Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 839 bytes --]

TCS Confidential

Hi,

Trying to see how to get swtpm working as a virtual TPM and connect to openBMC on QEMU. How do we achieve this? Main idea is to get this working and make secure boot through the virtual TPM(swtpm).

Thanks,
Sandeep.


TCS Confidential
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



[-- Attachment #2: Type: text/html, Size: 2809 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Cédric Le Goater]

Hello,

On 4/5/23 14:48, Sandeep Kumar wrote:
> TCS Confidential
> 
> 
> Hi,
> 
> Trying to see how to get swtpm working as a virtual TPM and connect to openBMC on QEMU. How do we achieve this? Main idea is to get this working and make secure boot through the virtual TPM(swtpm).

Ninad did a nice how to :

   https://lore.kernel.org/qemu-devel/20230331161319.2250334-4-ninadpalsule@us.ibm.com/

If you want to try, the patches are on this branch :

   https://github.com/legoater/qemu/commits/aspeed-8.0

and they should reach the QEMU OpenBMC repo at some point in time.


Joel also provided a simple test case :

   https://lore.kernel.org/qemu-devel/20230328120844.190914-1-joel@jms.id.au/

using the ast2600-evb machine.

Cheers,

C.

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi C,

Thanks for sharing the info.  We have started working on it. Could you please point to the exact patches that needs to be applied on openBMC Qemu ? There are too many patches to choose from.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org>
Sent: Wednesday, April 5, 2023 7:25 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

Hello,

On 4/5/23 14:48, Sandeep Kumar wrote:
> TCS Confidential
>
>
> Hi,
>
> Trying to see how to get swtpm working as a virtual TPM and connect to openBMC on QEMU. How do we achieve this? Main idea is to get this working and make secure boot through the virtual TPM(swtpm).

Ninad did a nice how to :

   https://lore.kernel.org/qemu-devel/20230331161319.2250334-4-ninadpalsule@us.ibm.com/

If you want to try, the patches are on this branch :

   https://github.com/legoater/qemu/commits/aspeed-8.0

and they should reach the QEMU OpenBMC repo at some point in time.


Joel also provided a simple test case :

   https://lore.kernel.org/qemu-devel/20230328120844.190914-1-joel@jms.id.au/

using the ast2600-evb machine.

Cheers,

C.

 TCS Confidential
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Cédric Le Goater]

On 4/12/23 07:12, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi C,
> 
> Thanks for sharing the info.  We have started working on it. Could you please point to the exact patches that needs to be applied on openBMC Qemu ? There are too many patches to choose from.

Just use my branch for now. OpenBMC QEMU is outdated.
We'll resync when 8.0 is out

Thanks,

C.

> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org>
> Sent: Wednesday, April 5, 2023 7:25 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> Hello,
> 
> On 4/5/23 14:48, Sandeep Kumar wrote:
>> TCS Confidential
>>
>>
>> Hi,
>>
>> Trying to see how to get swtpm working as a virtual TPM and connect to openBMC on QEMU. How do we achieve this? Main idea is to get this working and make secure boot through the virtual TPM(swtpm).
> 
> Ninad did a nice how to :
> 
>     https://lore.kernel.org/qemu-devel/20230331161319.2250334-4-ninadpalsule@us.ibm.com/
> 
> If you want to try, the patches are on this branch :
> 
>     https://github.com/legoater/qemu/commits/aspeed-8.0
> 
> and they should reach the QEMU OpenBMC repo at some point in time.
> 
> 
> Joel also provided a simple test case :
> 
>     https://lore.kernel.org/qemu-devel/20230328120844.190914-1-joel@jms.id.au/
> 
> using the ast2600-evb machine.
> 
> Cheers,
> 
> C.
> 
>   TCS Confidential
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
> 
> 

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 4263 bytes --]

TCS Confidential


Hi C,

Built the qemu from your branch. Few issues,

      $ ./qemu-system-arm -m 256 -M romulus-bmc -nographic -drive file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:127.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu
      qemu-system-arm: -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:127.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu: network backend 'user' is not compiled into this binary


I didn’t enable the slirp package I guess. So enabled it while running configure,

      $ ../configure --enable-slirp
      ........
      Run-time dependency slirp found: NO (tried pkgconfig)

      ../meson.build:681:2: ERROR: Dependency "slirp" not found, tried pkgconfig

      A full log can be found at /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/meson-log.txt
      NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0, Meson will require Python 3.7 or newer

      ERROR: meson setup failed


I have already installed slirp locally, but still getting the above error.

Please do let let me know your comments.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org>
Sent: Wednesday, April 12, 2023 8:43 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

On 4/12/23 07:12, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi C,
>
> Thanks for sharing the info.  We have started working on it. Could you please point to the exact patches that needs to be applied on openBMC Qemu ? There are too many patches to choose from.

Just use my branch for now. OpenBMC QEMU is outdated.
We'll resync when 8.0 is out

Thanks,

C.

>
> Thanks,
> Sandeep.
>
> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>
> Sent: Wednesday, April 5, 2023 7:25 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>;
> Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>;
> Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
> Hello,
>
> On 4/5/23 14:48, Sandeep Kumar wrote:
>> TCS Confidential
>>
>>
>> Hi,
>>
>> Trying to see how to get swtpm working as a virtual TPM and connect to openBMC on QEMU. How do we achieve this? Main idea is to get this working and make secure boot through the virtual TPM(swtpm).
>
> Ninad did a nice how to :
>
>
> https://lore.kernel.org/qemu-devel/20230331161319.2250334-4-ninadpalsu
> le@us.ibm.com/<mailto:le@us.ibm.com/>
>
> If you want to try, the patches are on this branch :
>
>     https://github.com/legoater/qemu/commits/aspeed-8.0
>
> and they should reach the QEMU OpenBMC repo at some point in time.
>
>
> Joel also provided a simple test case :
>
>
> https://lore.kernel.org/qemu-devel/20230328120844.190914-1-joel@jms.id
> .au/
>
> using the ast2600-evb machine.
>
> Cheers,
>
> C.
>
>   TCS Confidential
> =====-----=====-----=====
> Notice: The information contained in this e-mail message and/or
> attachments to it may contain confidential or privileged information.
> If you are not the intended recipient, any dissemination, use, review,
> distribution, printing or copying of the information contained in this
> e-mail message and/or attachments to it are strictly prohibited. If
> you have received this communication in error, please notify us by
> reply e-mail or telephone and immediately and permanently delete the
> message and any attachments. Thank you
>
>




TCS Confidential

[-- Attachment #2: Type: text/html, Size: 15819 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Cédric Le Goater]

Hello Sandeep

On 4/18/23 09:45, Sandeep Kumar wrote:
> TCS Confidential
> 
> Hi C,
> Built the qemu from your branch. Few issues,
> *$ ./qemu-system-arm -m 256 -M romulus-bmc -nographic -drive file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:127.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> *qemu-system-arm: -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:127.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu: network backend 'user' is not compiled into this binary*
> I didn’t enable the slirp package I guess. So enabled it while running configure,
> *$ ../configure --enable-slirp*
> *........*
> *Run-time dependency slirp found: NO (tried pkgconfig)*
> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried pkgconfig*
> *A full log can be found at /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/meson-log.txt*
> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0, Meson will require Python 3.7 or newer*
> *ERROR: meson setup failed*
> I have already installed slirp locally, but still getting the above error.


Did you install the libslirp-dev or libslirp-devel package ?

C.

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi C,

Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org>
Sent: Wednesday, April 19, 2023 2:26 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

Hello Sandeep

On 4/18/23 09:45, Sandeep Kumar wrote:
> TCS Confidential
>
> Hi C,
> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
> 256 -M romulus-bmc -nographic -drive
> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
> nic -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> *qemu-system-arm: -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> network backend 'user' is not compiled into this binary* I didn’t
> enable the slirp package I guess. So enabled it while running
> configure, *$ ../configure --enable-slirp*
> *........*
> *Run-time dependency slirp found: NO (tried pkgconfig)*
> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
> pkgconfig* *A full log can be found at
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
> son-log.txt*
> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0,
> Meson will require Python 3.7 or newer*
> *ERROR: meson setup failed*
> I have already installed slirp locally, but still getting the above error.


Did you install the libslirp-dev or libslirp-devel package ?

C.


 TCS Confidential
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 3684 bytes --]

TCS Confidential


Hi C,

How to build this image =>  obmc-phosphor-image.rootfs.wic.qcow2 ? In openBmc build directory we don’t get this image built.

Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .

Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
1. . setup Romulus
2. bitbake obmc-phosphor-image

Thanks,
Sandeep.

-----Original Message-----
From: Sandeep Kumar
Sent: Wednesday, April 19, 2023 3:00 PM
To: Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Hi C,

Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>
Sent: Wednesday, April 19, 2023 2:26 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

Hello Sandeep

On 4/18/23 09:45, Sandeep Kumar wrote:
> TCS Confidential
>
> Hi C,
> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
> 256 -M romulus-bmc -nographic -drive
> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
> nic -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> *qemu-system-arm: -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> network backend 'user' is not compiled into this binary* I didn’t
> enable the slirp package I guess. So enabled it while running
> configure, *$ ../configure --enable-slirp*
> *........*
> *Run-time dependency slirp found: NO (tried pkgconfig)*
> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
> pkgconfig* *A full log can be found at
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
> son-log.txt*
> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0,
> Meson will require Python 3.7 or newer*
> *ERROR: meson setup failed*
> I have already installed slirp locally, but still getting the above error.


Did you install the libslirp-dev or libslirp-devel package ?

C.




TCS Confidential
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



[-- Attachment #2: Type: text/html, Size: 10604 bytes --]

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 4454 bytes --]

TCS Confidential

Hi C,

Would appreciate any help on my earlier query(i.e., generating obmc-phosphor-image.rootfs.wic.qcow2 image).

Thanks,
Sandeep.

From: openbmc <openbmc-bounces+sandeep.pkumar=tcs.com@lists.ozlabs.org> On Behalf Of Sandeep Kumar
Sent: Thursday, April 20, 2023 5:45 PM
To: Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu


TCS Confidential

"External email. Open with Caution"
TCS Confidential


Hi C,

How to build this image =>  obmc-phosphor-image.rootfs.wic.qcow2 ? In openBmc build directory we don’t get this image built.

Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .

Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
1. . setup Romulus
2. bitbake obmc-phosphor-image

Thanks,
Sandeep.

-----Original Message-----
From: Sandeep Kumar
Sent: Wednesday, April 19, 2023 3:00 PM
To: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Hi C,

Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>
Sent: Wednesday, April 19, 2023 2:26 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

Hello Sandeep

On 4/18/23 09:45, Sandeep Kumar wrote:
> TCS Confidential
>
> Hi C,
> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
> 256 -M romulus-bmc -nographic -drive
> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
> nic -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> *qemu-system-arm: -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> network backend 'user' is not compiled into this binary* I didn’t
> enable the slirp package I guess. So enabled it while running
> configure, *$ ../configure --enable-slirp*
> *........*
> *Run-time dependency slirp found: NO (tried pkgconfig)*
> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
> pkgconfig* *A full log can be found at
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
> son-log.txt*
> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0,
> Meson will require Python 3.7 or newer*
> *ERROR: meson setup failed*
> I have already installed slirp locally, but still getting the above error.


Did you install the libslirp-dev or libslirp-devel package ?

C.


TCS Confidential

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you


TCS Confidential


TCS Confidential

[-- Attachment #2: Type: text/html, Size: 14471 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Patrick Williams]

[-- Attachment #1: Type: text/plain, Size: 1011 bytes --]

On Tue, Apr 25, 2023 at 03:40:52AM +0000, Sandeep Kumar wrote:
> 
> Would appreciate any help on my earlier query(i.e., generating obmc-phosphor-image.rootfs.wic.qcow2 image).
> How to build this image =>  obmc-phosphor-image.rootfs.wic.qcow2 ? In openBmc build directory we don’t get this image built.
> 
> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> 
> Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
> 1. . setup Romulus
> 2. bitbake obmc-phosphor-image

I don't understand what you're building and why you're looking for a WIC
image.  You said you were building Romulus, which doesn't use WIC, but
then you referenced a Rainier DTB.

WIC is used for eMMC devices.  MTD is used for SPI-NOR devices.  Romulus
is a SPI-NOR machine.

-- 
Patrick Williams

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 5432 bytes --]

TCS Confidential


Hi C,

I was able to build and run the image(for evb-ast2600) with swtpm. Few issues observed,

1.      If I run with the flash.img provided in your github link(https://github.com/legoater/qemu-aspeed-boot/tree/master/images) everything works as expected, i.e I get the below output.
      # echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
      [  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
      [  182.773885] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
      #
      #
      # cat /sys/class/tpm/tpm0/pcr-sha256/0
      B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0
      #
      #

2.      If I run it with the locally built image, I get this error,
      root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
      [  174.063597] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
      root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0
      cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or directory
      root@evb-ast2600:~#
      root@evb-ast2600:~#

      Please do let me know about what has been done to write the values into “/sys/class/tpm/tpm0/pcr-sha256/0” .
Thanks,
Sandeep.

_____________________________________________
From: Sandeep Kumar
Sent: Thursday, April 20, 2023 5:45 PM
To: Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu


Hi C,

How to build this image =>  obmc-phosphor-image.rootfs.wic.qcow2 ? In openBmc build directory we don’t get this image built.

Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .

Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
1. . setup Romulus
2. bitbake obmc-phosphor-image

Thanks,
Sandeep.

-----Original Message-----
From: Sandeep Kumar
Sent: Wednesday, April 19, 2023 3:00 PM
To: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Hi C,

Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.

Thanks,
Sandeep.

-----Original Message-----
From: Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>
Sent: Wednesday, April 19, 2023 2:26 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

Hello Sandeep

On 4/18/23 09:45, Sandeep Kumar wrote:
> TCS Confidential
>
> Hi C,
> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
> 256 -M romulus-bmc -nographic -drive
> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
> nic -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> *qemu-system-arm: -net
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> network backend 'user' is not compiled into this binary* I didn’t
> enable the slirp package I guess. So enabled it while running
> configure, *$ ../configure --enable-slirp*
> *........*
> *Run-time dependency slirp found: NO (tried pkgconfig)*
> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
> pkgconfig* *A full log can be found at
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
> son-log.txt*
> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0,
> Meson will require Python 3.7 or newer*
> *ERROR: meson setup failed*
> I have already installed slirp locally, but still getting the above error.


Did you install the libslirp-dev or libslirp-devel package ?

C.




TCS Confidential
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



[-- Attachment #2: Type: text/html, Size: 16027 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/4/23 05:12, Sandeep Kumar wrote:
> TCS Confidential Hi C, I was able to build and run the image(for evb-ast2600) with swtpm. Few issues observed, If I run with the flash. img provided in your github link(https: //github. com/legoater/qemu-aspeed-boot/tree/master/images) everything
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> TCS Confidential
> 
> Hi C,
> I was able to build and run the image(for evb-ast2600) with swtpm. Few issues observed,
> 
>  1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
> 
> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)*
> *[  182.773885] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*
> *#*
> *#*
> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
> *#*
> *#*
> 
>  2. If I run it with the locally built image, I get this error,

Is the kernel configured in the same way? Are you using the same kernel version?
> 
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> *[  174.063597] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*

What is the output of this?

find /sys/class/tpm | grep pcr

   Stefan

> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or directory*
> *root@evb-ast2600:~#*
> *root@evb-ast2600:~#*
> Please do let me know about what has been done to write the values into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . *
> Thanks,
> Sandeep.
> _____________________________________________
> *From:* Sandeep Kumar
> *Sent:* Thursday, April 20, 2023 5:45 PM
> *To:* Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> Hi C,
> How to build this image => *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
> 1. . setup Romulus
> 2. bitbake obmc-phosphor-image
> Thanks,
> Sandeep.
> -----Original Message-----
> From: Sandeep Kumar
> Sent: Wednesday, April 19, 2023 3:00 PM
> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org>>; _openbmc@lists.ozlabs.org_ <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com>>; Joel Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au>>; Andrew Jeffery <_andrew@aj.id.au_ <mailto:andrew@aj.id.au>>
> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> Hi C,
> Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.
> Thanks,
> Sandeep.
> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>
> Sent: Wednesday, April 19, 2023 2:26 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> "External email. Open with Caution"
> Hello Sandeep
> On 4/18/23 09:45, Sandeep Kumar wrote:
>> TCS Confidential
>> 
>> Hi C,
>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>> 256 -M romulus-bmc -nographic -drive
>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net 
>> nic -net 
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>> *qemu-system-arm: -net
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu: 
>> network backend 'user' is not compiled into this binary* I didn’t 
>> enable the slirp package I guess. So enabled it while running 
>> configure, *$ ../configure --enable-slirp*
>> *........*
>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>> pkgconfig* *A full log can be found at 
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
>> son-log.txt*
>> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0, 
>> Meson will require Python 3.7 or newer*
>> *ERROR: meson setup failed*
>> I have already installed slirp locally, but still getting the above error.
> Did you install the libslirp-dev or libslirp-devel package ?
> C.
> 
> TCS Confidential
> 
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
> 

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi Stefan,

Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
Ans:
        I am using the Kernel version coming with the latest openBMC without any changes.
        Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux

Stefan:  What is the output of this?  find /sys/class/tpm | grep pcr
Ams:     find: /sys/class/tpm: No such file or directory.

Could you please point to the right version of kernel which has all these changes ?


Thanks,
Sandeep.

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Thursday, May 4, 2023 7:30 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/4/23 05:12, Sandeep Kumar wrote:
> TCS Confidential Hi C, I was able to build and run the image(for
> evb-ast2600) with swtpm. Few issues observed, If I run with the flash. 
> img provided in your github link(https: //github. 
> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> TCS Confidential
>
> Hi C,
> I was able to build and run the image(for evb-ast2600) with swtpm. Few
> issues observed,
>
>  1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
>
> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id
> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e*
> *#*
> *#*
> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
> *#*
> *#*
>
>  2. If I run it with the locally built image, I get this error,

Is the kernel configured in the same way? Are you using the same kernel version?
>
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> /sys/bus/i2c/devices/i2c-12/new_device*
> *[  174.063597] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e*

What is the output of this?

find /sys/class/tpm | grep pcr

   Stefan

> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or
> directory*
> *root@evb-ast2600:~#*
> *root@evb-ast2600:~#*
> Please do let me know about what has been done to write the values
> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
> _____________________________________________
> *From:* Sandeep Kumar
> *Sent:* Thursday, April 20, 2023 5:45 PM
> *To:* Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad
> Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew
> Jeffery <andrew@aj.id.au>
> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on
> Qemu Hi C, How to build this image =>
> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> Please advise if we have to build openbmc stack in a different way
> than the standard procedure. We follow the below steps for build, 1. .
> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
> -----Original Message-----
> From: Sandeep Kumar
> Sent: Wednesday, April 19, 2023 3:00 PM
> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org>>;
> _openbmc@lists.ozlabs.org_ <mailto:openbmc@lists.ozlabs.org>; Ninad
> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com>>; Joel
> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au>>; Andrew Jeffery
> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au>>
> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> Hi C, Got it working. Looks like slirp is no longer supported on
> ubnutu 18.04. have upgraded to a newer version  and is working now.
> Thanks,
> Sandeep.
> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>
> Sent: Wednesday, April 19, 2023 2:26 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com
> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
> <mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au
> <mailto:andrew@aj.id.au>>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> "External email. Open with Caution"
> Hello Sandeep
> On 4/18/23 09:45, Sandeep Kumar wrote:
>> TCS Confidential
>>
>> Hi C,
>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>> 256 -M romulus-bmc -nographic -drive
>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
>> nic -net
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>> =
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>> 2
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>> *qemu-system-arm: -net
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>> =
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>> 2
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>> network backend 'user' is not compiled into this binary* I didn’t
>> enable the slirp package I guess. So enabled it while running
>> configure, *$ ../configure --enable-slirp*
>> *........*
>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>> pkgconfig* *A full log can be found at
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/m
>> e
>> son-log.txt*
>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>> v0.62.0, Meson will require Python 3.7 or newer*
>> *ERROR: meson setup failed*
>> I have already installed slirp locally, but still getting the above error.
> Did you install the libslirp-dev or libslirp-devel package ?
> C.
>
> TCS Confidential
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail message and/or
> attachments to it may contain confidential or privileged information.
> If you are not the intended recipient, any dissemination, use, review,
> distribution, printing or copying of the information contained in this
> e-mail message and/or attachments to it are strictly prohibited. If
> you have received this communication in error, please notify us by
> reply e-mail or telephone and immediately and permanently delete the
> message and any attachments. Thank you
>

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/5/23 01:40, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
> Ans:
>          I am using the Kernel version coming with the latest openBMC without any changes.
>          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
> 
> Stefan:  What is the output of this?  find /sys/class/tpm | grep pcr
> Ams:     find: /sys/class/tpm: No such file or directory.
> 
> Could you please point to the right version of kernel which has all these changes ?

I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.

Does this show any files?

find /sys | grep pcr

Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?

