before continuing with TPM2

Please ignore this patch. It depends on kernel and optee
patches and depends on RPMB availability which on qemu is simulated
by tee-supplicant making the patch wrong for qemu targets.

Cheers,

-Mikko

Re: [PATCH v2 0/6] TPM and fTPM test

[Jon Mason]

On Tue, 30 Apr 2024 15:37:26 +0300, Mikko Rapeli wrote:
> v1: https://lists.yoctoproject.org/g/meta-arm/topic/105574754
> 
> v2: Dropped "optee-ftpm: enumerate also without tee-supplicant" since it
>     depends on not-yet-merged kernel and optee patches. Added optee and
>     ftpm tests which now pass on qemuarm-secureboot and
>     qemuarm64-secureboot machines.
> 
> [...]

Applied, thanks!

[1/6] trusted-firmware-a: continue if TPM device is missing
      commit: 0923cc8a20a2ef87c57a560dc8ab884d90bf9c1f
[2/6] optee-os: inrease heap size with fTPM
      commit: 1dad884ac002a1e24cc62ef02a43315c3aee01be
[3/6] oeqa runtime: add optee.py test
      commit: d4507866677c3d32d5b862de141b36c26f275ee8
[4/6] oeqa runtime: add ftpm.py test
      commit: ba315f7242e0edb103c1fd836014789fe8cf938e
[5/6] ci/qemuarm64-secureboot.yml: install optee and test both optee and ftpm
      commit: 70e7f64af6cb71009163eddf7161f29bc9f6e618
[6/6] ci/qemuarm-secureboot.yml: install optee and test both optee and ftpm
      commit: c43f173276957ba43f8aba892e7e531eeed20afe

Best regards,
-- 
Jon Mason <jon.mason@arm.com>