    Stefan


> 
> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 4, 2023 7:30 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> On 5/4/23 05:12, Sandeep Kumar wrote:
>> TCS Confidential Hi C, I was able to build and run the image(for
>> evb-ast2600) with swtpm. Few issues observed, If I run with the flash. 
>> img provided in your github link(https: //github. 
>> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>> ZjQcmQRYFpfptBannerEnd
>> TCS Confidential
>>
>> Hi C,
>> I was able to build and run the image(for evb-ast2600) with swtpm. Few
>> issues observed,
>>
>>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
>>
>> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
>> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id
>> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>> *#*
>> *#*
>> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>> *#*
>> *#*
>>
>>   2. If I run it with the locally built image, I get this error,
> 
> Is the kernel configured in the same way? Are you using the same kernel version?
>>
>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
> 
> What is the output of this?
> 
> find /sys/class/tpm | grep pcr
> 
>     Stefan
> 
>> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or
>> directory*
>> *root@evb-ast2600:~#*
>> *root@evb-ast2600:~#*
>> Please do let me know about what has been done to write the values
>> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>> _____________________________________________
>> *From:* Sandeep Kumar
>> *Sent:* Thursday, April 20, 2023 5:45 PM
>> *To:* Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad
>> Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew
>> Jeffery <andrew@aj.id.au>
>> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu Hi C, How to build this image =>
>> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>> Please advise if we have to build openbmc stack in a different way
>> than the standard procedure. We follow the below steps for build, 1. .
>> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>> -----Original Message-----
>> From: Sandeep Kumar
>> Sent: Wednesday, April 19, 2023 3:00 PM
>> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org>>;
>> _openbmc@lists.ozlabs.org_ <mailto:openbmc@lists.ozlabs.org>; Ninad
>> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com>>; Joel
>> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au>>; Andrew Jeffery
>> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au>>
>> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>> Hi C, Got it working. Looks like slirp is no longer supported on
>> ubnutu 18.04. have upgraded to a newer version  and is working now.
>> Thanks,
>> Sandeep.
>> -----Original Message-----
>> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>
>> Sent: Wednesday, April 19, 2023 2:26 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
>> <mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au
>> <mailto:andrew@aj.id.au>>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>> "External email. Open with Caution"
>> Hello Sandeep
>> On 4/18/23 09:45, Sandeep Kumar wrote:
>>> TCS Confidential
>>>
>>> Hi C,
>>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>>> 256 -M romulus-bmc -nographic -drive
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
>>> nic -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>> *qemu-system-arm: -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>> network backend 'user' is not compiled into this binary* I didn’t
>>> enable the slirp package I guess. So enabled it while running
>>> configure, *$ ../configure --enable-slirp*
>>> *........*
>>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>>> pkgconfig* *A full log can be found at
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/m
>>> e
>>> son-log.txt*
>>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>> v0.62.0, Meson will require Python 3.7 or newer*
>>> *ERROR: meson setup failed*
>>> I have already installed slirp locally, but still getting the above error.
>> Did you install the libslirp-dev or libslirp-devel package ?
>> C.
>>
>> TCS Confidential
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail message and/or
>> attachments to it may contain confidential or privileged information.
>> If you are not the intended recipient, any dissemination, use, review,
>> distribution, printing or copying of the information contained in this
>> e-mail message and/or attachments to it are strictly prohibited. If
>> you have received this communication in error, please notify us by
>> reply e-mail or telephone and immediately and permanently delete the
>> message and any attachments. Thank you
>>
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 10687 bytes --]

TCS Confidential


Hi Stefan,



Please find below my answers inline.



Thanks,

Sandeep.



-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Friday, May 5, 2023 6:56 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu



"External email. Open with Caution"





On 5/5/23 01:40, Sandeep Kumar wrote:

>   TCS Confidential

>

> Hi Stefan,

>

> Stefan: Is the kernel configured in the same way? Are you using the same kernel version?

> Ans:

>          I am using the Kernel version coming with the latest openBMC without any changes.

>          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP

> Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux

>

> Stefan:  What is the output of this?  find /sys/class/tpm | grep pcr

> Ams:     find: /sys/class/tpm: No such file or directory.

>

> Could you please point to the right version of kernel which has all these changes ?



I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.



Does this show any files?



find /sys | grep pcr



Sandeep: It doesn't show any files.

root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device

[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

root@evb-ast2600:~#

root@evb-ast2600:~# find /sys | grep pcr

root@evb-ast2600:~#



Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?



Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.  Output as below,



root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device

[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

root@evb-ast2600:~#

root@evb-ast2600:~# find /sys | grep pcr

root@evb-ast2600:~#

root@evb-ast2600:~# ls /dev/tpm*

ls: /dev/tpm*: No such file or directory

root@evb-ast2600:~# dmesg | grep -i tpm

[    6.290898] systemd[1]: systemd 253.1^ running in system mode (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2 -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT default-hierarchy=unified)

[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

root@evb-ast2600:~#



    Stefan





>

>

> Thanks,

> Sandeep.

>

> -----Original Message-----

> From: Stefan Berger <stefanb@linux.ibm.com<mailto:stefanb@linux.ibm.com>>

> Sent: Thursday, May 4, 2023 7:30 PM

> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

> <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule

> <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery

> <andrew@aj.id.au<mailto:andrew@aj.id.au>>

> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

>

> "External email. Open with Caution"

>

>

> On 5/4/23 05:12, Sandeep Kumar wrote:

>> TCS Confidential Hi C, I was able to build and run the image(for

>> evb-ast2600) with swtpm. Few issues observed, If I run with the

>> flash. img provided in your github link(https: //github.

>> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.

>> ZjQcmQRYFpfptBannerEnd

>> TCS Confidential

>>

>> Hi C,

>> I was able to build and run the image(for evb-ast2600) with swtpm.

>> Few issues observed,

>>

>>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.

>>

>> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*

>> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id

>> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device

>> tpm_tis_i2c at 0x2e*

>> *#*

>> *#*

>> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*

>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*

>> *#*

>> *#*

>>

>>   2. If I run it with the locally built image, I get this error,

>

> Is the kernel configured in the same way? Are you using the same kernel version?

>>

>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >

>> /sys/bus/i2c/devices/i2c-12/new_device*

>> *[  174.063597] i2c i2c-12: new_device: Instantiated device

>> tpm_tis_i2c at 0x2e*

>

> What is the output of this?

>

> find /sys/class/tpm | grep pcr

>

>     Stefan

>

>> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*

>> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or

>> directory*

>> *root@evb-ast2600:~#*

>> *root@evb-ast2600:~#*

>> Please do let me know about what has been done to write the values

>> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.

>> _____________________________________________

>> *From:* Sandeep Kumar

>> *Sent:* Thursday, April 20, 2023 5:45 PM

>> *To:* Cédric Le Goater <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>;

>> Ninad Palsule <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>;

>> Andrew Jeffery <andrew@aj.id.au<mailto:andrew@aj.id.au>>

>> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on

>> Qemu Hi C, How to build this image =>

>> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.

>> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .

>> Please advise if we have to build openbmc stack in a different way

>> than the standard procedure. We follow the below steps for build, 1. .

>> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.

>> -----Original Message-----

>> From: Sandeep Kumar

>> Sent: Wednesday, April 19, 2023 3:00 PM

>> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org<mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;

>> _openbmc@lists.ozlabs.org_<mailto:_openbmc@lists.ozlabs.org_> <mailto:openbmc@lists.ozlabs.org>; Ninad

>> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com<mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>; Joel

>> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au<mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery

>> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au<mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>

>> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on

>> Qemu Hi C, Got it working. Looks like slirp is no longer supported on

>> ubnutu 18.04. have upgraded to a newer version  and is working now.

>> Thanks,

>> Sandeep.

>> -----Original Message-----

>> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org<mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>

>> Sent: Wednesday, April 19, 2023 2:26 PM

>> To: Sandeep Kumar <sandeep.pkumar@tcs.com

>> <mailto:sandeep.pkumar@tcs.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>

>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule <ninad@linux.ibm.com

>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au

>> <mailto:jms@jms.id.au>>; Andrew Jeffery <andrew@aj.id.au

>> <mailto:andrew@aj.id.au>>

>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on

>> Qemu "External email. Open with Caution"

>> Hello Sandeep

>> On 4/18/23 09:45, Sandeep Kumar wrote:

>>> TCS Confidential

>>>

>>> Hi C,

>>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m

>>> 256 -M romulus-bmc -nographic -drive

>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net

>>> nic -net

>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw

>>> d

>>> =

>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:

>>> 1

>>> 2

>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*

>>> *qemu-system-arm: -net

>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw

>>> d

>>> =

>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:

>>> 1

>>> 2

>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:

>>> network backend 'user' is not compiled into this binary* I didn’t

>>> enable the slirp package I guess. So enabled it while running

>>> configure, *$ ../configure --enable-slirp*

>>> *........*

>>> *Run-time dependency slirp found: NO (tried pkgconfig)*

>>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried

>>> pkgconfig* *A full log can be found at

>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/

>>> m

>>> e

>>> son-log.txt*

>>> *NOTICE: You are using Python 3.6 which is EOL. Starting with

>>> v0.62.0, Meson will require Python 3.7 or newer*

>>> *ERROR: meson setup failed*

>>> I have already installed slirp locally, but still getting the above error.

>> Did you install the libslirp-dev or libslirp-devel package ?

>> C.

>>

>> TCS Confidential

>>

>> =====-----=====-----=====

>> Notice: The information contained in this e-mail message and/or

>> attachments to it may contain confidential or privileged information.

>> If you are not the intended recipient, any dissemination, use,

>> review, distribution, printing or copying of the information

>> contained in this e-mail message and/or attachments to it are

>> strictly prohibited. If you have received this communication in

>> error, please notify us by reply e-mail or telephone and immediately

>> and permanently delete the message and any attachments. Thank you

>>

>

>   TCS Confidential


TCS Confidential

[-- Attachment #2: Type: text/html, Size: 26673 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

I enable the following kernel build options for OpenBMC Linux kernel:

CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_I2C=y

With swtpm running in another terminal:

while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done

I start qemu built from qemu git master branch tip:

/tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e

root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
[   63.784256] tpm tpm0: starting up the TPM manually
[   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

root@evb-ast2600:~# uname -a
Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux

root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms
8056318c t tpm_tis_i2c_remove
805631b0 t tpm_tis_i2c_retry_transfer_until_ack
8056323c t tpm_tis_i2c_write_bytes
80563334 t tpm_tis_i2c_verify_crc
805633e0 t tpm_tis_i2c_read_bytes
80563604 t tpm_tis_i2c_probe
80d23964 t tpm_tis_i2c_driver_init

root@evb-ast2600:~# find /sys/class/tpm
/sys/class/tpm
/sys/class/tpm/tpm0

root@evb-ast2600:~# ls -l /dev/tpm*
crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0

root@evb-ast2600:~# find /sys/ | grep pcr
/sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1
/sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
[... lots more entries also for sha256, sha384, and sha512 ]




It seems to work as expected

On 5/5/23 11:08, Sandeep Kumar wrote:
> TCS Confidential Hi Stefan, Please find below my answers inline. Thanks, Sandeep. -----Original Message----- From: Stefan Berger <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To: Sandeep Kumar <sandeep. pkumar@ tcs. com>;
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> 
> TCS Confidential
> 
> 
> Hi Stefan,
> 
> Please find below my answers inline.
> 
> Thanks,
> 
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Friday, May 5, 2023 6:56 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> On 5/5/23 01:40, Sandeep Kumar wrote:
> 
>  >   TCS Confidential
> 
>  >
> 
>  > Hi Stefan,
> 
>  >
> 
>  > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
> 
>  > Ans:
> 
>  >          I am using the Kernel version coming with the latest openBMC without any changes.
> 
>  >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP
> 
>  > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
> 
>  >
> 
>  > Stefan:  What is the output of this?  find /sys/class/tpm | grep pcr
> 
>  > Ams:     find: /sys/class/tpm: No such file or directory.
> 
>  >
> 
>  > Could you please point to the right version of kernel which has all these changes ?
> 
> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
> 
> Does this show any files?
> 
> find /sys | grep pcr
> 
> *Sandeep: It doesn't show any files. *
> 
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> 
> *[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*
> 
> *root@evb-ast2600:~#*
> 
> *root@evb-ast2600:~# find /sys | grep pcr*
> 
> *root@evb-ast2600:~#*
> 
> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
> 
> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.  Output as below, *
> 
> **
> 
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> 
> *[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*
> 
> *root@evb-ast2600:~#*
> 
> *root@evb-ast2600:~# find /sys | grep pcr*
> 
> *root@evb-ast2600:~#*
> 
> *root@evb-ast2600:~# ls /dev/tpm**
> 
> *ls: /dev/tpm*: No such file or directory*
> 
> *root@evb-ast2600:~# dmesg | grep -i tpm*
> 
> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2 -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT default-hierarchy=unified)*
> 
> *[  273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*
> 
> *root@evb-ast2600:~#*
> 
>      Stefan
> 
>  >
> 
>  >
> 
>  > Thanks,
> 
>  > Sandeep.
> 
>  >
> 
>  > -----Original Message-----
> 
>  > From: Stefan Berger <stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>
> 
>  > Sent: Thursday, May 4, 2023 7:30 PM
> 
>  > To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
> 
>  > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
> 
>  > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
> 
>  > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
>  >
> 
>  > "External email. Open with Caution"
> 
>  >
> 
>  >
> 
>  > On 5/4/23 05:12, Sandeep Kumar wrote:
> 
>  >> TCS Confidential Hi C, I was able to build and run the image(for
> 
>  >> evb-ast2600) with swtpm. Few issues observed, If I run with the
> 
>  >> flash. img provided in your github link(https: //github.
> 
>  >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
> 
>  >> ZjQcmQRYFpfptBannerEnd
> 
>  >> TCS Confidential
> 
>  >>
> 
>  >> Hi C,
> 
>  >> I was able to build and run the image(for evb-ast2600) with swtpm.
> 
>  >> Few issues observed,
> 
>  >>
> 
>  >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
> 
>  >>
> 
>  >> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id
> 
>  >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
> 
>  >> tpm_tis_i2c at 0x2e*
> 
>  >> *#*
> 
>  >> *#*
> 
>  >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> 
>  >> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
> 
>  >> *#*
> 
>  >> *#*
> 
>  >>
> 
>  >>   2. If I run it with the locally built image, I get this error,
> 
>  >
> 
>  > Is the kernel configured in the same way? Are you using the same kernel version?
> 
>  >>
> 
>  >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> 
>  >> /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
> 
>  >> tpm_tis_i2c at 0x2e*
> 
>  >
> 
>  > What is the output of this?
> 
>  >
> 
>  > find /sys/class/tpm | grep pcr
> 
>  >
> 
>  >     Stefan
> 
>  >
> 
>  >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> 
>  >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or
> 
>  >> directory*
> 
>  >> *root@evb-ast2600:~#*
> 
>  >> *root@evb-ast2600:~#*
> 
>  >> Please do let me know about what has been done to write the values
> 
>  >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
> 
>  >> _____________________________________________
> 
>  >> *From:* Sandeep Kumar
> 
>  >> *Sent:* Thursday, April 20, 2023 5:45 PM
> 
>  >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
> 
>  >> Ninad Palsule <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>;
> 
>  >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  >> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >> Qemu Hi C, How to build this image =>
> 
>  >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
> 
>  >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> 
>  >> Please advise if we have to build openbmc stack in a different way
> 
>  >> than the standard procedure. We follow the below steps for build, 1. .
> 
>  >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
> 
>  >> -----Original Message-----
> 
>  >> From: Sandeep Kumar
> 
>  >> Sent: Wednesday, April 19, 2023 3:00 PM
> 
>  >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
> 
>  >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>; Ninad
> 
>  >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>; Joel
> 
>  >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
> 
>  >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
> 
>  >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >> Qemu Hi C, Got it working. Looks like slirp is no longer supported on
> 
>  >> ubnutu 18.04. have upgraded to a newer version  and is working now.
> 
>  >> Thanks,
> 
>  >> Sandeep.
> 
>  >> -----Original Message-----
> 
>  >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
> 
>  >> Sent: Wednesday, April 19, 2023 2:26 PM
> 
>  >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> 
>  >> <mailto:sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
> 
>  >> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule <ninad@linux.ibm.com
> 
>  >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel Stanley <jms@jms.id.au
> 
>  >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery <andrew@aj.id.au
> 
>  >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
> 
>  >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >> Qemu "External email. Open with Caution"
> 
>  >> Hello Sandeep
> 
>  >> On 4/18/23 09:45, Sandeep Kumar wrote:
> 
>  >>> TCS Confidential
> 
>  >>>
> 
>  >>> Hi C,
> 
>  >>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
> 
>  >>> 256 -M romulus-bmc -nographic -drive
> 
>  >>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
> 
>  >>> nic -net
> 
>  >>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
> 
>  >>> d
> 
>  >>> =
> 
>  >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
> 
>  >>> 1
> 
>  >>> 2
> 
>  >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> 
>  >>> *qemu-system-arm: -net
> 
>  >>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
> 
>  >>> d
> 
>  >>> =
> 
>  >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
> 
>  >>> 1
> 
>  >>> 2
> 
>  >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> 
>  >>> network backend 'user' is not compiled into this binary* I didn’t
> 
>  >>> enable the slirp package I guess. So enabled it while running
> 
>  >>> configure, *$ ../configure --enable-slirp*
> 
>  >>> *........*
> 
>  >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
> 
>  >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
> 
>  >>> pkgconfig* *A full log can be found at
> 
>  >>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
> 
>  >>> m
> 
>  >>> e
> 
>  >>> son-log.txt*
> 
>  >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
> 
>  >>> v0.62.0, Meson will require Python 3.7 or newer*
> 
>  >>> *ERROR: meson setup failed*
> 
>  >>> I have already installed slirp locally, but still getting the above error.
> 
>  >> Did you install the libslirp-dev or libslirp-devel package ?
> 
>  >> C.
> 
>  >>
> 
>  >> TCS Confidential
> 
>  >>
> 
>  >> =====-----=====-----=====
> 
>  >> Notice: The information contained in this e-mail message and/or
> 
>  >> attachments to it may contain confidential or privileged information.
> 
>  >> If you are not the intended recipient, any dissemination, use,
> 
>  >> review, distribution, printing or copying of the information
> 
>  >> contained in this e-mail message and/or attachments to it are
> 
>  >> strictly prohibited. If you have received this communication in
> 
>  >> error, please notify us by reply e-mail or telephone and immediately
> 
>  >> and permanently delete the message and any attachments. Thank you
> 
>  >>
> 
>  >
> 
>  >   TCS Confidential
> 
> 
> TCS Confidential
> 

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi Stefan,

I have these options set in /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-kernel/linux/linux-aspeed/tpm/tpm2.cfg

CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=y
CONFIG_TCG_TIS_I2C=y
CONFIG_SECURITYFS=y

and in /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc I have these,

SRC_URI += " \
             file://defconfig \
             file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
             file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
             ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
             ${@bb.utils.contains_any('DISTRO_FEATURES', \
                'obmc-static-norootfs obmc-ubi-fs', \
                'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
           "

Anything else needs to be done to enable TPM ?

Thanks,
Sandeep.

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Friday, May 5, 2023 9:41 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"

I enable the following kernel build options for OpenBMC Linux kernel:

CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_I2C=y

With swtpm running in another terminal:

while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done

I start qemu built from qemu git master branch tip:

/tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e

root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
[   63.784256] tpm tpm0: starting up the TPM manually
[   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

root@evb-ast2600:~# uname -a
Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux

root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t tpm_tis_i2c_remove
805631b0 t tpm_tis_i2c_retry_transfer_until_ack
8056323c t tpm_tis_i2c_write_bytes
80563334 t tpm_tis_i2c_verify_crc
805633e0 t tpm_tis_i2c_read_bytes
80563604 t tpm_tis_i2c_probe
80d23964 t tpm_tis_i2c_driver_init

root@evb-ast2600:~# find /sys/class/tpm
/sys/class/tpm
/sys/class/tpm/tpm0

root@evb-ast2600:~# ls -l /dev/tpm*
crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0

root@evb-ast2600:~# find /sys/ | grep pcr
/sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1
/sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
[... lots more entries also for sha256, sha384, and sha512 ]




It seems to work as expected

On 5/5/23 11:08, Sandeep Kumar wrote:
> TCS Confidential Hi Stefan, Please find below my answers inline.
> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
>
> TCS Confidential
>
>
> Hi Stefan,
>
> Please find below my answers inline.
>
> Thanks,
>
> Sandeep.
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Friday, May 5, 2023 6:56 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
> On 5/5/23 01:40, Sandeep Kumar wrote:
>
>  >   TCS Confidential
>
>  >
>
>  > Hi Stefan,
>
>  >
>
>  > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>
>  > Ans:
>
>  >          I am using the Kernel version coming with the latest openBMC without any changes.
>
>  >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
> SMP
>
>  > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>
>  >
>
>  > Stefan:  What is the output of this?  find /sys/class/tpm | grep
> pcr
>
>  > Ams:     find: /sys/class/tpm: No such file or directory.
>
>  >
>
>  > Could you please point to the right version of kernel which has all these changes ?
>
> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>
> Does this show any files?
>
> find /sys | grep pcr
>
> *Sandeep: It doesn't show any files. *
>
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> /sys/bus/i2c/devices/i2c-12/new_device*
>
> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e*
>
> *root@evb-ast2600:~#*
>
> *root@evb-ast2600:~# find /sys | grep pcr*
>
> *root@evb-ast2600:~#*
>
> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>
> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
> Output as below, *
>
> **
>
> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> /sys/bus/i2c/devices/i2c-12/new_device*
>
> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e*
>
> *root@evb-ast2600:~#*
>
> *root@evb-ast2600:~# find /sys | grep pcr*
>
> *root@evb-ast2600:~#*
>
> *root@evb-ast2600:~# ls /dev/tpm**
>
> *ls: /dev/tpm*: No such file or directory*
>
> *root@evb-ast2600:~# dmesg | grep -i tpm*
>
> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT
> default-hierarchy=unified)*
>
> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e*
>
> *root@evb-ast2600:~#*
>
>      Stefan
>
>  >
>
>  >
>
>  > Thanks,
>
>  > Sandeep.
>
>  >
>
>  > -----Original Message-----
>
>  > From: Stefan Berger <stefanb@linux.ibm.com
> <mailto:stefanb@linux.ibm.com>>
>
>  > Sent: Thursday, May 4, 2023 7:30 PM
>
>  > To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>
>  > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>
>  > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>
>  > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> Qemu
>
>  >
>
>  > "External email. Open with Caution"
>
>  >
>
>  >
>
>  > On 5/4/23 05:12, Sandeep Kumar wrote:
>
>  >> TCS Confidential Hi C, I was able to build and run the image(for
>
>  >> evb-ast2600) with swtpm. Few issues observed, If I run with the
>
>  >> flash. img provided in your github link(https: //github.
>
>  >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>
>  >> ZjQcmQRYFpfptBannerEnd
>
>  >> TCS Confidential
>
>  >>
>
>  >> Hi C,
>
>  >> I was able to build and run the image(for evb-ast2600) with swtpm.
>
>  >> Few issues observed,
>
>  >>
>
>  >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>
>  >>
>
>  >> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
> rev-id
>
>  >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>
>  >> tpm_tis_i2c at 0x2e*
>
>  >> *#*
>
>  >> *#*
>
>  >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>
>  >> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>
>  >> *#*
>
>  >> *#*
>
>  >>
>
>  >>   2. If I run it with the locally built image, I get this error,
>
>  >
>
>  > Is the kernel configured in the same way? Are you using the same kernel version?
>
>  >>
>
>  >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>
>  >> /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>
>  >> tpm_tis_i2c at 0x2e*
>
>  >
>
>  > What is the output of this?
>
>  >
>
>  > find /sys/class/tpm | grep pcr
>
>  >
>
>  >     Stefan
>
>  >
>
>  >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>
>  >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file
> or
>
>  >> directory*
>
>  >> *root@evb-ast2600:~#*
>
>  >> *root@evb-ast2600:~#*
>
>  >> Please do let me know about what has been done to write the values
>
>  >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>
>  >> _____________________________________________
>
>  >> *From:* Sandeep Kumar
>
>  >> *Sent:* Thursday, April 20, 2023 5:45 PM
>
>  >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>
>  >> Ninad Palsule <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>;
> Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>;
>
>  >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  >> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC
> on
>
>  >> Qemu Hi C, How to build this image =>
>
>  >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>
>  >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>
>  >> Please advise if we have to build openbmc stack in a different way
>
>  >> than the standard procedure. We follow the below steps for build, 1. .
>
>  >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>
>  >> -----Original Message-----
>
>  >> From: Sandeep Kumar
>
>  >> Sent: Wednesday, April 19, 2023 3:00 PM
>
>  >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>
>  >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
> Ninad
>
>  >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>
>  >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>
>  >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>
>  >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on
>
>  >> Qemu Hi C, Got it working. Looks like slirp is no longer supported
> on
>
>  >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>
>  >> Thanks,
>
>  >> Sandeep.
>
>  >> -----Original Message-----
>
>  >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>
>  >> Sent: Wednesday, April 19, 2023 2:26 PM
>
>  >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>
>  >> <mailto:sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>>;
> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>
>  >> <mailto:openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule <ninad@linux.ibm.com
>
>  >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
> Stanley <jms@jms.id.au
>
>  >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
> <andrew@aj.id.au
>
>  >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>
>  >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>
>  >> Qemu "External email. Open with Caution"
>
>  >> Hello Sandeep
>
>  >> On 4/18/23 09:45, Sandeep Kumar wrote:
>
>  >>> TCS Confidential
>
>  >>>
>
>  >>> Hi C,
>
>  >>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm
> -m
>
>  >>> 256 -M romulus-bmc -nographic -drive
>
>  >>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
> -net
>
>  >>> nic -net
>
>  >>>
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>
>  >>> d
>
>  >>> =
>
>  >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>
>  >>> 1
>
>  >>> 2
>
>  >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>
>  >>> *qemu-system-arm: -net
>
>  >>>
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>
>  >>> d
>
>  >>> =
>
>  >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>
>  >>> 1
>
>  >>> 2
>
>  >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>
>  >>> network backend 'user' is not compiled into this binary* I didn’t
>
>  >>> enable the slirp package I guess. So enabled it while running
>
>  >>> configure, *$ ../configure --enable-slirp*
>
>  >>> *........*
>
>  >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>
>  >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>
>  >>> pkgconfig* *A full log can be found at
>
>  >>>
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>
>  >>> m
>
>  >>> e
>
>  >>> son-log.txt*
>
>  >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>
>  >>> v0.62.0, Meson will require Python 3.7 or newer*
>
>  >>> *ERROR: meson setup failed*
>
>  >>> I have already installed slirp locally, but still getting the above error.
>
>  >> Did you install the libslirp-dev or libslirp-devel package ?
>
>  >> C.
>
>  >>
>
>  >> TCS Confidential
>
>  >>
>
>  >> =====-----=====-----=====
>
>  >> Notice: The information contained in this e-mail message and/or
>
>  >> attachments to it may contain confidential or privileged information.
>
>  >> If you are not the intended recipient, any dissemination, use,
>
>  >> review, distribution, printing or copying of the information
>
>  >> contained in this e-mail message and/or attachments to it are
>
>  >> strictly prohibited. If you have received this communication in
>
>  >> error, please notify us by reply e-mail or telephone and
> immediately
>
>  >> and permanently delete the message and any attachments. Thank you
>
>  >>
>
>  >
>
>  >   TCS Confidential
>
>
> TCS Confidential
>

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/5/23 13:36, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> I have these options set in /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-kernel/linux/linux-aspeed/tpm/tpm2.cfg
> 
> CONFIG_HW_RANDOM=y
> CONFIG_HW_RANDOM_TPM=y
> CONFIG_TCG_TPM=y
> CONFIG_TCG_TIS_CORE=y
> CONFIG_TCG_TIS=y
> CONFIG_TCG_TIS_SPI=y
> CONFIG_TCG_TIS_I2C=y
> CONFIG_SECURITYFS=y


I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.

As long as these symbols are built into the kernel it should work:

> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms
> 8056318c t tpm_tis_i2c_remove
> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 8056323c t tpm_tis_i2c_write_bytes
> 80563334 t tpm_tis_i2c_verify_crc
> 805633e0 t tpm_tis_i2c_read_bytes
> 80563604 t tpm_tis_i2c_probe
> 80d23964 t tpm_tis_i2c_driver_init

> 
> and in /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-kernel/linux/linux-aspeed.inc I have these,
> 
> SRC_URI += " \
>               file://defconfig \
>               file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
>               file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
>               ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
>               ${@bb.utils.contains_any('DISTRO_FEATURES', \
>                  'obmc-static-norootfs obmc-ubi-fs', \
>                  'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
>             "
> 
> Anything else needs to be done to enable TPM ?

Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.

    Stefan

> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Friday, May 5, 2023 9:41 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> I enable the following kernel build options for OpenBMC Linux kernel:
> 
> CONFIG_TCG_TPM=y
> CONFIG_TCG_TIS_CORE=y
> CONFIG_TCG_TIS=y
> CONFIG_TCG_TIS_I2C=y
> 
> With swtpm running in another terminal:
> 
> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
> 
> I start qemu built from qemu git master branch tip:
> 
> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
> 
> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
> [   63.784256] tpm tpm0: starting up the TPM manually
> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
> 
> root@evb-ast2600:~# uname -a
> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
> 
> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t tpm_tis_i2c_remove
> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 8056323c t tpm_tis_i2c_write_bytes
> 80563334 t tpm_tis_i2c_verify_crc
> 805633e0 t tpm_tis_i2c_read_bytes
> 80563604 t tpm_tis_i2c_probe
> 80d23964 t tpm_tis_i2c_driver_init
> 
> root@evb-ast2600:~# find /sys/class/tpm
> /sys/class/tpm
> /sys/class/tpm/tpm0
> 
> root@evb-ast2600:~# ls -l /dev/tpm*
> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
> 
> root@evb-ast2600:~# find /sys/ | grep pcr
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bus/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
> [... lots more entries also for sha256, sha384, and sha512 ]
> 
> 
> 
> 
> It seems to work as expected
> 
> On 5/5/23 11:08, Sandeep Kumar wrote:
>> TCS Confidential Hi Stefan, Please find below my answers inline.
>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>> ZjQcmQRYFpfptBannerEnd
>>
>> TCS Confidential
>>
>>
>> Hi Stefan,
>>
>> Please find below my answers inline.
>>
>> Thanks,
>>
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Friday, May 5, 2023 6:56 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>>
>> "External email. Open with Caution"
>>
>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>
>>   >   TCS Confidential
>>
>>   >
>>
>>   > Hi Stefan,
>>
>>   >
>>
>>   > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   > Ans:
>>
>>   >          I am using the Kernel version coming with the latest openBMC without any changes.
>>
>>   >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
>> SMP
>>
>>   > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>
>>   >
>>
>>   > Stefan:  What is the output of this?  find /sys/class/tpm | grep
>> pcr
>>
>>   > Ams:     find: /sys/class/tpm: No such file or directory.
>>
>>   >
>>
>>   > Could you please point to the right version of kernel which has all these changes ?
>>
>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>
>> Does this show any files?
>>
>> find /sys | grep pcr
>>
>> *Sandeep: It doesn't show any files. *
>>
>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>> *root@evb-ast2600:~#*
>>
>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>
>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>> Output as below, *
>>
>> **
>>
>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# ls /dev/tpm**
>>
>> *ls: /dev/tpm*: No such file or directory*
>>
>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>
>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
>> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
>> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT
>> default-hierarchy=unified)*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>>       Stefan
>>
>>   >
>>
>>   >
>>
>>   > Thanks,
>>
>>   > Sandeep.
>>
>>   >
>>
>>   > -----Original Message-----
>>
>>   > From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   > Sent: Thursday, May 4, 2023 7:30 PM
>>
>>   > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>>   >
>>
>>   > "External email. Open with Caution"
>>
>>   >
>>
>>   >
>>
>>   > On 5/4/23 05:12, Sandeep Kumar wrote:
>>
>>   >> TCS Confidential Hi C, I was able to build and run the image(for
>>
>>   >> evb-ast2600) with swtpm. Few issues observed, If I run with the
>>
>>   >> flash. img provided in your github link(https: //github.
>>
>>   >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >> ZjQcmQRYFpfptBannerEnd
>>
>>   >> TCS Confidential
>>
>>   >>
>>
>>   >> Hi C,
>>
>>   >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>
>>   >> Few issues observed,
>>
>>   >>
>>
>>   >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>>
>>   >>
>>
>>   >> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>> rev-id
>>
>>   >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>>
>>   >> tpm_tis_i2c at 0x2e*
>>
>>   >> *#*
>>
>>   >> *#*
>>
>>   >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>
>>   >> *#*
>>
>>   >> *#*
>>
>>   >>
>>
>>   >>   2. If I run it with the locally built image, I get this error,
>>
>>   >
>>
>>   > Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>
>>
>>   >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>>
>>   >> tpm_tis_i2c at 0x2e*
>>
>>   >
>>
>>   > What is the output of this?
>>
>>   >
>>
>>   > find /sys/class/tpm | grep pcr
>>
>>   >
>>
>>   >     Stefan
>>
>>   >
>>
>>   >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file
>> or
>>
>>   >> directory*
>>
>>   >> *root@evb-ast2600:~#*
>>
>>   >> *root@evb-ast2600:~#*
>>
>>   >> Please do let me know about what has been done to write the values
>>
>>   >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>
>>   >> _____________________________________________
>>
>>   >> *From:* Sandeep Kumar
>>
>>   >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>
>>   >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>>
>>   >> Ninad Palsule <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>;
>> Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>;
>>
>>   >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >> Qemu Hi C, How to build this image =>
>>
>>   >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>>
>>   >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>
>>   >> Please advise if we have to build openbmc stack in a different way
>>
>>   >> than the standard procedure. We follow the below steps for build, 1. .
>>
>>   >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>
>>   >> -----Original Message-----
>>
>>   >> From: Sandeep Kumar
>>
>>   >> Sent: Wednesday, April 19, 2023 3:00 PM
>>
>>   >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>>
>>   >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>> Ninad
>>
>>   >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>
>>   >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>
>>   >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on
>>
>>   >> Qemu Hi C, Got it working. Looks like slirp is no longer supported
>> on
>>
>>   >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>
>>   >> Thanks,
>>
>>   >> Sandeep.
>>
>>   >> -----Original Message-----
>>
>>   >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>>
>>   >> Sent: Wednesday, April 19, 2023 2:26 PM
>>
>>   >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >> <mailto:sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>>;
>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>
>>   >> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule <ninad@linux.ibm.com
>>
>>   >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
>> Stanley <jms@jms.id.au
>>
>>   >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
>> <andrew@aj.id.au
>>
>>   >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>>
>>   >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>
>>   >> Qemu "External email. Open with Caution"
>>
>>   >> Hello Sandeep
>>
>>   >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>
>>   >>> TCS Confidential
>>
>>   >>>
>>
>>   >>> Hi C,
>>
>>   >>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm
>> -m
>>
>>   >>> 256 -M romulus-bmc -nographic -drive
>>
>>   >>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>> -net
>>
>>   >>> nic -net
>>
>>   >>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>
>>   >>> d
>>
>>   >>> =
>>
>>   >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>> 1
>>
>>   >>> 2
>>
>>   >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>
>>   >>> *qemu-system-arm: -net
>>
>>   >>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>
>>   >>> d
>>
>>   >>> =
>>
>>   >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>> 1
>>
>>   >>> 2
>>
>>   >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>
>>   >>> network backend 'user' is not compiled into this binary* I didn’t
>>
>>   >>> enable the slirp package I guess. So enabled it while running
>>
>>   >>> configure, *$ ../configure --enable-slirp*
>>
>>   >>> *........*
>>
>>   >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>
>>   >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>>
>>   >>> pkgconfig* *A full log can be found at
>>
>>   >>>
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>
>>   >>> m
>>
>>   >>> e
>>
>>   >>> son-log.txt*
>>
>>   >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>
>>   >>> v0.62.0, Meson will require Python 3.7 or newer*
>>
>>   >>> *ERROR: meson setup failed*
>>
>>   >>> I have already installed slirp locally, but still getting the above error.
>>
>>   >> Did you install the libslirp-dev or libslirp-devel package ?
>>
>>   >> C.
>>
>>   >>
>>
>>   >> TCS Confidential
>>
>>   >>
>>
>>   >> =====-----=====-----=====
>>
>>   >> Notice: The information contained in this e-mail message and/or
>>
>>   >> attachments to it may contain confidential or privileged information.
>>
>>   >> If you are not the intended recipient, any dissemination, use,
>>
>>   >> review, distribution, printing or copying of the information
>>
>>   >> contained in this e-mail message and/or attachments to it are
>>
>>   >> strictly prohibited. If you have received this communication in
>>
>>   >> error, please notify us by reply e-mail or telephone and
>> immediately
>>
>>   >> and permanently delete the message and any attachments. Thank you
>>
>>   >>
>>
>>   >
>>
>>   >   TCS Confidential
>>
>>
>> TCS Confidential
>>
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi Stefan,

Thanks for the help.

'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?

Thanks,
Sandeep.

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Saturday, May 6, 2023 2:08 AM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/5/23 13:36, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi Stefan,
>
> I have these options set in
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-k
> ernel/linux/linux-aspeed/tpm/tpm2.cfg
>
> CONFIG_HW_RANDOM=y
> CONFIG_HW_RANDOM_TPM=y
> CONFIG_TCG_TPM=y
> CONFIG_TCG_TIS_CORE=y
> CONFIG_TCG_TIS=y
> CONFIG_TCG_TIS_SPI=y
> CONFIG_TCG_TIS_I2C=y
> CONFIG_SECURITYFS=y


I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.

As long as these symbols are built into the kernel it should work:

> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
> tpm_tis_i2c_remove
> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 8056323c t tpm_tis_i2c_write_bytes
> 80563334 t tpm_tis_i2c_verify_crc
> 805633e0 t tpm_tis_i2c_read_bytes
> 80563604 t tpm_tis_i2c_probe
> 80d23964 t tpm_tis_i2c_driver_init

>
> and in
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-k
> ernel/linux/linux-aspeed.inc I have these,
>
> SRC_URI += " \
>               file://defconfig \
>               file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
>               file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
>               ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
>               ${@bb.utils.contains_any('DISTRO_FEATURES', \
>                  'obmc-static-norootfs obmc-ubi-fs', \
>                  'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
>             "
>
> Anything else needs to be done to enable TPM ?

Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.

    Stefan

>
> Thanks,
> Sandeep.
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Friday, May 5, 2023 9:41 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
> I enable the following kernel build options for OpenBMC Linux kernel:
>
> CONFIG_TCG_TPM=y
> CONFIG_TCG_TIS_CORE=y
> CONFIG_TCG_TIS=y
> CONFIG_TCG_TIS_I2C=y
>
> With swtpm running in another terminal:
>
> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
>
> I start qemu built from qemu git master branch tip:
>
> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>
> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
> [   63.784256] tpm tpm0: starting up the TPM manually
> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
>
> root@evb-ast2600:~# uname -a
> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1
> SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>
> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
> tpm_tis_i2c_remove
> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 8056323c t tpm_tis_i2c_write_bytes
> 80563334 t tpm_tis_i2c_verify_crc
> 805633e0 t tpm_tis_i2c_read_bytes
> 80563604 t tpm_tis_i2c_probe
> 80d23964 t tpm_tis_i2c_driver_init
>
> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
> /sys/class/tpm/tpm0
>
> root@evb-ast2600:~# ls -l /dev/tpm*
> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
>
> root@evb-ast2600:~# find /sys/ | grep pcr
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bu
> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bu
> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
> [... lots more entries also for sha256, sha384, and sha512 ]
>
>
>
>
> It seems to work as expected
>
> On 5/5/23 11:08, Sandeep Kumar wrote:
>> TCS Confidential Hi Stefan, Please find below my answers inline.
>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>> ZjQcmQRYFpfptBannerEnd
>>
>> TCS Confidential
>>
>>
>> Hi Stefan,
>>
>> Please find below my answers inline.
>>
>> Thanks,
>>
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Friday, May 5, 2023 6:56 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>> "External email. Open with Caution"
>>
>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>
>>   >   TCS Confidential
>>
>>   >
>>
>>   > Hi Stefan,
>>
>>   >
>>
>>   > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   > Ans:
>>
>>   >          I am using the Kernel version coming with the latest openBMC without any changes.
>>
>>   >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
>> SMP
>>
>>   > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>
>>   >
>>
>>   > Stefan:  What is the output of this?  find /sys/class/tpm | grep
>> pcr
>>
>>   > Ams:     find: /sys/class/tpm: No such file or directory.
>>
>>   >
>>
>>   > Could you please point to the right version of kernel which has all these changes ?
>>
>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>
>> Does this show any files?
>>
>> find /sys | grep pcr
>>
>> *Sandeep: It doesn't show any files. *
>>
>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>> *root@evb-ast2600:~#*
>>
>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>
>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>> Output as below, *
>>
>> **
>>
>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>> *root@evb-ast2600:~#*
>>
>> *root@evb-ast2600:~# ls /dev/tpm**
>>
>> *ls: /dev/tpm*: No such file or directory*
>>
>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>
>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
>> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
>> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT
>> default-hierarchy=unified)*
>>
>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>>
>> *root@evb-ast2600:~#*
>>
>>       Stefan
>>
>>   >
>>
>>   >
>>
>>   > Thanks,
>>
>>   > Sandeep.
>>
>>   >
>>
>>   > -----Original Message-----
>>
>>   > From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   > Sent: Thursday, May 4, 2023 7:30 PM
>>
>>   > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>>   >
>>
>>   > "External email. Open with Caution"
>>
>>   >
>>
>>   >
>>
>>   > On 5/4/23 05:12, Sandeep Kumar wrote:
>>
>>   >> TCS Confidential Hi C, I was able to build and run the image(for
>>
>>   >> evb-ast2600) with swtpm. Few issues observed, If I run with the
>>
>>   >> flash. img provided in your github link(https: //github.
>>
>>   >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >> ZjQcmQRYFpfptBannerEnd
>>
>>   >> TCS Confidential
>>
>>   >>
>>
>>   >> Hi C,
>>
>>   >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>
>>   >> Few issues observed,
>>
>>   >>
>>
>>   >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>>
>>   >>
>>
>>   >> *# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>> rev-id
>>
>>   >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>>
>>   >> tpm_tis_i2c at 0x2e*
>>
>>   >> *#*
>>
>>   >> *#*
>>
>>   >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >>
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>
>>   >> *#*
>>
>>   >> *#*
>>
>>   >>
>>
>>   >>   2. If I run it with the locally built image, I get this error,
>>
>>   >
>>
>>   > Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>
>>
>>   >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>>
>>   >> tpm_tis_i2c at 0x2e*
>>
>>   >
>>
>>   > What is the output of this?
>>
>>   >
>>
>>   > find /sys/class/tpm | grep pcr
>>
>>   >
>>
>>   >     Stefan
>>
>>   >
>>
>>   >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such
>> file or
>>
>>   >> directory*
>>
>>   >> *root@evb-ast2600:~#*
>>
>>   >> *root@evb-ast2600:~#*
>>
>>   >> Please do let me know about what has been done to write the
>> values
>>
>>   >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>
>>   >> _____________________________________________
>>
>>   >> *From:* Sandeep Kumar
>>
>>   >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>
>>   >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>>
>>   >> Ninad Palsule <ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
>> <mailto:jms@jms.id.au>>;
>>
>>   >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >> Qemu Hi C, How to build this image =>
>>
>>   >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>>
>>   >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>
>>   >> Please advise if we have to build openbmc stack in a different
>> way
>>
>>   >> than the standard procedure. We follow the below steps for build, 1. .
>>
>>   >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>
>>   >> -----Original Message-----
>>
>>   >> From: Sandeep Kumar
>>
>>   >> Sent: Wednesday, April 19, 2023 3:00 PM
>>
>>   >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>>
>>   >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>> Ninad
>>
>>   >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>;
>> Joel
>>
>>   >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>
>>   >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >> Qemu Hi C, Got it working. Looks like slirp is no longer
>> supported on
>>
>>   >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>
>>   >> Thanks,
>>
>>   >> Sandeep.
>>
>>   >> -----Original Message-----
>>
>>   >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>>
>>   >> Sent: Wednesday, April 19, 2023 2:26 PM
>>
>>   >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >> <mailto:sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>>;
>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>
>>   >> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule
>> <ninad@linux.ibm.com
>>
>>   >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
>> Stanley <jms@jms.id.au
>>
>>   >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
>> <andrew@aj.id.au
>>
>>   >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>>
>>   >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >> Qemu "External email. Open with Caution"
>>
>>   >> Hello Sandeep
>>
>>   >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>
>>   >>> TCS Confidential
>>
>>   >>>
>>
>>   >>> Hi C,
>>
>>   >>> Built the qemu from your branch. Few issues, *$
>> ./qemu-system-arm -m
>>
>>   >>> 256 -M romulus-bmc -nographic -drive
>>
>>   >>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>> -net
>>
>>   >>> nic -net
>>
>>   >>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>
>>   >>> d
>>
>>   >>> =
>>
>>   >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>> 1
>>
>>   >>> 2
>>
>>   >>>
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>
>>   >>> *qemu-system-arm: -net
>>
>>   >>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>
>>   >>> d
>>
>>   >>> =
>>
>>   >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>> 1
>>
>>   >>> 2
>>
>>   >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>
>>   >>> network backend 'user' is not compiled into this binary* I
>> didn’t
>>
>>   >>> enable the slirp package I guess. So enabled it while running
>>
>>   >>> configure, *$ ../configure --enable-slirp*
>>
>>   >>> *........*
>>
>>   >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>
>>   >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,
>> tried
>>
>>   >>> pkgconfig* *A full log can be found at
>>
>>   >>>
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>
>>   >>> m
>>
>>   >>> e
>>
>>   >>> son-log.txt*
>>
>>   >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>
>>   >>> v0.62.0, Meson will require Python 3.7 or newer*
>>
>>   >>> *ERROR: meson setup failed*
>>
>>   >>> I have already installed slirp locally, but still getting the above error.
>>
>>   >> Did you install the libslirp-dev or libslirp-devel package ?
>>
>>   >> C.
>>
>>   >>
>>
>>   >> TCS Confidential
>>
>>   >>
>>
>>   >> =====-----=====-----=====
>>
>>   >> Notice: The information contained in this e-mail message and/or
>>
>>   >> attachments to it may contain confidential or privileged information.
>>
>>   >> If you are not the intended recipient, any dissemination, use,
>>
>>   >> review, distribution, printing or copying of the information
>>
>>   >> contained in this e-mail message and/or attachments to it are
>>
>>   >> strictly prohibited. If you have received this communication in
>>
>>   >> error, please notify us by reply e-mail or telephone and
>> immediately
>>
>>   >> and permanently delete the message and any attachments. Thank
>> you
>>
>>   >>
>>
>>   >
>>
>>   >   TCS Confidential
>>
>>
>> TCS Confidential
>>
>
>   TCS Confidential

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/9/23 08:06, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> Thanks for the help.
> 
> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?

TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:

meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
meta-security/meta-tpm/recipes-tpm2/tpm2-tss
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb

Intel: https://github.com/tpm2-software/tpm2-tss#overview
IBM: https://github.com/kgoldman/ibmtss

    Stefan

> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Saturday, May 6, 2023 2:08 AM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> On 5/5/23 13:36, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> I have these options set in
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-k
>> ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>
>> CONFIG_HW_RANDOM=y
>> CONFIG_HW_RANDOM_TPM=y
>> CONFIG_TCG_TPM=y
>> CONFIG_TCG_TIS_CORE=y
>> CONFIG_TCG_TIS=y
>> CONFIG_TCG_TIS_SPI=y
>> CONFIG_TCG_TIS_I2C=y
>> CONFIG_SECURITYFS=y
> 
> 
> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
> 
> As long as these symbols are built into the kernel it should work:
> 
>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>> tpm_tis_i2c_remove
>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>> 8056323c t tpm_tis_i2c_write_bytes
>> 80563334 t tpm_tis_i2c_verify_crc
>> 805633e0 t tpm_tis_i2c_read_bytes
>> 80563604 t tpm_tis_i2c_probe
>> 80d23964 t tpm_tis_i2c_driver_init
> 
>>
>> and in
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-k
>> ernel/linux/linux-aspeed.inc I have these,
>>
>> SRC_URI += " \
>>                file://defconfig \
>>                file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
>>                file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
>>                ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
>>                ${@bb.utils.contains_any('DISTRO_FEATURES', \
>>                   'obmc-static-norootfs obmc-ubi-fs', \
>>                   'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
>>              "
>>
>> Anything else needs to be done to enable TPM ?
> 
> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
> 
>      Stefan
> 
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Friday, May 5, 2023 9:41 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>>
>> "External email. Open with Caution"
>>
>> I enable the following kernel build options for OpenBMC Linux kernel:
>>
>> CONFIG_TCG_TPM=y
>> CONFIG_TCG_TIS_CORE=y
>> CONFIG_TCG_TIS=y
>> CONFIG_TCG_TIS_I2C=y
>>
>> With swtpm running in another terminal:
>>
>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
>>
>> I start qemu built from qemu git master branch tip:
>>
>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>
>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
>> [   63.784256] tpm tpm0: starting up the TPM manually
>> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
>>
>> root@evb-ast2600:~# uname -a
>> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1
>> SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>
>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>> tpm_tis_i2c_remove
>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>> 8056323c t tpm_tis_i2c_write_bytes
>> 80563334 t tpm_tis_i2c_verify_crc
>> 805633e0 t tpm_tis_i2c_read_bytes
>> 80563604 t tpm_tis_i2c_probe
>> 80d23964 t tpm_tis_i2c_driver_init
>>
>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>> /sys/class/tpm/tpm0
>>
>> root@evb-ast2600:~# ls -l /dev/tpm*
>> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
>> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
>>
>> root@evb-ast2600:~# find /sys/ | grep pcr
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bu
>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-bu
>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>> [... lots more entries also for sha256, sha384, and sha512 ]
>>
>>
>>
>>
>> It seems to work as expected
>>
>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>> ZjQcmQRYFpfptBannerEnd
>>>
>>> TCS Confidential
>>>
>>>
>>> Hi Stefan,
>>>
>>> Please find below my answers inline.
>>>
>>> Thanks,
>>>
>>> Sandeep.
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Friday, May 5, 2023 6:56 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>
>>>    >   TCS Confidential
>>>
>>>    >
>>>
>>>    > Hi Stefan,
>>>
>>>    >
>>>
>>>    > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    > Ans:
>>>
>>>    >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>
>>>    >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
>>> SMP
>>>
>>>    > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>
>>>    >
>>>
>>>    > Stefan:  What is the output of this?  find /sys/class/tpm | grep
>>> pcr
>>>
>>>    > Ams:     find: /sys/class/tpm: No such file or directory.
>>>
>>>    >
>>>
>>>    > Could you please point to the right version of kernel which has all these changes ?
>>>
>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>
>>> Does this show any files?
>>>
>>> find /sys | grep pcr
>>>
>>> *Sandeep: It doesn't show any files. *
>>>
>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>
>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>> Output as below, *
>>>
>>> **
>>>
>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>
>>> *ls: /dev/tpm*: No such file or directory*
>>>
>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>
>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
>>> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
>>> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT
>>> default-hierarchy=unified)*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>>        Stefan
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > Thanks,
>>>
>>>    > Sandeep.
>>>
>>>    >
>>>
>>>    > -----Original Message-----
>>>
>>>    > From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    > Sent: Thursday, May 4, 2023 7:30 PM
>>>
>>>    > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>>    >
>>>
>>>    > "External email. Open with Caution"
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>
>>>    >> TCS Confidential Hi C, I was able to build and run the image(for
>>>
>>>    >> evb-ast2600) with swtpm. Few issues observed, If I run with the
>>>
>>>    >> flash. img provided in your github link(https: //github.
>>>
>>>    >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >> TCS Confidential
>>>
>>>    >>
>>>
>>>    >> Hi C,
>>>
>>>    >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>
>>>    >> Few issues observed,
>>>
>>>    >>
>>>
>>>    >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>>>
>>>    >>
>>>
>>>    >> *# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>> rev-id
>>>
>>>    >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >> tpm_tis_i2c at 0x2e*
>>>
>>>    >> *#*
>>>
>>>    >> *#*
>>>
>>>    >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>
>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>
>>>    >> *#*
>>>
>>>    >> *#*
>>>
>>>    >>
>>>
>>>    >>   2. If I run it with the locally built image, I get this error,
>>>
>>>    >
>>>
>>>    > Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>
>>>
>>>    >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >> tpm_tis_i2c at 0x2e*
>>>
>>>    >
>>>
>>>    > What is the output of this?
>>>
>>>    >
>>>
>>>    > find /sys/class/tpm | grep pcr
>>>
>>>    >
>>>
>>>    >     Stefan
>>>
>>>    >
>>>
>>>    >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such
>>> file or
>>>
>>>    >> directory*
>>>
>>>    >> *root@evb-ast2600:~#*
>>>
>>>    >> *root@evb-ast2600:~#*
>>>
>>>    >> Please do let me know about what has been done to write the
>>> values
>>>
>>>    >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>
>>>    >> _____________________________________________
>>>
>>>    >> *From:* Sandeep Kumar
>>>
>>>    >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>
>>>    >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>>>
>>>    >> Ninad Palsule <ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
>>> <mailto:jms@jms.id.au>>;
>>>
>>>    >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu Hi C, How to build this image =>
>>>
>>>    >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>>>
>>>    >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>
>>>    >> Please advise if we have to build openbmc stack in a different
>>> way
>>>
>>>    >> than the standard procedure. We follow the below steps for build, 1. .
>>>
>>>    >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Sandeep Kumar
>>>
>>>    >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>
>>>    >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>> Ninad
>>>
>>>    >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>;
>>> Joel
>>>
>>>    >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>
>>>    >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>> supported on
>>>
>>>    >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>
>>>    >> Thanks,
>>>
>>>    >> Sandeep.
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>>>
>>>    >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>
>>>    >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>>
>>>    >> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule
>>> <ninad@linux.ibm.com
>>>
>>>    >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
>>> Stanley <jms@jms.id.au
>>>
>>>    >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
>>> <andrew@aj.id.au
>>>
>>>    >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>>>
>>>    >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu "External email. Open with Caution"
>>>
>>>    >> Hello Sandeep
>>>
>>>    >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>
>>>    >>> TCS Confidential
>>>
>>>    >>>
>>>
>>>    >>> Hi C,
>>>
>>>    >>> Built the qemu from your branch. Few issues, *$
>>> ./qemu-system-arm -m
>>>
>>>    >>> 256 -M romulus-bmc -nographic -drive
>>>
>>>    >>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>> -net
>>>
>>>    >>> nic -net
>>>
>>>    >>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>
>>>    >>> d
>>>
>>>    >>> =
>>>
>>>    >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>> 1
>>>
>>>    >>> 2
>>>
>>>    >>>
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>
>>>    >>> *qemu-system-arm: -net
>>>
>>>    >>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>
>>>    >>> d
>>>
>>>    >>> =
>>>
>>>    >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>> 1
>>>
>>>    >>> 2
>>>
>>>    >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>
>>>    >>> network backend 'user' is not compiled into this binary* I
>>> didn’t
>>>
>>>    >>> enable the slirp package I guess. So enabled it while running
>>>
>>>    >>> configure, *$ ../configure --enable-slirp*
>>>
>>>    >>> *........*
>>>
>>>    >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>
>>>    >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,
>>> tried
>>>
>>>    >>> pkgconfig* *A full log can be found at
>>>
>>>    >>>
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>>
>>>    >>> m
>>>
>>>    >>> e
>>>
>>>    >>> son-log.txt*
>>>
>>>    >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>>
>>>    >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>
>>>    >>> *ERROR: meson setup failed*
>>>
>>>    >>> I have already installed slirp locally, but still getting the above error.
>>>
>>>    >> Did you install the libslirp-dev or libslirp-devel package ?
>>>
>>>    >> C.
>>>
>>>    >>
>>>
>>>    >> TCS Confidential
>>>
>>>    >>
>>>
>>>    >> =====-----=====-----=====
>>>
>>>    >> Notice: The information contained in this e-mail message and/or
>>>
>>>    >> attachments to it may contain confidential or privileged information.
>>>
>>>    >> If you are not the intended recipient, any dissemination, use,
>>>
>>>    >> review, distribution, printing or copying of the information
>>>
>>>    >> contained in this e-mail message and/or attachments to it are
>>>
>>>    >> strictly prohibited. If you have received this communication in
>>>
>>>    >> error, please notify us by reply e-mail or telephone and
>>> immediately
>>>
>>>    >> and permanently delete the message and any attachments. Thank
>>> you
>>>
>>>    >>
>>>
>>>    >
>>>
>>>    >   TCS Confidential
>>>
>>>
>>> TCS Confidential
>>>
>>
>>    TCS Confidential
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi Stefan,

Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?

Thanks,
Sandeep.

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, May 9, 2023 10:01 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/9/23 08:06, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi Stefan,
>
> Thanks for the help.
>
> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?

TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:

meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
meta-security/meta-tpm/recipes-tpm2/tpm2-tss
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb

Intel: https://github.com/tpm2-software/tpm2-tss#overview
IBM: https://github.com/kgoldman/ibmtss

    Stefan

>
> Thanks,
> Sandeep.
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Saturday, May 6, 2023 2:08 AM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
>
> On 5/5/23 13:36, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> I have these options set in
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-
>> k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>
>> CONFIG_HW_RANDOM=y
>> CONFIG_HW_RANDOM_TPM=y
>> CONFIG_TCG_TPM=y
>> CONFIG_TCG_TIS_CORE=y
>> CONFIG_TCG_TIS=y
>> CONFIG_TCG_TIS_SPI=y
>> CONFIG_TCG_TIS_I2C=y
>> CONFIG_SECURITYFS=y
>
>
> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>
> As long as these symbols are built into the kernel it should work:
>
>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>> tpm_tis_i2c_remove
>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>> 8056323c t tpm_tis_i2c_write_bytes
>> 80563334 t tpm_tis_i2c_verify_crc
>> 805633e0 t tpm_tis_i2c_read_bytes
>> 80563604 t tpm_tis_i2c_probe
>> 80d23964 t tpm_tis_i2c_driver_init
>
>>
>> and in
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-
>> k ernel/linux/linux-aspeed.inc I have these,
>>
>> SRC_URI += " \
>>                file://defconfig \
>>                file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
>>                file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
>>                ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
>>                ${@bb.utils.contains_any('DISTRO_FEATURES', \
>>                   'obmc-static-norootfs obmc-ubi-fs', \
>>                   'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
>>              "
>>
>> Anything else needs to be done to enable TPM ?
>
> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>
>      Stefan
>
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Friday, May 5, 2023 9:41 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>> "External email. Open with Caution"
>>
>> I enable the following kernel build options for OpenBMC Linux kernel:
>>
>> CONFIG_TCG_TPM=y
>> CONFIG_TCG_TIS_CORE=y
>> CONFIG_TCG_TIS=y
>> CONFIG_TCG_TIS_I2C=y
>>
>> With swtpm running in another terminal:
>>
>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
>>
>> I start qemu built from qemu git master branch tip:
>>
>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>
>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
>> [   63.784256] tpm tpm0: starting up the TPM manually
>> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
>>
>> root@evb-ast2600:~# uname -a
>> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1
>> SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>
>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>> tpm_tis_i2c_remove
>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>> 8056323c t tpm_tis_i2c_write_bytes
>> 80563334 t tpm_tis_i2c_verify_crc
>> 805633e0 t tpm_tis_i2c_read_bytes
>> 80563604 t tpm_tis_i2c_probe
>> 80d23964 t tpm_tis_i2c_driver_init
>>
>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>> /sys/class/tpm/tpm0
>>
>> root@evb-ast2600:~# ls -l /dev/tpm*
>> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
>> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
>>
>> root@evb-ast2600:~# find /sys/ | grep pcr
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-b
>> u
>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-b
>> u
>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>> [... lots more entries also for sha256, sha384, and sha512 ]
>>
>>
>>
>>
>> It seems to work as expected
>>
>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>> ZjQcmQRYFpfptBannerEnd
>>>
>>> TCS Confidential
>>>
>>>
>>> Hi Stefan,
>>>
>>> Please find below my answers inline.
>>>
>>> Thanks,
>>>
>>> Sandeep.
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Friday, May 5, 2023 6:56 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>
>>>    >   TCS Confidential
>>>
>>>    >
>>>
>>>    > Hi Stefan,
>>>
>>>    >
>>>
>>>    > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    > Ans:
>>>
>>>    >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>
>>>    >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
>>> SMP
>>>
>>>    > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>
>>>    >
>>>
>>>    > Stefan:  What is the output of this?  find /sys/class/tpm |
>>> grep pcr
>>>
>>>    > Ams:     find: /sys/class/tpm: No such file or directory.
>>>
>>>    >
>>>
>>>    > Could you please point to the right version of kernel which has all these changes ?
>>>
>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>
>>> Does this show any files?
>>>
>>> find /sys | grep pcr
>>>
>>> *Sandeep: It doesn't show any files. *
>>>
>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>
>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>> Output as below, *
>>>
>>> **
>>>
>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>
>>> *ls: /dev/tpm*: No such file or directory*
>>>
>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>
>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
>>> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
>>> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>> -SYSVINIT
>>> default-hierarchy=unified)*
>>>
>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e*
>>>
>>> *root@evb-ast2600:~#*
>>>
>>>        Stefan
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > Thanks,
>>>
>>>    > Sandeep.
>>>
>>>    >
>>>
>>>    > -----Original Message-----
>>>
>>>    > From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    > Sent: Thursday, May 4, 2023 7:30 PM
>>>
>>>    > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on Qemu
>>>
>>>    >
>>>
>>>    > "External email. Open with Caution"
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>
>>>    >> TCS Confidential Hi C, I was able to build and run the
>>> image(for
>>>
>>>    >> evb-ast2600) with swtpm. Few issues observed, If I run with
>>> the
>>>
>>>    >> flash. img provided in your github link(https: //github.
>>>
>>>    >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >> TCS Confidential
>>>
>>>    >>
>>>
>>>    >> Hi C,
>>>
>>>    >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>
>>>    >> Few issues observed,
>>>
>>>    >>
>>>
>>>    >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>>>
>>>    >>
>>>
>>>    >> *# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>> rev-id
>>>
>>>    >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>> device
>>>
>>>    >> tpm_tis_i2c at 0x2e*
>>>
>>>    >> *#*
>>>
>>>    >> *#*
>>>
>>>    >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>
>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>
>>>    >> *#*
>>>
>>>    >> *#*
>>>
>>>    >>
>>>
>>>    >>   2. If I run it with the locally built image, I get this error,
>>>
>>>    >
>>>
>>>    > Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>
>>>
>>>    >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >> tpm_tis_i2c at 0x2e*
>>>
>>>    >
>>>
>>>    > What is the output of this?
>>>
>>>    >
>>>
>>>    > find /sys/class/tpm | grep pcr
>>>
>>>    >
>>>
>>>    >     Stefan
>>>
>>>    >
>>>
>>>    >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such
>>> file or
>>>
>>>    >> directory*
>>>
>>>    >> *root@evb-ast2600:~#*
>>>
>>>    >> *root@evb-ast2600:~#*
>>>
>>>    >> Please do let me know about what has been done to write the
>>> values
>>>
>>>    >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>
>>>    >> _____________________________________________
>>>
>>>    >> *From:* Sandeep Kumar
>>>
>>>    >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>
>>>    >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>>>
>>>    >> Ninad Palsule <ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
>>> <mailto:jms@jms.id.au>>;
>>>
>>>    >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>> OpenBMC on
>>>
>>>    >> Qemu Hi C, How to build this image =>
>>>
>>>    >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>>>
>>>    >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>
>>>    >> Please advise if we have to build openbmc stack in a different
>>> way
>>>
>>>    >> than the standard procedure. We follow the below steps for build, 1. .
>>>
>>>    >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Sandeep Kumar
>>>
>>>    >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>
>>>    >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>> Ninad
>>>
>>>    >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>;
>>> Joel
>>>
>>>    >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>
>>>    >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>> supported on
>>>
>>>    >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>
>>>    >> Thanks,
>>>
>>>    >> Sandeep.
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>>>
>>>    >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>
>>>    >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>>
>>>    >> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule
>>> <ninad@linux.ibm.com
>>>
>>>    >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
>>> <andrew@aj.id.au
>>>
>>>    >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>>>
>>>    >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu "External email. Open with Caution"
>>>
>>>    >> Hello Sandeep
>>>
>>>    >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>
>>>    >>> TCS Confidential
>>>
>>>    >>>
>>>
>>>    >>> Hi C,
>>>
>>>    >>> Built the qemu from your branch. Few issues, *$
>>> ./qemu-system-arm -m
>>>
>>>    >>> 256 -M romulus-bmc -nographic -drive
>>>
>>>    >>>
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>> -net
>>>
>>>    >>> nic -net
>>>
>>>    >>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>
>>>    >>> d
>>>
>>>    >>> =
>>>
>>>    >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>> 1
>>>
>>>    >>> 2
>>>
>>>    >>>
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>
>>>    >>> *qemu-system-arm: -net
>>>
>>>    >>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>
>>>    >>> d
>>>
>>>    >>> =
>>>
>>>    >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>> 1
>>>
>>>    >>> 2
>>>
>>>    >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>
>>>    >>> network backend 'user' is not compiled into this binary* I
>>> didn’t
>>>
>>>    >>> enable the slirp package I guess. So enabled it while running
>>>
>>>    >>> configure, *$ ../configure --enable-slirp*
>>>
>>>    >>> *........*
>>>
>>>    >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>
>>>    >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,
>>> tried
>>>
>>>    >>> pkgconfig* *A full log can be found at
>>>
>>>    >>>
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>>
>>>    >>> m
>>>
>>>    >>> e
>>>
>>>    >>> son-log.txt*
>>>
>>>    >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>>
>>>    >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>
>>>    >>> *ERROR: meson setup failed*
>>>
>>>    >>> I have already installed slirp locally, but still getting the above error.
>>>
>>>    >> Did you install the libslirp-dev or libslirp-devel package ?
>>>
>>>    >> C.
>>>
>>>    >>
>>>
>>>    >> TCS Confidential
>>>
>>>    >>
>>>
>>>    >> =====-----=====-----=====
>>>
>>>    >> Notice: The information contained in this e-mail message
>>> and/or
>>>
>>>    >> attachments to it may contain confidential or privileged information.
>>>
>>>    >> If you are not the intended recipient, any dissemination, use,
>>>
>>>    >> review, distribution, printing or copying of the information
>>>
>>>    >> contained in this e-mail message and/or attachments to it are
>>>
>>>    >> strictly prohibited. If you have received this communication
>>> in
>>>
>>>    >> error, please notify us by reply e-mail or telephone and
>>> immediately
>>>
>>>    >> and permanently delete the message and any attachments. Thank
>>> you
>>>
>>>    >>
>>>
>>>    >
>>>
>>>    >   TCS Confidential
>>>
>>>
>>> TCS Confidential
>>>
>>
>>    TCS Confidential
>
>   TCS Confidential

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/17/23 13:13, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
> 

There are quite a few commands in u-boot:


ast# tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

device [num device]
     Show all devices or set the specified device
info
     Show information about the TPM.
state
     Show internal state from the TPM (if available)
init
     Initialize the software stack. Always the first command to issue.
startup <mode>
     Issue a TPM2_Startup command.
     <mode> is one of:
         * TPM2_SU_CLEAR (reset state)
         * TPM2_SU_STATE (preserved state)
self_test <type>
     Test the TPM capabilities.
     <type> is one of:
         * full (perform all tests)
         * continue (only check untested tests)
clear <hierarchy>
     Issue a TPM2_Clear command.
     <hierarchy> is one of:
         * TPM2_RH_LOCKOUT
         * TPM2_RH_PLATFORM
pcr_extend <pcr> <digest_addr>
     Extend PCR #<pcr> with digest at <digest_addr>.
     <pcr>: index of the PCR
     <digest_addr>: address of a 32-byte SHA256 digest
pcr_read <pcr> <digest_addr>
     Read PCR #<pcr> to memory address <digest_addr>.
     <pcr>: index of the PCR
     <digest_addr>: address to store the a 32-byte SHA256 digest
get_capability <capability> <property> <addr> <count>
     Read and display <count> entries indexed by <capability>/<property>.
     Values are 4 bytes long and are written at <addr>.
     <capability>: capability
     <property>: property
     <addr>: address to store <count> entries of 4 bytes
     <count>: number of entries to retrieve
dam_reset [<password>]
     If the TPM is not in a LOCKOUT state, reset the internal error counter.
     <password>: optional password
dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]
     If the TPM is not in a LOCKOUT state, set the DAM parameters
     <maxTries>: maximum number of failures before lockout,
                 0 means always locking
     <recoveryTime>: time before decrement of the error counter,
                     0 means no lockout
     <lockoutRecovery>: time of a lockout (before the next try),
                        0 means a reboot is needed
     <password>: optional password of the LOCKOUT hierarchy
change_auth <hierarchy> <new_pw> [<old_pw>]
     <hierarchy>: the hierarchy
     <new_pw>: new password for <hierarchy>
     <old_pw>: optional previous password of <hierarchy>
pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
     Change the <key> to access PCR #<pcr>.
     hierarchy and may be empty.
     /!\WARNING: untested function, use at your own risks !
     <pcr>: index of the PCR
     <key>: secret to protect the access of PCR #<pcr>
     <password>: optional password of the PLATFORM hierarchy

Regards,
    Stefan

> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Tuesday, May 9, 2023 10:01 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> On 5/9/23 08:06, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> Thanks for the help.
>>
>> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
> 
> TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
> 
> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
> 
> Intel: https://github.com/tpm2-software/tpm2-tss#overview
> IBM: https://github.com/kgoldman/ibmtss
> 
>      Stefan
> 
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Saturday, May 6, 2023 2:08 AM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>>
>> "External email. Open with Caution"
>>
>>
>> On 5/5/23 13:36, Sandeep Kumar wrote:
>>>     TCS Confidential
>>>
>>> Hi Stefan,
>>>
>>> I have these options set in
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-
>>> k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>>
>>> CONFIG_HW_RANDOM=y
>>> CONFIG_HW_RANDOM_TPM=y
>>> CONFIG_TCG_TPM=y
>>> CONFIG_TCG_TIS_CORE=y
>>> CONFIG_TCG_TIS=y
>>> CONFIG_TCG_TIS_SPI=y
>>> CONFIG_TCG_TIS_I2C=y
>>> CONFIG_SECURITYFS=y
>>
>>
>> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>
>> As long as these symbols are built into the kernel it should work:
>>
>>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>>> tpm_tis_i2c_remove
>>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>> 8056323c t tpm_tis_i2c_write_bytes
>>> 80563334 t tpm_tis_i2c_verify_crc
>>> 805633e0 t tpm_tis_i2c_read_bytes
>>> 80563604 t tpm_tis_i2c_probe
>>> 80d23964 t tpm_tis_i2c_driver_init
>>
>>>
>>> and in
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes-
>>> k ernel/linux/linux-aspeed.inc I have these,
>>>
>>> SRC_URI += " \
>>>                 file://defconfig \
>>>                 file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \
>>>                 file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \
>>>                 ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \
>>>                 ${@bb.utils.contains_any('DISTRO_FEATURES', \
>>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \
>>>               "
>>>
>>> Anything else needs to be done to enable TPM ?
>>
>> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>
>>       Stefan
>>
>>>
>>> Thanks,
>>> Sandeep.
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Friday, May 5, 2023 9:41 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> I enable the following kernel build options for OpenBMC Linux kernel:
>>>
>>> CONFIG_TCG_TPM=y
>>> CONFIG_TCG_TIS_CORE=y
>>> CONFIG_TCG_TIS=y
>>> CONFIG_TCG_TIS_I2C=y
>>>
>>> With swtpm running in another terminal:
>>>
>>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
>>>
>>> I start qemu built from qemu git master branch tip:
>>>
>>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>
>>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
>>> [   63.784256] tpm tpm0: starting up the TPM manually
>>> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
>>>
>>> root@evb-ast2600:~# uname -a
>>> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa #1
>>> SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>>
>>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>>> tpm_tis_i2c_remove
>>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>> 8056323c t tpm_tis_i2c_write_bytes
>>> 80563334 t tpm_tis_i2c_verify_crc
>>> 805633e0 t tpm_tis_i2c_read_bytes
>>> 80563604 t tpm_tis_i2c_probe
>>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>> /sys/class/tpm/tpm0
>>>
>>> root@evb-ast2600:~# ls -l /dev/tpm*
>>> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
>>> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
>>>
>>> root@evb-ast2600:~# find /sys/ | grep pcr
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-b
>>> u
>>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-b
>>> u
>>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>> [... lots more entries also for sha256, sha384, and sha512 ]
>>>
>>>
>>>
>>>
>>> It seems to work as expected
>>>
>>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>> ZjQcmQRYFpfptBannerEnd
>>>>
>>>> TCS Confidential
>>>>
>>>>
>>>> Hi Stefan,
>>>>
>>>> Please find below my answers inline.
>>>>
>>>> Thanks,
>>>>
>>>> Sandeep.
>>>>
>>>> -----Original Message-----
>>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>>> Sent: Friday, May 5, 2023 6:56 PM
>>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>>> <andrew@aj.id.au>
>>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>>> Qemu
>>>>
>>>> "External email. Open with Caution"
>>>>
>>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>>
>>>>     >   TCS Confidential
>>>>
>>>>     >
>>>>
>>>>     > Hi Stefan,
>>>>
>>>>     >
>>>>
>>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>>
>>>>     > Ans:
>>>>
>>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>>
>>>>     >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
>>>> SMP
>>>>
>>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>>
>>>>     >
>>>>
>>>>     > Stefan:  What is the output of this?  find /sys/class/tpm |
>>>> grep pcr
>>>>
>>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>>>
>>>>     >
>>>>
>>>>     > Could you please point to the right version of kernel which has all these changes ?
>>>>
>>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>>
>>>> Does this show any files?
>>>>
>>>> find /sys | grep pcr
>>>>
>>>> *Sandeep: It doesn't show any files. *
>>>>
>>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>>
>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>> tpm_tis_i2c at 0x2e*
>>>>
>>>> *root@evb-ast2600:~#*
>>>>
>>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>>
>>>> *root@evb-ast2600:~#*
>>>>
>>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>>
>>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>>> Output as below, *
>>>>
>>>> **
>>>>
>>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>>
>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>> tpm_tis_i2c at 0x2e*
>>>>
>>>> *root@evb-ast2600:~#*
>>>>
>>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>>
>>>> *root@evb-ast2600:~#*
>>>>
>>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>>
>>>> *ls: /dev/tpm*: No such file or directory*
>>>>
>>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>>
>>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
>>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS
>>>> -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD
>>>> -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2
>>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>>> -SYSVINIT
>>>> default-hierarchy=unified)*
>>>>
>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>> tpm_tis_i2c at 0x2e*
>>>>
>>>> *root@evb-ast2600:~#*
>>>>
>>>>         Stefan
>>>>
>>>>     >
>>>>
>>>>     >
>>>>
>>>>     > Thanks,
>>>>
>>>>     > Sandeep.
>>>>
>>>>     >
>>>>
>>>>     > -----Original Message-----
>>>>
>>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>>> <mailto:stefanb@linux.ibm.com>>
>>>>
>>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>>>
>>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>>
>>>>     > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>>
>>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>>
>>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>>
>>>>     > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>>> on Qemu
>>>>
>>>>     >
>>>>
>>>>     > "External email. Open with Caution"
>>>>
>>>>     >
>>>>
>>>>     >
>>>>
>>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>>
>>>>     >> TCS Confidential Hi C, I was able to build and run the
>>>> image(for
>>>>
>>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run with
>>>> the
>>>>
>>>>     >> flash. img provided in your github link(https: //github.
>>>>
>>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>>
>>>>     >> ZjQcmQRYFpfptBannerEnd
>>>>
>>>>     >> TCS Confidential
>>>>
>>>>     >>
>>>>
>>>>     >> Hi C,
>>>>
>>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>>
>>>>     >> Few issues observed,
>>>>
>>>>     >>
>>>>
>>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>>) everything works as expected, i.e I get the below output.
>>>>
>>>>     >>
>>>>
>>>>     >> *# echo tpm_tis_i2c 0x2e >
>>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>>
>>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>>> rev-id
>>>>
>>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>>> device
>>>>
>>>>     >> tpm_tis_i2c at 0x2e*
>>>>
>>>>     >> *#*
>>>>
>>>>     >> *#*
>>>>
>>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>>
>>>>     >>
>>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>>
>>>>     >> *#*
>>>>
>>>>     >> *#*
>>>>
>>>>     >>
>>>>
>>>>     >>   2. If I run it with the locally built image, I get this error,
>>>>
>>>>     >
>>>>
>>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>>>
>>>>     >>
>>>>
>>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>>
>>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>>
>>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>>>>
>>>>     >> tpm_tis_i2c at 0x2e*
>>>>
>>>>     >
>>>>
>>>>     > What is the output of this?
>>>>
>>>>     >
>>>>
>>>>     > find /sys/class/tpm | grep pcr
>>>>
>>>>     >
>>>>
>>>>     >     Stefan
>>>>
>>>>     >
>>>>
>>>>     >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>>
>>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such
>>>> file or
>>>>
>>>>     >> directory*
>>>>
>>>>     >> *root@evb-ast2600:~#*
>>>>
>>>>     >> *root@evb-ast2600:~#*
>>>>
>>>>     >> Please do let me know about what has been done to write the
>>>> values
>>>>
>>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>>
>>>>     >> _____________________________________________
>>>>
>>>>     >> *From:* Sandeep Kumar
>>>>
>>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>>
>>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>>;
>>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>;
>>>>
>>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au
>>>> <mailto:jms@jms.id.au>>;
>>>>
>>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>>
>>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>>> OpenBMC on
>>>>
>>>>     >> Qemu Hi C, How to build this image =>
>>>>
>>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>>>>
>>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>>
>>>>     >> Please advise if we have to build openbmc stack in a different
>>>> way
>>>>
>>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>>>
>>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>>
>>>>     >> -----Original Message-----
>>>>
>>>>     >> From: Sandeep Kumar
>>>>
>>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>>
>>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;
>>>>
>>>>     >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
>>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>>> Ninad
>>>>
>>>>     >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
>>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>;
>>>> Joel
>>>>
>>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>>
>>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>
>>>>
>>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC
>>>> on
>>>>
>>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>>> supported on
>>>>
>>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>>
>>>>     >> Thanks,
>>>>
>>>>     >> Sandeep.
>>>>
>>>>     >> -----Original Message-----
>>>>
>>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>
>>>>
>>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>>
>>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>>
>>>>     >> <mailto:sandeep.pkumar@tcs.com
>>>> <mailto:sandeep.pkumar@tcs.com>>>;
>>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>>>
>>>>     >> <mailto:openbmc@lists.ozlabs.org
>>>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule
>>>> <ninad@linux.ibm.com
>>>>
>>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>>>> Joel Stanley <jms@jms.id.au
>>>>
>>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>; Andrew Jeffery
>>>> <andrew@aj.id.au
>>>>
>>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au>>>
>>>>
>>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>>> on
>>>>
>>>>     >> Qemu "External email. Open with Caution"
>>>>
>>>>     >> Hello Sandeep
>>>>
>>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>>
>>>>     >>> TCS Confidential
>>>>
>>>>     >>>
>>>>
>>>>     >>> Hi C,
>>>>
>>>>     >>> Built the qemu from your branch. Few issues, *$
>>>> ./qemu-system-arm -m
>>>>
>>>>     >>> 256 -M romulus-bmc -nographic -drive
>>>>
>>>>     >>>
>>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>>> -net
>>>>
>>>>     >>> nic -net
>>>>
>>>>     >>>
>>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>>
>>>>     >>> d
>>>>
>>>>     >>> =
>>>>
>>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>>
>>>>     >>> 1
>>>>
>>>>     >>> 2
>>>>
>>>>     >>>
>>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>>
>>>>     >>> *qemu-system-arm: -net
>>>>
>>>>     >>>
>>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>>>
>>>>     >>> d
>>>>
>>>>     >>> =
>>>>
>>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>>
>>>>     >>> 1
>>>>
>>>>     >>> 2
>>>>
>>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>>
>>>>     >>> network backend 'user' is not compiled into this binary* I
>>>> didn’t
>>>>
>>>>     >>> enable the slirp package I guess. So enabled it while running
>>>>
>>>>     >>> configure, *$ ../configure --enable-slirp*
>>>>
>>>>     >>> *........*
>>>>
>>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>>
>>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,
>>>> tried
>>>>
>>>>     >>> pkgconfig* *A full log can be found at
>>>>
>>>>     >>>
>>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>>>
>>>>     >>> m
>>>>
>>>>     >>> e
>>>>
>>>>     >>> son-log.txt*
>>>>
>>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>>>
>>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>>
>>>>     >>> *ERROR: meson setup failed*
>>>>
>>>>     >>> I have already installed slirp locally, but still getting the above error.
>>>>
>>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>>>
>>>>     >> C.
>>>>
>>>>     >>
>>>>
>>>>     >> TCS Confidential
>>>>
>>>>     >>
>>>>
>>>>     >> =====-----=====-----=====
>>>>
>>>>     >> Notice: The information contained in this e-mail message
>>>> and/or
>>>>
>>>>     >> attachments to it may contain confidential or privileged information.
>>>>
>>>>     >> If you are not the intended recipient, any dissemination, use,
>>>>
>>>>     >> review, distribution, printing or copying of the information
>>>>
>>>>     >> contained in this e-mail message and/or attachments to it are
>>>>
>>>>     >> strictly prohibited. If you have received this communication
>>>> in
>>>>
>>>>     >> error, please notify us by reply e-mail or telephone and
>>>> immediately
>>>>
>>>>     >> and permanently delete the message and any attachments. Thank
>>>> you
>>>>
>>>>     >>
>>>>
>>>>     >
>>>>
>>>>     >   TCS Confidential
>>>>
>>>>
>>>> TCS Confidential
>>>>
>>>
>>>     TCS Confidential
>>
>>    TCS Confidential
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

[-- Attachment #1: Type: text/plain, Size: 32322 bytes --]

TCS Confidential


Hi Stefan,



Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.



  gcc  -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include -O2 -pipe -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib                         -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib                         -Wl,--enable-new-dtags                         -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib                         -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib                         -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib                         -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o tools/fit_common.o tools/fit_image.o tools/common/image-fit.o tools/image-host.o tools/common/image.o tools/imagetool.o tools/imximage.o tools/imx8image.o tools/imx8mimage.o tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o tools/mxsimage.o tools/omapimage.o tools/os_support.o tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o tools/common/hash.o tools/ublimage.o tools/zynqimage.o tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o tools/fit_check_sign.o  -lssl -lcrypto

/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':

image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'

/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'

collect2: error: ld returned 1 exit status

make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1



Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?



-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Thursday, May 18, 2023 5:10 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu



"External email. Open with Caution"





On 5/17/23 13:13, Sandeep Kumar wrote:

>   TCS Confidential

>

> Hi Stefan,

>

> Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?

>



There are quite a few commands in u-boot:





ast# tpm2

tpm2 - Issue a TPMv2.x command



Usage:

tpm2 <command> [<arguments>]



device [num device]

     Show all devices or set the specified device info

     Show information about the TPM.

state

     Show internal state from the TPM (if available) init

     Initialize the software stack. Always the first command to issue.

startup <mode>

     Issue a TPM2_Startup command.

     <mode> is one of:

         * TPM2_SU_CLEAR (reset state)

         * TPM2_SU_STATE (preserved state) self_test <type>

     Test the TPM capabilities.

     <type> is one of:

         * full (perform all tests)

         * continue (only check untested tests) clear <hierarchy>

     Issue a TPM2_Clear command.

     <hierarchy> is one of:

         * TPM2_RH_LOCKOUT

         * TPM2_RH_PLATFORM

pcr_extend <pcr> <digest_addr>

     Extend PCR #<pcr> with digest at <digest_addr>.

     <pcr>: index of the PCR

     <digest_addr>: address of a 32-byte SHA256 digest pcr_read <pcr> <digest_addr>

     Read PCR #<pcr> to memory address <digest_addr>.

    <pcr>: index of the PCR

     <digest_addr>: address to store the a 32-byte SHA256 digest get_capability <capability> <property> <addr> <count>

     Read and display <count> entries indexed by <capability>/<property>.

     Values are 4 bytes long and are written at <addr>.

     <capability>: capability

     <property>: property

     <addr>: address to store <count> entries of 4 bytes

     <count>: number of entries to retrieve dam_reset [<password>]

     If the TPM is not in a LOCKOUT state, reset the internal error counter.

     <password>: optional password

dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]

     If the TPM is not in a LOCKOUT state, set the DAM parameters

     <maxTries>: maximum number of failures before lockout,

                 0 means always locking

     <recoveryTime>: time before decrement of the error counter,

                     0 means no lockout

     <lockoutRecovery>: time of a lockout (before the next try),

                        0 means a reboot is needed

     <password>: optional password of the LOCKOUT hierarchy change_auth <hierarchy> <new_pw> [<old_pw>]

     <hierarchy>: the hierarchy

     <new_pw>: new password for <hierarchy>

     <old_pw>: optional previous password of <hierarchy> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]

     Change the <key> to access PCR #<pcr>.

     hierarchy and may be empty.

     /!\WARNING: untested function, use at your own risks !

     <pcr>: index of the PCR

     <key>: secret to protect the access of PCR #<pcr>

     <password>: optional password of the PLATFORM hierarchy



Regards,

    Stefan



> Thanks,

> Sandeep.

>

> -----Original Message-----

> From: Stefan Berger <stefanb@linux.ibm.com<mailto:stefanb@linux.ibm.com>>

> Sent: Tuesday, May 9, 2023 10:01 PM

> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

> <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule

> <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery

> <andrew@aj.id.au<mailto:andrew@aj.id.au>>

> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

>

> "External email. Open with Caution"

>

>

> On 5/9/23 08:06, Sandeep Kumar wrote:

>>    TCS Confidential

>>

>> Hi Stefan,

>>

>> Thanks for the help.

>>

>> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?

>

> TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:

>

> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss

> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss

> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-1

> 2-Makefile.am-expand-wildcards-in-prereqs.patch

> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb

> meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine

> meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.

> 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss

> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss

> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.

> patch meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb

>

> Intel: https://github.com/tpm2-software/tpm2-tss#overview

> IBM: https://github.com/kgoldman/ibmtss

>

>      Stefan

>

>>

>> Thanks,

>> Sandeep.

>>

>> -----Original Message-----

>> From: Stefan Berger <stefanb@linux.ibm.com<mailto:stefanb@linux.ibm.com>>

>> Sent: Saturday, May 6, 2023 2:08 AM

>> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

>> <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule

>> <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery

>> <andrew@aj.id.au<mailto:andrew@aj.id.au>>

>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on

>> Qemu

>>

>> "External email. Open with Caution"

>>

>>

>> On 5/5/23 13:36, Sandeep Kumar wrote:

>>>     TCS Confidential

>>>

>>> Hi Stefan,

>>>

>>> I have these options set in

>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes

>>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg

>>>

>>> CONFIG_HW_RANDOM=y

>>> CONFIG_HW_RANDOM_TPM=y

>>> CONFIG_TCG_TPM=y

>>> CONFIG_TCG_TIS_CORE=y

>>> CONFIG_TCG_TIS=y

>>> CONFIG_TCG_TIS_SPI=y

>>> CONFIG_TCG_TIS_I2C=y

>>> CONFIG_SECURITYFS=y

>>

>>

>> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.

>>

>> As long as these symbols are built into the kernel it should work:

>>

>>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t

>>> tpm_tis_i2c_remove

>>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack

>>> 8056323c t tpm_tis_i2c_write_bytes

>>> 80563334 t tpm_tis_i2c_verify_crc

>>> 805633e0 t tpm_tis_i2c_read_bytes

>>> 80563604 t tpm_tis_i2c_probe

>>> 80d23964 t tpm_tis_i2c_driver_init

>>

>>>

>>> and in

>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes

>>> - k ernel/linux/linux-aspeed.inc I have these,

>>>

>>> SRC_URI += " \

>>>                 file://defconfig \

>>>                 file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd \

>>>                 file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e \

>>>                 ${@bb.utils.contains('MACHINE_FEATURES<mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg', '', d)} \

>>>                 ${@bb.utils.contains_any('DISTRO_FEATURES<mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \

>>>                    'obmc-static-norootfs obmc-ubi-fs', \

>>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg', '', d)} \

>>>               "

>>>

>>> Anything else needs to be done to enable TPM ?

>>

>> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.

>>

>>       Stefan

>>

>>>

>>> Thanks,

>>> Sandeep.

>>>

>>> -----Original Message-----

>>> From: Stefan Berger <stefanb@linux.ibm.com<mailto:stefanb@linux.ibm.com>>

>>> Sent: Friday, May 5, 2023 9:41 PM

>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

>>> <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule

>>> <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery

>>> <andrew@aj.id.au<mailto:andrew@aj.id.au>>

>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on

>>> Qemu

>>>

>>> "External email. Open with Caution"

>>>

>>> I enable the following kernel build options for OpenBMC Linux kernel:

>>>

>>> CONFIG_TCG_TPM=y

>>> CONFIG_TCG_TIS_CORE=y

>>> CONFIG_TCG_TIS=y

>>> CONFIG_TCG_TIS_I2C=y

>>>

>>> With swtpm running in another terminal:

>>>

>>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done

>>>

>>> I start qemu built from qemu git master branch tip:

>>>

>>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd     -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e

>>>

>>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device

>>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)

>>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test

>>> [   63.784256] tpm tpm0: starting up the TPM manually

>>> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e

>>>

>>> root@evb-ast2600:~# uname -a

>>> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa

>>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux

>>>

>>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t

>>> tpm_tis_i2c_remove

>>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack

>>> 8056323c t tpm_tis_i2c_write_bytes

>>> 80563334 t tpm_tis_i2c_verify_crc

>>> 805633e0 t tpm_tis_i2c_read_bytes

>>> 80563604 t tpm_tis_i2c_probe

>>> 80d23964 t tpm_tis_i2c_driver_init

>>>

>>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm

>>> /sys/class/tpm/tpm0

>>>

>>> root@evb-ast2600:~# ls -l /dev/tpm*

>>> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0

>>> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0

>>>

>>> root@evb-ast2600:~# find /sys/ | grep pcr

>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-

>>> b

>>> u

>>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1

>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-

>>> b

>>> u

>>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17

>>> [... lots more entries also for sha256, sha384, and sha512 ]

>>>

>>>

>>>

>>>

>>> It seems to work as expected

>>>

>>> On 5/5/23 11:08, Sandeep Kumar wrote:

>>>> TCS Confidential Hi Stefan, Please find below my answers inline.

>>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger

>>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:

>>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.

>>>> ZjQcmQRYFpfptBannerEnd

>>>>

>>>> TCS Confidential

>>>>

>>>>

>>>> Hi Stefan,

>>>>

>>>> Please find below my answers inline.

>>>>

>>>> Thanks,

>>>>

>>>> Sandeep.

>>>>

>>>> -----Original Message-----

>>>> From: Stefan Berger <stefanb@linux.ibm.com<mailto:stefanb@linux.ibm.com>>

>>>> Sent: Friday, May 5, 2023 6:56 PM

>>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com<mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

>>>> <clg@kaod.org<mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>; Ninad Palsule

>>>> <ninad@linux.ibm.com<mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au<mailto:jms@jms.id.au>>; Andrew Jeffery

>>>> <andrew@aj.id.au<mailto:andrew@aj.id.au>>

>>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on

>>>> Qemu

>>>>

>>>> "External email. Open with Caution"

>>>>

>>>> On 5/5/23 01:40, Sandeep Kumar wrote:

>>>>

>>>>     >   TCS Confidential

>>>>

>>>>     >

>>>>

>>>>     > Hi Stefan,

>>>>

>>>>     >

>>>>

>>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?

>>>>

>>>>     > Ans:

>>>>

>>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.

>>>>

>>>>     >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1

>>>> SMP

>>>>

>>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux

>>>>

>>>>     >

>>>>

>>>>     > Stefan:  What is the output of this?  find /sys/class/tpm |

>>>> grep pcr

>>>>

>>>>     > Ams:     find: /sys/class/tpm: No such file or directory.

>>>>

>>>>     >

>>>>

>>>>     > Could you please point to the right version of kernel which has all these changes ?

>>>>

>>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.

>>>>

>>>> Does this show any files?

>>>>

>>>> find /sys | grep pcr

>>>>

>>>> *Sandeep: It doesn't show any files. *

>>>>

>>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >

>>>> /sys/bus/i2c/devices/i2c-12/new_device*

>>>>

>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device

>>>> tpm_tis_i2c at 0x2e*

>>>>

>>>> *root@evb-ast2600:~#*

>>>>

>>>> *root@evb-ast2600:~# find /sys | grep pcr*

>>>>

>>>> *root@evb-ast2600:~#*

>>>>

>>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?

>>>>

>>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.

>>>> Output as below, *

>>>>

>>>> **

>>>>

>>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >

>>>> /sys/bus/i2c/devices/i2c-12/new_device*

>>>>

>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device

>>>> tpm_tis_i2c at 0x2e*

>>>>

>>>> *root@evb-ast2600:~#*

>>>>

>>>> *root@evb-ast2600:~# find /sys | grep pcr*

>>>>

>>>> *root@evb-ast2600:~#*

>>>>

>>>> *root@evb-ast2600:~# ls /dev/tpm**

>>>>

>>>> *ls: /dev/tpm*: No such file or directory*

>>>>

>>>> *root@evb-ast2600:~# dmesg | grep -i tpm*

>>>>

>>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode

>>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT

>>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN

>>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT

>>>> -QRENCODE -TPM2

>>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP

>>>> -SYSVINIT

>>>> default-hierarchy=unified)*

>>>>

>>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device

>>>> tpm_tis_i2c at 0x2e*

>>>>

>>>> *root@evb-ast2600:~#*

>>>>

>>>>         Stefan

>>>>

>>>>     >

>>>>

>>>>     >

>>>>

>>>>     > Thanks,

>>>>

>>>>     > Sandeep.

>>>>

>>>>     >

>>>>

>>>>     > -----Original Message-----

>>>>

>>>>     > From: Stefan Berger <stefanb@linux.ibm.com

>>>> <mailto:stefanb@linux.ibm.com>>

>>>>

>>>>     > Sent: Thursday, May 4, 2023 7:30 PM

>>>>

>>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com

>>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater

>>>>

>>>>     > <clg@kaod.org <mailto:clg@kaod.org<mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;

>>>> openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org>; Ninad

>>>> Palsule

>>>>

>>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com<mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel

>>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au<mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery

>>>>

>>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au<mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>

>>>>

>>>>     > Subject: Re: Integrating swtpm(as a software TPM) with

>>>> OpenBMC on Qemu

>>>>

>>>>     >

>>>>

>>>>     > "External email. Open with Caution"

>>>>

>>>>     >

>>>>

>>>>     >

>>>>

>>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:

>>>>

>>>>     >> TCS Confidential Hi C, I was able to build and run the

>>>> image(for

>>>>

>>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run with

>>>> the

>>>>

>>>>     >> flash. img provided in your github link(https: //github.

>>>>

>>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.

>>>>

>>>>     >> ZjQcmQRYFpfptBannerEnd

>>>>

>>>>     >> TCS Confidential

>>>>

>>>>     >>

>>>>

>>>>     >> Hi C,

>>>>

>>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.

>>>>

>>>>     >> Few issues observed,

>>>>

>>>>     >>

>>>>

>>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images<https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.

>>>>

>>>>     >>

>>>>

>>>>     >> *# echo tpm_tis_i2c 0x2e >

>>>> /sys/bus/i2c/devices/i2c-12/new_device*

>>>>

>>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,

>>>> rev-id

>>>>

>>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated

>>>> device

>>>>

>>>>     >> tpm_tis_i2c at 0x2e*

>>>>

>>>>     >> *#*

>>>>

>>>>     >> *#*

>>>>

>>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*

>>>>

>>>>     >>

>>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*

>>>>

>>>>     >> *#*

>>>>

>>>>     >> *#*

>>>>

>>>>     >>

>>>>

>>>>     >>   2. If I run it with the locally built image, I get this error,

>>>>

>>>>     >

>>>>

>>>>     > Is the kernel configured in the same way? Are you using the same kernel version?

>>>>

>>>>     >>

>>>>

>>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >

>>>>

>>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*

>>>>

>>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated device

>>>>

>>>>     >> tpm_tis_i2c at 0x2e*

>>>>

>>>>     >

>>>>

>>>>     > What is the output of this?

>>>>

>>>>     >

>>>>

>>>>     > find /sys/class/tpm | grep pcr

>>>>

>>>>     >

>>>>

>>>>     >     Stefan

>>>>

>>>>     >

>>>>

>>>>     >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*

>>>>

>>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such

>>>> file or

>>>>

>>>>     >> directory*

>>>>

>>>>     >> *root@evb-ast2600:~#*

>>>>

>>>>     >> *root@evb-ast2600:~#*

>>>>

>>>>     >> Please do let me know about what has been done to write the

>>>> values

>>>>

>>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.

>>>>

>>>>     >> _____________________________________________

>>>>

>>>>     >> *From:* Sandeep Kumar

>>>>

>>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM

>>>>

>>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org<mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;

>>>> openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org>;

>>>>

>>>>     >> Ninad Palsule <ninad@linux.ibm.com

>>>> <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au

>>>> <mailto:jms@jms.id.au>>;

>>>>

>>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au<mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>

>>>>

>>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with

>>>> OpenBMC on

>>>>

>>>>     >> Qemu Hi C, How to build this image =>

>>>>

>>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.

>>>>

>>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .

>>>>

>>>>     >> Please advise if we have to build openbmc stack in a

>>>> different way

>>>>

>>>>     >> than the standard procedure. We follow the below steps for build, 1. .

>>>>

>>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.

>>>>

>>>>     >> -----Original Message-----

>>>>

>>>>     >> From: Sandeep Kumar

>>>>

>>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM

>>>>

>>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org

>>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>;

>>>>

>>>>     >> _openbmc@lists.ozlabs.org_<mailto:_openbmc@lists.ozlabs.org_>

>>>> <mailto:_openbmc@lists.ozlabs.org_>

>>>> <mailto:openbmc@lists.ozlabs.org

>>>> <mailto:openbmc@lists.ozlabs.org>>;

>>>> Ninad

>>>>

>>>>     >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com

>>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>;

>>>> Joel

>>>>

>>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au

>>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>; Andrew

>>>> Jeffery

>>>>

>>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au

>>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>

>>>>

>>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with

>>>> OpenBMC on

>>>>

>>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer

>>>> supported on

>>>>

>>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.

>>>>

>>>>     >> Thanks,

>>>>

>>>>     >> Sandeep.

>>>>

>>>>     >> -----Original Message-----

>>>>

>>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org

>>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>

>>>>

>>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM

>>>>

>>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com

>>>>

>>>>     >> <mailto:sandeep.pkumar@tcs.com

>>>> <mailto:sandeep.pkumar@tcs.com>>>;

>>>> openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org>

>>>>

>>>>     >> <mailto:openbmc@lists.ozlabs.org

>>>> <mailto:openbmc@lists.ozlabs.org>>; Ninad Palsule

>>>> <ninad@linux.ibm.com

>>>>

>>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com<mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;

>>>> Joel Stanley <jms@jms.id.au

>>>>

>>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au<mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew

>>>> Jeffery <andrew@aj.id.au

>>>>

>>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au<mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>

>>>>

>>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with

>>>> OpenBMC on

>>>>

>>>>     >> Qemu "External email. Open with Caution"

>>>>

>>>>     >> Hello Sandeep

>>>>

>>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:

>>>>

>>>>     >>> TCS Confidential

>>>>

>>>>     >>>

>>>>

>>>>     >>> Hi C,

>>>>

>>>>     >>> Built the qemu from your branch. Few issues, *$

>>>> ./qemu-system-arm -m

>>>>

>>>>     >>> 256 -M romulus-bmc -nographic -drive

>>>>

>>>>     >>>

>>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd

>>>> -net

>>>>

>>>>     >>> nic -net

>>>>

>>>>     >>>

>>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf

>>>> w

>>>>

>>>>     >>> d

>>>>

>>>>     >>> =

>>>>

>>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:

>>>>

>>>>     >>> 1

>>>>

>>>>     >>> 2

>>>>

>>>>     >>>

>>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*

>>>>

>>>>     >>> *qemu-system-arm: -net

>>>>

>>>>     >>>

>>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf

>>>> w

>>>>

>>>>     >>> d

>>>>

>>>>     >>> =

>>>>

>>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:

>>>>

>>>>     >>> 1

>>>>

>>>>     >>> 2

>>>>

>>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:

>>>>

>>>>     >>> network backend 'user' is not compiled into this binary* I

>>>> didn’t

>>>>

>>>>     >>> enable the slirp package I guess. So enabled it while

>>>> running

>>>>

>>>>     >>> configure, *$ ../configure --enable-slirp*

>>>>

>>>>     >>> *........*

>>>>

>>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*

>>>>

>>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,

>>>> tried

>>>>

>>>>     >>> pkgconfig* *A full log can be found at

>>>>

>>>>     >>>

>>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs

>>>> /

>>>>

>>>>     >>> m

>>>>

>>>>     >>> e

>>>>

>>>>     >>> son-log.txt*

>>>>

>>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting

>>>> with

>>>>

>>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*

>>>>

>>>>     >>> *ERROR: meson setup failed*

>>>>

>>>>     >>> I have already installed slirp locally, but still getting the above error.

>>>>

>>>>     >> Did you install the libslirp-dev or libslirp-devel package ?

>>>>

>>>>     >> C.

>>>>

>>>>     >>

>>>>

>>>>     >> TCS Confidential

>>>>

>>>>     >>

>>>>

>>>>     >> =====-----=====-----=====

>>>>

>>>>     >> Notice: The information contained in this e-mail message

>>>> and/or

>>>>

>>>>     >> attachments to it may contain confidential or privileged information.

>>>>

>>>>     >> If you are not the intended recipient, any dissemination,

>>>> use,

>>>>

>>>>     >> review, distribution, printing or copying of the information

>>>>

>>>>     >> contained in this e-mail message and/or attachments to it

>>>> are

>>>>

>>>>     >> strictly prohibited. If you have received this communication

>>>> in

>>>>

>>>>     >> error, please notify us by reply e-mail or telephone and

>>>> immediately

>>>>

>>>>     >> and permanently delete the message and any attachments.

>>>> Thank you

>>>>

>>>>     >>

>>>>

>>>>     >

>>>>

>>>>     >   TCS Confidential

>>>>

>>>>

>>>> TCS Confidential

>>>>

>>>

>>>     TCS Confidential

>>

>>    TCS Confidential

>

>   TCS Confidential


TCS Confidential

[-- Attachment #2: Type: text/html, Size: 88185 bytes --]

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/23/23 01:59, Sandeep Kumar wrote:

> 
> TCS Confidential

What is TCS Confidential ?

> 
> 
> Hi Stefan,
> 
> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
> 

When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.

     Stefan

>    gcc  -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include -O2 -pipe -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib                         -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib -Wl,--enable-new-dtags                         -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib 
>                  -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib                         -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib                         -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o tools/fit_common.o tools/fit_image.o tools/common/image-fit.o tools/image-host.o tools/common/image.o 
> tools/imagetool.o tools/imximage.o tools/imx8image.o tools/imx8mimage.o tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o tools/mxsimage.o tools/omapimage.o tools/os_support.o tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o tools/common/hash.o tools/ublimage.o tools/zynqimage.o tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o tools/fit_check_sign.o  -lssl -lcrypto
> 
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
> 
> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
> 
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
> 
> collect2: error: ld returned 1 exit status
> 
> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
> 
> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 18, 2023 5:10 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> On 5/17/23 13:13, Sandeep Kumar wrote:
> 
>  >   TCS Confidential
> 
>  >
> 
>  > Hi Stefan,
> 
>  >
> 
>  > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
> 
>  >
> 
> There are quite a few commands in u-boot:
> 
> ast# tpm2
> 
> tpm2 - Issue a TPMv2.x command
> 
> Usage:
> 
> tpm2 <command> [<arguments>]
> 
> device [num device]
> 
>       Show all devices or set the specified device info
> 
>       Show information about the TPM.
> 
> state
> 
>       Show internal state from the TPM (if available) init
> 
>       Initialize the software stack. Always the first command to issue.
> 
> startup <mode>
> 
>       Issue a TPM2_Startup command.
> 
>       <mode> is one of:
> 
>           * TPM2_SU_CLEAR (reset state)
> 
>           * TPM2_SU_STATE (preserved state) self_test <type>
> 
>       Test the TPM capabilities.
> 
>       <type> is one of:
> 
>           * full (perform all tests)
> 
>           * continue (only check untested tests) clear <hierarchy>
> 
>       Issue a TPM2_Clear command.
> 
>       <hierarchy> is one of:
> 
>           * TPM2_RH_LOCKOUT
> 
>           * TPM2_RH_PLATFORM
> 
> pcr_extend <pcr> <digest_addr>
> 
>       Extend PCR #<pcr> with digest at <digest_addr>.
> 
>       <pcr>: index of the PCR
> 
>       <digest_addr>: address of a 32-byte SHA256 digest pcr_read <pcr> <digest_addr>
> 
>       Read PCR #<pcr> to memory address <digest_addr>.
> 
>      <pcr>: index of the PCR
> 
>       <digest_addr>: address to store the a 32-byte SHA256 digest get_capability <capability> <property> <addr> <count>
> 
>       Read and display <count> entries indexed by <capability>/<property>.
> 
>       Values are 4 bytes long and are written at <addr>.
> 
>       <capability>: capability
> 
>       <property>: property
> 
>       <addr>: address to store <count> entries of 4 bytes
> 
>       <count>: number of entries to retrieve dam_reset [<password>]
> 
>       If the TPM is not in a LOCKOUT state, reset the internal error counter.
> 
>       <password>: optional password
> 
> dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]
> 
>       If the TPM is not in a LOCKOUT state, set the DAM parameters
> 
>       <maxTries>: maximum number of failures before lockout,
> 
>                   0 means always locking
> 
>       <recoveryTime>: time before decrement of the error counter,
> 
>                       0 means no lockout
> 
>       <lockoutRecovery>: time of a lockout (before the next try),
> 
>                          0 means a reboot is needed
> 
>       <password>: optional password of the LOCKOUT hierarchy change_auth <hierarchy> <new_pw> [<old_pw>]
> 
>       <hierarchy>: the hierarchy
> 
>       <new_pw>: new password for <hierarchy>
> 
>       <old_pw>: optional previous password of <hierarchy> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
> 
>       Change the <key> to access PCR #<pcr>.
> 
>       hierarchy and may be empty.
> 
>       /!\WARNING: untested function, use at your own risks !
> 
>       <pcr>: index of the PCR
> 
>       <key>: secret to protect the access of PCR #<pcr>
> 
>       <password>: optional password of the PLATFORM hierarchy
> 
> Regards,
> 
>      Stefan
> 
>  > Thanks,
> 
>  > Sandeep.
> 
>  >
> 
>  > -----Original Message-----
> 
>  > From: Stefan Berger <stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>
> 
>  > Sent: Tuesday, May 9, 2023 10:01 PM
> 
>  > To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
> 
>  > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
> 
>  > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
> 
>  > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
>  >
> 
>  > "External email. Open with Caution"
> 
>  >
> 
>  >
> 
>  > On 5/9/23 08:06, Sandeep Kumar wrote:
> 
>  >>    TCS Confidential
> 
>  >>
> 
>  >> Hi Stefan,
> 
>  >>
> 
>  >> Thanks for the help.
> 
>  >>
> 
>  >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
> 
>  >
> 
>  > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
> 
>  >
> 
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
> 
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
> 
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-1
> 
>  > 2-Makefile.am-expand-wildcards-in-prereqs.patch
> 
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
> 
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
> 
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
> 
>  > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
> 
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
> 
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
> 
>  > patch meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
> 
>  >
> 
>  > Intel: https://github.com/tpm2-software/tpm2-tss#overview <https://github.com/tpm2-software/tpm2-tss#overview>
> 
>  > IBM: https://github.com/kgoldman/ibmtss <https://github.com/kgoldman/ibmtss>
> 
>  >
> 
>  >      Stefan
> 
>  >
> 
>  >>
> 
>  >> Thanks,
> 
>  >> Sandeep.
> 
>  >>
> 
>  >> -----Original Message-----
> 
>  >> From: Stefan Berger <stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>
> 
>  >> Sent: Saturday, May 6, 2023 2:08 AM
> 
>  >> To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
> 
>  >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
> 
>  >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
> 
>  >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >> Qemu
> 
>  >>
> 
>  >> "External email. Open with Caution"
> 
>  >>
> 
>  >>
> 
>  >> On 5/5/23 13:36, Sandeep Kumar wrote:
> 
>  >>>     TCS Confidential
> 
>  >>>
> 
>  >>> Hi Stefan,
> 
>  >>>
> 
>  >>> I have these options set in
> 
>  >>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
> 
>  >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
> 
>  >>>
> 
>  >>> CONFIG_HW_RANDOM=y
> 
>  >>> CONFIG_HW_RANDOM_TPM=y
> 
>  >>> CONFIG_TCG_TPM=y
> 
>  >>> CONFIG_TCG_TIS_CORE=y
> 
>  >>> CONFIG_TCG_TIS=y
> 
>  >>> CONFIG_TCG_TIS_SPI=y
> 
>  >>> CONFIG_TCG_TIS_I2C=y
> 
>  >>> CONFIG_SECURITYFS=y
> 
>  >>
> 
>  >>
> 
>  >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
> 
>  >>
> 
>  >> As long as these symbols are built into the kernel it should work:
> 
>  >>
> 
>  >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
> 
>  >>> tpm_tis_i2c_remove
> 
>  >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 
>  >>> 8056323c t tpm_tis_i2c_write_bytes
> 
>  >>> 80563334 t tpm_tis_i2c_verify_crc
> 
>  >>> 805633e0 t tpm_tis_i2c_read_bytes
> 
>  >>> 80563604 t tpm_tis_i2c_probe
> 
>  >>> 80d23964 t tpm_tis_i2c_driver_init
> 
>  >>
> 
>  >>>
> 
>  >>> and in
> 
>  >>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
> 
>  >>> - k ernel/linux/linux-aspeed.inc I have these,
> 
>  >>>
> 
>  >>> SRC_URI += " \
> 
>  >>> file://defconfig <file://defconfig> \
> 
>  >>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaeea41067e54c65176c233ec7b2ab2decf1ddcd> \
> 
>  >>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214d471ac7b83ab7acef41c4425a34662e8372e> \
> 
>  >>> ${@bb.utils.contains('MACHINE_FEATURES <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2', 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '', d)} \
> 
>  >>> ${@bb.utils.contains_any('DISTRO_FEATURES <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
> 
>  >>>                    'obmc-static-norootfs obmc-ubi-fs', \
> 
>  >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg <file://ubi/ubi.cfg>', '', d)} \
> 
>  >>>               "
> 
>  >>>
> 
>  >>> Anything else needs to be done to enable TPM ?
> 
>  >>
> 
>  >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
> 
>  >>
> 
>  >>       Stefan
> 
>  >>
> 
>  >>>
> 
>  >>> Thanks,
> 
>  >>> Sandeep.
> 
>  >>>
> 
>  >>> -----Original Message-----
> 
>  >>> From: Stefan Berger <stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>
> 
>  >>> Sent: Friday, May 5, 2023 9:41 PM
> 
>  >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
> 
>  >>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
> 
>  >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
> 
>  >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  >>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >>> Qemu
> 
>  >>>
> 
>  >>> "External email. Open with Caution"
> 
>  >>>
> 
>  >>> I enable the following kernel build options for OpenBMC Linux kernel:
> 
>  >>>
> 
>  >>> CONFIG_TCG_TPM=y
> 
>  >>> CONFIG_TCG_TIS_CORE=y
> 
>  >>> CONFIG_TCG_TIS=y
> 
>  >>> CONFIG_TCG_TIS_I2C=y
> 
>  >>>
> 
>  >>> With swtpm running in another terminal:
> 
>  >>>
> 
>  >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20; done
> 
>  >>>
> 
>  >>> I start qemu built from qemu git master branch tip:
> 
>  >>>
> 
>  >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mtd -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev emulator,id=tpm0,chardev=chrtpm     -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
> 
>  >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> 
>  >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting the self test
> 
>  >>> [   63.784256] tpm tpm0: starting up the TPM manually
> 
>  >>> [   63.851474] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# uname -a
> 
>  >>> Linux evb-ast2600 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
> 
>  >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
> 
>  >>> tpm_tis_i2c_remove
> 
>  >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
> 
>  >>> 8056323c t tpm_tis_i2c_write_bytes
> 
>  >>> 80563334 t tpm_tis_i2c_verify_crc
> 
>  >>> 805633e0 t tpm_tis_i2c_read_bytes
> 
>  >>> 80563604 t tpm_tis_i2c_probe
> 
>  >>> 80d23964 t tpm_tis_i2c_driver_init
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
> 
>  >>> /sys/class/tpm/tpm0
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# ls -l /dev/tpm*
> 
>  >>> crw-------    1 root     root       10, 224 May  5 16:03 /dev/tpm0
> 
>  >>> crw-------    1 root     root      252, 65536 May  5 16:03 /dev/tpmrm0
> 
>  >>>
> 
>  >>> root@evb-ast2600:~# find /sys/ | grep pcr
> 
>  >>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
> 
>  >>> b
> 
>  >>> u
> 
>  >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
> 
>  >>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
> 
>  >>> b
> 
>  >>> u
> 
>  >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
> 
>  >>> [... lots more entries also for sha256, sha384, and sha512 ]
> 
>  >>>
> 
>  >>>
> 
>  >>>
> 
>  >>>
> 
>  >>> It seems to work as expected
> 
>  >>>
> 
>  >>> On 5/5/23 11:08, Sandeep Kumar wrote:
> 
>  >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
> 
>  >>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
> 
>  >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
> 
>  >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
> 
>  >>>> ZjQcmQRYFpfptBannerEnd
> 
>  >>>>
> 
>  >>>> TCS Confidential
> 
>  >>>>
> 
>  >>>>
> 
>  >>>> Hi Stefan,
> 
>  >>>>
> 
>  >>>> Please find below my answers inline.
> 
>  >>>>
> 
>  >>>> Thanks,
> 
>  >>>>
> 
>  >>>> Sandeep.
> 
>  >>>>
> 
>  >>>> -----Original Message-----
> 
>  >>>> From: Stefan Berger <stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>
> 
>  >>>> Sent: Friday, May 5, 2023 6:56 PM
> 
>  >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
> 
>  >>>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
> 
>  >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
> 
>  >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
> 
>  >>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> 
>  >>>> Qemu
> 
>  >>>>
> 
>  >>>> "External email. Open with Caution"
> 
>  >>>>
> 
>  >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
> 
>  >>>>
> 
>  >>>>     >   TCS Confidential
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Hi Stefan,
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
> 
>  >>>>
> 
>  >>>>     > Ans:
> 
>  >>>>
> 
>  >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
> 
>  >>>>
> 
>  >>>>     >          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1
> 
>  >>>> SMP
> 
>  >>>>
> 
>  >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm |
> 
>  >>>> grep pcr
> 
>  >>>>
> 
>  >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Could you please point to the right version of kernel which has all these changes ?
> 
>  >>>>
> 
>  >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
> 
>  >>>>
> 
>  >>>> Does this show any files?
> 
>  >>>>
> 
>  >>>> find /sys | grep pcr
> 
>  >>>>
> 
>  >>>> *Sandeep: It doesn't show any files. *
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> 
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >>>>
> 
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> 
>  >>>> tpm_tis_i2c at 0x2e*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# find /sys | grep pcr*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
> 
>  >>>>
> 
>  >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
> 
>  >>>> Output as below, *
> 
>  >>>>
> 
>  >>>> **
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> 
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >>>>
> 
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> 
>  >>>> tpm_tis_i2c at 0x2e*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# find /sys | grep pcr*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# ls /dev/tpm**
> 
>  >>>>
> 
>  >>>> *ls: /dev/tpm*: No such file or directory*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
> 
>  >>>>
> 
>  >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system mode
> 
>  >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
> 
>  >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN
> 
>  >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT
> 
>  >>>> -QRENCODE -TPM2
> 
>  >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
> 
>  >>>> -SYSVINIT
> 
>  >>>> default-hierarchy=unified)*
> 
>  >>>>
> 
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
> 
>  >>>> tpm_tis_i2c at 0x2e*
> 
>  >>>>
> 
>  >>>> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>>         Stefan
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Thanks,
> 
>  >>>>
> 
>  >>>>     > Sandeep.
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > -----Original Message-----
> 
>  >>>>
> 
>  >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
> 
>  >>>> <mailto:stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>>
> 
>  >>>>
> 
>  >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
> 
>  >>>>
> 
>  >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
> 
>  >>>> <mailto:sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
> 
>  >>>>
> 
>  >>>>     > <clg@kaod.org <mailto:clg@kaod.org <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
> 
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>; Ninad
> 
>  >>>> Palsule
> 
>  >>>>
> 
>  >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
> 
>  >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
> 
>  >>>>
> 
>  >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
> 
>  >>>>
> 
>  >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
> 
>  >>>> OpenBMC on Qemu
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > "External email. Open with Caution"
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
> 
>  >>>>
> 
>  >>>>     >> TCS Confidential Hi C, I was able to build and run the
> 
>  >>>> image(for
> 
>  >>>>
> 
>  >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run with
> 
>  >>>> the
> 
>  >>>>
> 
>  >>>>     >> flash. img provided in your github link(https: //github.
> 
>  >>>>
> 
>  >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
> 
>  >>>>
> 
>  >>>>     >> ZjQcmQRYFpfptBannerEnd
> 
>  >>>>
> 
>  >>>>     >> TCS Confidential
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >> Hi C,
> 
>  >>>>
> 
>  >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
> 
>  >>>>
> 
>  >>>>     >> Few issues observed,
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >> *# echo tpm_tis_i2c 0x2e >
> 
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >>>>
> 
>  >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
> 
>  >>>> rev-id
> 
>  >>>>
> 
>  >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
> 
>  >>>> device
> 
>  >>>>
> 
>  >>>>     >> tpm_tis_i2c at 0x2e*
> 
>  >>>>
> 
>  >>>>     >> *#*
> 
>  >>>>
> 
>  >>>>     >> *#*
> 
>  >>>>
> 
>  >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
> 
>  >>>>
> 
>  >>>>     >> *#*
> 
>  >>>>
> 
>  >>>>     >> *#*
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >>   2. If I run it with the locally built image, I get this error,
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> 
>  >>>>
> 
>  >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
> 
>  >>>>
> 
>  >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated device
> 
>  >>>>
> 
>  >>>>     >> tpm_tis_i2c at 0x2e*
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > What is the output of this?
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     > find /sys/class/tpm | grep pcr
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     >     Stefan
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     >> *root@evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> 
>  >>>>
> 
>  >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such
> 
>  >>>> file or
> 
>  >>>>
> 
>  >>>>     >> directory*
> 
>  >>>>
> 
>  >>>>     >> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>>     >> *root@evb-ast2600:~#*
> 
>  >>>>
> 
>  >>>>     >> Please do let me know about what has been done to write the
> 
>  >>>> values
> 
>  >>>>
> 
>  >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
> 
>  >>>>
> 
>  >>>>     >> _____________________________________________
> 
>  >>>>
> 
>  >>>>     >> *From:* Sandeep Kumar
> 
>  >>>>
> 
>  >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
> 
>  >>>>
> 
>  >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
> 
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
> 
>  >>>>
> 
>  >>>>     >> Ninad Palsule <ninad@linux.ibm.com
> 
>  >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel Stanley <jms@jms.id.au
> 
>  >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
> 
>  >>>>
> 
>  >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
> 
>  >>>>
> 
>  >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
> 
>  >>>> OpenBMC on
> 
>  >>>>
> 
>  >>>>     >> Qemu Hi C, How to build this image =>
> 
>  >>>>
> 
>  >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
> 
>  >>>>
> 
>  >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> 
>  >>>>
> 
>  >>>>     >> Please advise if we have to build openbmc stack in a
> 
>  >>>> different way
> 
>  >>>>
> 
>  >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
> 
>  >>>>
> 
>  >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
> 
>  >>>>
> 
>  >>>>     >> -----Original Message-----
> 
>  >>>>
> 
>  >>>>     >> From: Sandeep Kumar
> 
>  >>>>
> 
>  >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
> 
>  >>>>
> 
>  >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
> 
>  >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
> 
>  >>>>
> 
>  >>>>     >> _openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>
> 
>  >>>> <mailto:_openbmc@lists.ozlabs.org_ <mailto:_openbmc@lists.ozlabs.org_>>
> 
>  >>>> <mailto:openbmc@lists.ozlabs.org
> 
>  >>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>>;
> 
>  >>>> Ninad
> 
>  >>>>
> 
>  >>>>     >> Palsule <_ninad@linux.ibm.com_ <mailto:ninad@linux.ibm.com
> 
>  >>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
> 
>  >>>> Joel
> 
>  >>>>
> 
>  >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
> 
>  >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
> 
>  >>>> Jeffery
> 
>  >>>>
> 
>  >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
> 
>  >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
> 
>  >>>>
> 
>  >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
> 
>  >>>> OpenBMC on
> 
>  >>>>
> 
>  >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
> 
>  >>>> supported on
> 
>  >>>>
> 
>  >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
> 
>  >>>>
> 
>  >>>>     >> Thanks,
> 
>  >>>>
> 
>  >>>>     >> Sandeep.
> 
>  >>>>
> 
>  >>>>     >> -----Original Message-----
> 
>  >>>>
> 
>  >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
> 
>  >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
> 
>  >>>>
> 
>  >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
> 
>  >>>>
> 
>  >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> 
>  >>>>
> 
>  >>>>     >> <mailto:sandeep.pkumar@tcs.com
> 
>  >>>> <mailto:sandeep.pkumar@tcs.com <mailto:sandeep.pkumar@tcs.com>>>>;
> 
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
> 
>  >>>>
> 
>  >>>>     >> <mailto:openbmc@lists.ozlabs.org
> 
>  >>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
> 
>  >>>> <ninad@linux.ibm.com
> 
>  >>>>
> 
>  >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
> 
>  >>>> Joel Stanley <jms@jms.id.au
> 
>  >>>>
> 
>  >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
> 
>  >>>> Jeffery <andrew@aj.id.au
> 
>  >>>>
> 
>  >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
> 
>  >>>>
> 
>  >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
> 
>  >>>> OpenBMC on
> 
>  >>>>
> 
>  >>>>     >> Qemu "External email. Open with Caution"
> 
>  >>>>
> 
>  >>>>     >> Hello Sandeep
> 
>  >>>>
> 
>  >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
> 
>  >>>>
> 
>  >>>>     >>> TCS Confidential
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>>
> 
>  >>>>     >>> Hi C,
> 
>  >>>>
> 
>  >>>>     >>> Built the qemu from your branch. Few issues, *$
> 
>  >>>> ./qemu-system-arm -m
> 
>  >>>>
> 
>  >>>>     >>> 256 -M romulus-bmc -nographic -drive
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
> 
>  >>>> -net
> 
>  >>>>
> 
>  >>>>     >>> nic -net
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
> 
>  >>>> w
> 
>  >>>>
> 
>  >>>>     >>> d
> 
>  >>>>
> 
>  >>>>     >>> =
> 
>  >>>>
> 
>  >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
> 
>  >>>>
> 
>  >>>>     >>> 1
> 
>  >>>>
> 
>  >>>>     >>> 2
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
> 
>  >>>>
> 
>  >>>>     >>> *qemu-system-arm: -net
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
> 
>  >>>> w
> 
>  >>>>
> 
>  >>>>     >>> d
> 
>  >>>>
> 
>  >>>>     >>> =
> 
>  >>>>
> 
>  >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
> 
>  >>>>
> 
>  >>>>     >>> 1
> 
>  >>>>
> 
>  >>>>     >>> 2
> 
>  >>>>
> 
>  >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
> 
>  >>>>
> 
>  >>>>     >>> network backend 'user' is not compiled into this binary* I
> 
>  >>>> didn’t
> 
>  >>>>
> 
>  >>>>     >>> enable the slirp package I guess. So enabled it while
> 
>  >>>> running
> 
>  >>>>
> 
>  >>>>     >>> configure, *$ ../configure --enable-slirp*
> 
>  >>>>
> 
>  >>>>     >>> *........*
> 
>  >>>>
> 
>  >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
> 
>  >>>>
> 
>  >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not found,
> 
>  >>>> tried
> 
>  >>>>
> 
>  >>>>     >>> pkgconfig* *A full log can be found at
> 
>  >>>>
> 
>  >>>>     >>>
> 
>  >>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
> 
>  >>>> /
> 
>  >>>>
> 
>  >>>>     >>> m
> 
>  >>>>
> 
>  >>>>     >>> e
> 
>  >>>>
> 
>  >>>>     >>> son-log.txt*
> 
>  >>>>
> 
>  >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
> 
>  >>>> with
> 
>  >>>>
> 
>  >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
> 
>  >>>>
> 
>  >>>>     >>> *ERROR: meson setup failed*
> 
>  >>>>
> 
>  >>>>     >>> I have already installed slirp locally, but still getting the above error.
> 
>  >>>>
> 
>  >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
> 
>  >>>>
> 
>  >>>>     >> C.
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >> TCS Confidential
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >> =====-----=====-----=====
> 
>  >>>>
> 
>  >>>>     >> Notice: The information contained in this e-mail message
> 
>  >>>> and/or
> 
>  >>>>
> 
>  >>>>     >> attachments to it may contain confidential or privileged information.
> 
>  >>>>
> 
>  >>>>     >> If you are not the intended recipient, any dissemination,
> 
>  >>>> use,
> 
>  >>>>
> 
>  >>>>     >> review, distribution, printing or copying of the information
> 
>  >>>>
> 
>  >>>>     >> contained in this e-mail message and/or attachments to it
> 
>  >>>> are
> 
>  >>>>
> 
>  >>>>     >> strictly prohibited. If you have received this communication
> 
>  >>>> in
> 
>  >>>>
> 
>  >>>>     >> error, please notify us by reply e-mail or telephone and
> 
>  >>>> immediately
> 
>  >>>>
> 
>  >>>>     >> and permanently delete the message and any attachments.
> 
>  >>>> Thank you
> 
>  >>>>
> 
>  >>>>     >>
> 
>  >>>>
> 
>  >>>>     >
> 
>  >>>>
> 
>  >>>>     >   TCS Confidential
> 
>  >>>>
> 
>  >>>>
> 
>  >>>> TCS Confidential
> 
>  >>>>
> 
>  >>>
> 
>  >>>     TCS Confidential
> 
>  >>
> 
>  >>    TCS Confidential
> 
>  >
> 
>  >   TCS Confidential
> 
> 
> TCS Confidential
> 

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi Stefan,

Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.

Thanks,
Sandeep.

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, May 23, 2023 8:06 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"



On 5/23/23 01:59, Sandeep Kumar wrote:

>
> TCS Confidential

What is TCS Confidential ?

>
>
> Hi Stefan,
>
> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>

When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.

     Stefan

>    gcc
> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast
> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2
> 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include -O2
> -pipe
> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/t
> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04
> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/t
> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04
> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
> -Wl,--enable-new-dtags
> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build
> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-
> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>
> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build
> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-
> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-
> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1
> _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-
> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1
> _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
> tools/image-host.o tools/common/image.o tools/imagetool.o
> tools/imximage.o tools/imx8image.o tools/imx8mimage.o tools/kwbimage.o
> tools/lib/md5.o tools/lpc32xximage.o tools/mxsimage.o
> tools/omapimage.o tools/os_support.o tools/pblimage.o
> tools/pbl_crc32.o tools/vybridimage.o tools/stm32image.o
> tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o tools/rksd.o
> tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o tools/lib/sha1.o
> tools/lib/sha256.o tools/lib/sha512.o tools/common/hash.o
> tools/ublimage.o tools/zynqimage.o tools/zynqmpimage.o
> tools/zynqmpbif.o tools/libfdt/fdt.o tools/libfdt/fdt_wip.o
> tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
> tools/fit_check_sign.o  -lssl -lcrypto
>
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>
> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>
> collect2: error: ld returned 1 exit status
>
> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>
> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 18, 2023 5:10 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
> On 5/17/23 13:13, Sandeep Kumar wrote:
>
>  >   TCS Confidential
>
>  >
>
>  > Hi Stefan,
>
>  >
>
>  > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>
>  >
>
> There are quite a few commands in u-boot:
>
> ast# tpm2
>
> tpm2 - Issue a TPMv2.x command
>
> Usage:
>
> tpm2 <command> [<arguments>]
>
> device [num device]
>
>       Show all devices or set the specified device info
>
>       Show information about the TPM.
>
> state
>
>       Show internal state from the TPM (if available) init
>
>       Initialize the software stack. Always the first command to issue.
>
> startup <mode>
>
>       Issue a TPM2_Startup command.
>
>       <mode> is one of:
>
>           * TPM2_SU_CLEAR (reset state)
>
>           * TPM2_SU_STATE (preserved state) self_test <type>
>
>       Test the TPM capabilities.
>
>       <type> is one of:
>
>           * full (perform all tests)
>
>           * continue (only check untested tests) clear <hierarchy>
>
>       Issue a TPM2_Clear command.
>
>       <hierarchy> is one of:
>
>           * TPM2_RH_LOCKOUT
>
>           * TPM2_RH_PLATFORM
>
> pcr_extend <pcr> <digest_addr>
>
>       Extend PCR #<pcr> with digest at <digest_addr>.
>
>       <pcr>: index of the PCR
>
>       <digest_addr>: address of a 32-byte SHA256 digest pcr_read <pcr>
> <digest_addr>
>
>       Read PCR #<pcr> to memory address <digest_addr>.
>
>      <pcr>: index of the PCR
>
>       <digest_addr>: address to store the a 32-byte SHA256 digest
> get_capability <capability> <property> <addr> <count>
>
>       Read and display <count> entries indexed by <capability>/<property>.
>
>       Values are 4 bytes long and are written at <addr>.
>
>       <capability>: capability
>
>       <property>: property
>
>       <addr>: address to store <count> entries of 4 bytes
>
>       <count>: number of entries to retrieve dam_reset [<password>]
>
>       If the TPM is not in a LOCKOUT state, reset the internal error counter.
>
>       <password>: optional password
>
> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
> [<password>]
>
>       If the TPM is not in a LOCKOUT state, set the DAM parameters
>
>       <maxTries>: maximum number of failures before lockout,
>
>                   0 means always locking
>
>       <recoveryTime>: time before decrement of the error counter,
>
>                       0 means no lockout
>
>       <lockoutRecovery>: time of a lockout (before the next try),
>
>                          0 means a reboot is needed
>
>       <password>: optional password of the LOCKOUT hierarchy
> change_auth <hierarchy> <new_pw> [<old_pw>]
>
>       <hierarchy>: the hierarchy
>
>       <new_pw>: new password for <hierarchy>
>
>       <old_pw>: optional previous password of <hierarchy>
> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>
>       Change the <key> to access PCR #<pcr>.
>
>       hierarchy and may be empty.
>
>       /!\WARNING: untested function, use at your own risks !
>
>       <pcr>: index of the PCR
>
>       <key>: secret to protect the access of PCR #<pcr>
>
>       <password>: optional password of the PLATFORM hierarchy
>
> Regards,
>
>      Stefan
>
>  > Thanks,
>
>  > Sandeep.
>
>  >
>
>  > -----Original Message-----
>
>  > From: Stefan Berger <stefanb@linux.ibm.com
> <mailto:stefanb@linux.ibm.com>>
>
>  > Sent: Tuesday, May 9, 2023 10:01 PM
>
>  > To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>
>  > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>
>  > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>
>  > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
> Qemu
>
>  >
>
>  > "External email. Open with Caution"
>
>  >
>
>  >
>
>  > On 5/9/23 08:06, Sandeep Kumar wrote:
>
>  >>    TCS Confidential
>
>  >>
>
>  >> Hi Stefan,
>
>  >>
>
>  >> Thanks for the help.
>
>  >>
>
>  >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>
>  >
>
>  > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>
>  >
>
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>
>  >
> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-1
>
>  > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>
>  > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>
>  > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>
>  > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>
>  > patch
> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>
>  >
>
>  > Intel: https://github.com/tpm2-software/tpm2-tss#overview
> <https://github.com/tpm2-software/tpm2-tss#overview>
>
>  > IBM: https://github.com/kgoldman/ibmtss
> <https://github.com/kgoldman/ibmtss>
>
>  >
>
>  >      Stefan
>
>  >
>
>  >>
>
>  >> Thanks,
>
>  >> Sandeep.
>
>  >>
>
>  >> -----Original Message-----
>
>  >> From: Stefan Berger <stefanb@linux.ibm.com
> <mailto:stefanb@linux.ibm.com>>
>
>  >> Sent: Saturday, May 6, 2023 2:08 AM
>
>  >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>
>  >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>
>  >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>
>  >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>
>  >> Qemu
>
>  >>
>
>  >> "External email. Open with Caution"
>
>  >>
>
>  >>
>
>  >> On 5/5/23 13:36, Sandeep Kumar wrote:
>
>  >>>     TCS Confidential
>
>  >>>
>
>  >>> Hi Stefan,
>
>  >>>
>
>  >>> I have these options set in
>
>  >>>
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>
>  >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>
>  >>>
>
>  >>> CONFIG_HW_RANDOM=y
>
>  >>> CONFIG_HW_RANDOM_TPM=y
>
>  >>> CONFIG_TCG_TPM=y
>
>  >>> CONFIG_TCG_TIS_CORE=y
>
>  >>> CONFIG_TCG_TIS=y
>
>  >>> CONFIG_TCG_TIS_SPI=y
>
>  >>> CONFIG_TCG_TIS_I2C=y
>
>  >>> CONFIG_SECURITYFS=y
>
>  >>
>
>  >>
>
>  >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>
>  >>
>
>  >> As long as these symbols are built into the kernel it should work:
>
>  >>
>
>  >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>
>  >>> tpm_tis_i2c_remove
>
>  >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>
>  >>> 8056323c t tpm_tis_i2c_write_bytes
>
>  >>> 80563334 t tpm_tis_i2c_verify_crc
>
>  >>> 805633e0 t tpm_tis_i2c_read_bytes
>
>  >>> 80563604 t tpm_tis_i2c_probe
>
>  >>> 80d23964 t tpm_tis_i2c_driver_init
>
>  >>
>
>  >>>
>
>  >>> and in
>
>  >>>
> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>
>  >>> - k ernel/linux/linux-aspeed.inc I have these,
>
>  >>>
>
>  >>> SRC_URI += " \
>
>  >>> file://defconfig <file://defconfig> \
>
>  >>>
> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaee
> a41067e54c65176c233ec7b2ab2decf1ddcd
> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbae
> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>
>  >>>
> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214
> d471ac7b83ab7acef41c4425a34662e8372e
> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f321
> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>
>  >>> ${@bb.utils.contains('MACHINE_FEATURES
> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
> d)} \
>
>  >>> ${@bb.utils.contains_any('DISTRO_FEATURES
> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>
>  >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>
>  >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
> <file://ubi/ubi.cfg>', '', d)} \
>
>  >>>               "
>
>  >>>
>
>  >>> Anything else needs to be done to enable TPM ?
>
>  >>
>
>  >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>
>  >>
>
>  >>       Stefan
>
>  >>
>
>  >>>
>
>  >>> Thanks,
>
>  >>> Sandeep.
>
>  >>>
>
>  >>> -----Original Message-----
>
>  >>> From: Stefan Berger <stefanb@linux.ibm.com
> <mailto:stefanb@linux.ibm.com>>
>
>  >>> Sent: Friday, May 5, 2023 9:41 PM
>
>  >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>
>  >>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>
>  >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>
>  >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  >>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>
>  >>> Qemu
>
>  >>>
>
>  >>> "External email. Open with Caution"
>
>  >>>
>
>  >>> I enable the following kernel build options for OpenBMC Linux kernel:
>
>  >>>
>
>  >>> CONFIG_TCG_TPM=y
>
>  >>> CONFIG_TCG_TIS_CORE=y
>
>  >>> CONFIG_TCG_TIS=y
>
>  >>> CONFIG_TCG_TIS_I2C=y
>
>  >>>
>
>  >>> With swtpm running in another terminal:
>
>  >>>
>
>  >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
> done
>
>  >>>
>
>  >>> I start qemu built from qemu git master branch tip:
>
>  >>>
>
>  >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot
> -net nic -net
> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=
> udp:127.0.0.1:5723-:623 -drive
> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.s
> tatic.mtd,format=raw,if=mtd -chardev
> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
> emulator,id=tpm0,chardev=chrtpm     -device
> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>
>  >>>
>
>  >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
> /sys/bus/i2c/devices/i2c-12/new_device
>
>  >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
> rev-id 1)
>
>  >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
> the self test
>
>  >>> [   63.784256] tpm tpm0: starting up the TPM manually
>
>  >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
> tpm_tis_i2c at 0x2e
>
>  >>>
>
>  >>> root@evb-ast2600:~# uname -a
>
>  >>> Linux evb-ast2600
> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>
>  >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>
>  >>>
>
>  >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>
>  >>> tpm_tis_i2c_remove
>
>  >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>
>  >>> 8056323c t tpm_tis_i2c_write_bytes
>
>  >>> 80563334 t tpm_tis_i2c_verify_crc
>
>  >>> 805633e0 t tpm_tis_i2c_read_bytes
>
>  >>> 80563604 t tpm_tis_i2c_probe
>
>  >>> 80d23964 t tpm_tis_i2c_driver_init
>
>  >>>
>
>  >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>
>  >>> /sys/class/tpm/tpm0
>
>  >>>
>
>  >>> root@evb-ast2600:~# ls -l /dev/tpm*
>
>  >>> crw-------    1 root     root       10, 224 May  5 16:03
> /dev/tpm0
>
>  >>> crw-------    1 root     root      252, 65536 May  5 16:03
> /dev/tpmrm0
>
>  >>>
>
>  >>> root@evb-ast2600:~# find /sys/ | grep pcr
>
>  >>>
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>
>  >>> b
>
>  >>> u
>
>  >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>
>  >>>
> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>
>  >>> b
>
>  >>> u
>
>  >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>
>  >>> [... lots more entries also for sha256, sha384, and sha512 ]
>
>  >>>
>
>  >>>
>
>  >>>
>
>  >>>
>
>  >>> It seems to work as expected
>
>  >>>
>
>  >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>
>  >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>
>  >>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>
>  >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>
>  >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>
>  >>>> ZjQcmQRYFpfptBannerEnd
>
>  >>>>
>
>  >>>> TCS Confidential
>
>  >>>>
>
>  >>>>
>
>  >>>> Hi Stefan,
>
>  >>>>
>
>  >>>> Please find below my answers inline.
>
>  >>>>
>
>  >>>> Thanks,
>
>  >>>>
>
>  >>>> Sandeep.
>
>  >>>>
>
>  >>>> -----Original Message-----
>
>  >>>> From: Stefan Berger <stefanb@linux.ibm.com
> <mailto:stefanb@linux.ibm.com>>
>
>  >>>> Sent: Friday, May 5, 2023 6:56 PM
>
>  >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>
>  >>>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>
>  >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>
>  >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>
>  >>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
> on
>
>  >>>> Qemu
>
>  >>>>
>
>  >>>> "External email. Open with Caution"
>
>  >>>>
>
>  >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>
>  >>>>
>
>  >>>>     >   TCS Confidential
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Hi Stefan,
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>
>  >>>>
>
>  >>>>     > Ans:
>
>  >>>>
>
>  >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>
>  >>>>
>
>  >>>>     >          Kernel version used : Linux evb-ast2600
> 6.1.15-580639a #1
>
>  >>>> SMP
>
>  >>>>
>
>  >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
> |
>
>  >>>> grep pcr
>
>  >>>>
>
>  >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Could you please point to the right version of kernel which has all these changes ?
>
>  >>>>
>
>  >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>
>  >>>>
>
>  >>>> Does this show any files?
>
>  >>>>
>
>  >>>> find /sys | grep pcr
>
>  >>>>
>
>  >>>> *Sandeep: It doesn't show any files. *
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >>>>
>
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>
>  >>>> tpm_tis_i2c at 0x2e*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>
>  >>>>
>
>  >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>
>  >>>> Output as below, *
>
>  >>>>
>
>  >>>> **
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >>>>
>
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>
>  >>>> tpm_tis_i2c at 0x2e*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# ls /dev/tpm**
>
>  >>>>
>
>  >>>> *ls: /dev/tpm*: No such file or directory*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>
>  >>>>
>
>  >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
> mode
>
>  >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>
>  >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN
>
>  >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT
>
>  >>>> -QRENCODE -TPM2
>
>  >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>
>  >>>> -SYSVINIT
>
>  >>>> default-hierarchy=unified)*
>
>  >>>>
>
>  >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>
>  >>>> tpm_tis_i2c at 0x2e*
>
>  >>>>
>
>  >>>> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>>         Stefan
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Thanks,
>
>  >>>>
>
>  >>>>     > Sandeep.
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > -----Original Message-----
>
>  >>>>
>
>  >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>
>  >>>> <mailto:stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>>
>
>  >>>>
>
>  >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>
>  >>>>
>
>  >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>
>  >>>> <mailto:sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>
>  >>>>
>
>  >>>>     > <clg@kaod.org <mailto:clg@kaod.org
> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
> Ninad
>
>  >>>> Palsule
>
>  >>>>
>
>  >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>
>  >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>
>  >>>>
>
>  >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>
>  >>>>
>
>  >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>
>  >>>> OpenBMC on Qemu
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > "External email. Open with Caution"
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>
>  >>>>
>
>  >>>>     >> TCS Confidential Hi C, I was able to build and run the
>
>  >>>> image(for
>
>  >>>>
>
>  >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
> with
>
>  >>>> the
>
>  >>>>
>
>  >>>>     >> flash. img provided in your github link(https: //github.
>
>  >>>>
>
>  >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>
>  >>>>
>
>  >>>>     >> ZjQcmQRYFpfptBannerEnd
>
>  >>>>
>
>  >>>>     >> TCS Confidential
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >> Hi C,
>
>  >>>>
>
>  >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>
>  >>>>
>
>  >>>>     >> Few issues observed,
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >> *# echo tpm_tis_i2c 0x2e >
>
>  >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >>>>
>
>  >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
> 0x1,
>
>  >>>> rev-id
>
>  >>>>
>
>  >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>
>  >>>> device
>
>  >>>>
>
>  >>>>     >> tpm_tis_i2c at 0x2e*
>
>  >>>>
>
>  >>>>     >> *#*
>
>  >>>>
>
>  >>>>     >> *#*
>
>  >>>>
>
>  >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>
>  >>>>
>
>  >>>>     >> *#*
>
>  >>>>
>
>  >>>>     >> *#*
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >>   2. If I run it with the locally built image, I get this
> error,
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>
>  >>>>
>
>  >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>
>  >>>>
>
>  >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
> device
>
>  >>>>
>
>  >>>>     >> tpm_tis_i2c at 0x2e*
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > What is the output of this?
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     > find /sys/class/tpm | grep pcr
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     >     Stefan
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     >> *root@evb-ast2600:~# cat
> /sys/class/tpm/tpm0/pcr-sha256/0*
>
>  >>>>
>
>  >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
> such
>
>  >>>> file or
>
>  >>>>
>
>  >>>>     >> directory*
>
>  >>>>
>
>  >>>>     >> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>>     >> *root@evb-ast2600:~#*
>
>  >>>>
>
>  >>>>     >> Please do let me know about what has been done to write
> the
>
>  >>>> values
>
>  >>>>
>
>  >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>
>  >>>>
>
>  >>>>     >> _____________________________________________
>
>  >>>>
>
>  >>>>     >> *From:* Sandeep Kumar
>
>  >>>>
>
>  >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>
>  >>>>
>
>  >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>
>  >>>>
>
>  >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>
>  >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
> Stanley <jms@jms.id.au
>
>  >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>
>  >>>>
>
>  >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>
>  >>>>
>
>  >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>
>  >>>> OpenBMC on
>
>  >>>>
>
>  >>>>     >> Qemu Hi C, How to build this image =>
>
>  >>>>
>
>  >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>
>  >>>>
>
>  >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>
>  >>>>
>
>  >>>>     >> Please advise if we have to build openbmc stack in a
>
>  >>>> different way
>
>  >>>>
>
>  >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>
>  >>>>
>
>  >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>
>  >>>>
>
>  >>>>     >> -----Original Message-----
>
>  >>>>
>
>  >>>>     >> From: Sandeep Kumar
>
>  >>>>
>
>  >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>
>  >>>>
>
>  >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>
>  >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>
>  >>>>
>
>  >>>>     >> _openbmc@lists.ozlabs.org_
> <mailto:_openbmc@lists.ozlabs.org_>
>
>  >>>> <mailto:_openbmc@lists.ozlabs.org_
> <mailto:_openbmc@lists.ozlabs.org_>>
>
>  >>>> <mailto:openbmc@lists.ozlabs.org
>
>  >>>> <mailto:openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>>>;
>
>  >>>> Ninad
>
>  >>>>
>
>  >>>>     >> Palsule <_ninad@linux.ibm.com_
> <mailto:ninad@linux.ibm.com
>
>  >>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>
>  >>>> Joel
>
>  >>>>
>
>  >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>
>  >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>
>  >>>> Jeffery
>
>  >>>>
>
>  >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>
>  >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>
>  >>>>
>
>  >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>
>  >>>> OpenBMC on
>
>  >>>>
>
>  >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>
>  >>>> supported on
>
>  >>>>
>
>  >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>
>  >>>>
>
>  >>>>     >> Thanks,
>
>  >>>>
>
>  >>>>     >> Sandeep.
>
>  >>>>
>
>  >>>>     >> -----Original Message-----
>
>  >>>>
>
>  >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>
>  >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>
>  >>>>
>
>  >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>
>  >>>>
>
>  >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>
>  >>>>
>
>  >>>>     >> <mailto:sandeep.pkumar@tcs.com
>
>  >>>> <mailto:sandeep.pkumar@tcs.com
> <mailto:sandeep.pkumar@tcs.com>>>>;
>
>  >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>
>  >>>>
>
>  >>>>     >> <mailto:openbmc@lists.ozlabs.org
>
>  >>>> <mailto:openbmc@lists.ozlabs.org
> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>
>  >>>> <ninad@linux.ibm.com
>
>  >>>>
>
>  >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>
>  >>>> Joel Stanley <jms@jms.id.au
>
>  >>>>
>
>  >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>
>  >>>> Jeffery <andrew@aj.id.au
>
>  >>>>
>
>  >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>
>  >>>>
>
>  >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>
>  >>>> OpenBMC on
>
>  >>>>
>
>  >>>>     >> Qemu "External email. Open with Caution"
>
>  >>>>
>
>  >>>>     >> Hello Sandeep
>
>  >>>>
>
>  >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>
>  >>>>
>
>  >>>>     >>> TCS Confidential
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>>
>
>  >>>>     >>> Hi C,
>
>  >>>>
>
>  >>>>     >>> Built the qemu from your branch. Few issues, *$
>
>  >>>> ./qemu-system-arm -m
>
>  >>>>
>
>  >>>>     >>> 256 -M romulus-bmc -nographic -drive
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>
>  >>>> -net
>
>  >>>>
>
>  >>>>     >>> nic -net
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>>
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>
>  >>>> w
>
>  >>>>
>
>  >>>>     >>> d
>
>  >>>>
>
>  >>>>     >>> =
>
>  >>>>
>
>  >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>
>  >>>>
>
>  >>>>     >>> 1
>
>  >>>>
>
>  >>>>     >>> 2
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>
>  >>>>
>
>  >>>>     >>> *qemu-system-arm: -net
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>>
> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>
>  >>>> w
>
>  >>>>
>
>  >>>>     >>> d
>
>  >>>>
>
>  >>>>     >>> =
>
>  >>>>
>
>  >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>
>  >>>>
>
>  >>>>     >>> 1
>
>  >>>>
>
>  >>>>     >>> 2
>
>  >>>>
>
>  >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>
>  >>>>
>
>  >>>>     >>> network backend 'user' is not compiled into this binary*
> I
>
>  >>>> didn’t
>
>  >>>>
>
>  >>>>     >>> enable the slirp package I guess. So enabled it while
>
>  >>>> running
>
>  >>>>
>
>  >>>>     >>> configure, *$ ../configure --enable-slirp*
>
>  >>>>
>
>  >>>>     >>> *........*
>
>  >>>>
>
>  >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>
>  >>>>
>
>  >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
> found,
>
>  >>>> tried
>
>  >>>>
>
>  >>>>     >>> pkgconfig* *A full log can be found at
>
>  >>>>
>
>  >>>>     >>>
>
>  >>>>
> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>
>  >>>> /
>
>  >>>>
>
>  >>>>     >>> m
>
>  >>>>
>
>  >>>>     >>> e
>
>  >>>>
>
>  >>>>     >>> son-log.txt*
>
>  >>>>
>
>  >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>
>  >>>> with
>
>  >>>>
>
>  >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>
>  >>>>
>
>  >>>>     >>> *ERROR: meson setup failed*
>
>  >>>>
>
>  >>>>     >>> I have already installed slirp locally, but still getting the above error.
>
>  >>>>
>
>  >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>
>  >>>>
>
>  >>>>     >> C.
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >> TCS Confidential
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >> =====-----=====-----=====
>
>  >>>>
>
>  >>>>     >> Notice: The information contained in this e-mail message
>
>  >>>> and/or
>
>  >>>>
>
>  >>>>     >> attachments to it may contain confidential or privileged information.
>
>  >>>>
>
>  >>>>     >> If you are not the intended recipient, any dissemination,
>
>  >>>> use,
>
>  >>>>
>
>  >>>>     >> review, distribution, printing or copying of the
> information
>
>  >>>>
>
>  >>>>     >> contained in this e-mail message and/or attachments to it
>
>  >>>> are
>
>  >>>>
>
>  >>>>     >> strictly prohibited. If you have received this
> communication
>
>  >>>> in
>
>  >>>>
>
>  >>>>     >> error, please notify us by reply e-mail or telephone and
>
>  >>>> immediately
>
>  >>>>
>
>  >>>>     >> and permanently delete the message and any attachments.
>
>  >>>> Thank you
>
>  >>>>
>
>  >>>>     >>
>
>  >>>>
>
>  >>>>     >
>
>  >>>>
>
>  >>>>     >   TCS Confidential
>
>  >>>>
>
>  >>>>
>
>  >>>> TCS Confidential
>
>  >>>>
>
>  >>>
>
>  >>>     TCS Confidential
>
>  >>
>
>  >>    TCS Confidential
>
>  >
>
>  >   TCS Confidential
>
>
> TCS Confidential
>

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/25/23 05:49, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"

$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

      obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

      core-image-minimal: A small image just capable of allowing a device to boot

      core-image-full-cmdline: A small image with more Linux functionality
                               installed, including a ssh server.

Note that the core targets will not set the default phosphor password.


    Stefan



> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Tuesday, May 23, 2023 8:06 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> 
> On 5/23/23 01:59, Sandeep Kumar wrote:
> 
>>
>> TCS Confidential
> 
> What is TCS Confidential ?
> 
>>
>>
>> Hi Stefan,
>>
>> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>>
> 
> When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.
> 
>       Stefan
> 
>>     gcc
>> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast
>> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2
>> 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include -O2
>> -pipe
>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/t
>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04
>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/t
>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.04
>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,--enable-new-dtags
>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build
>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-
>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>
>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build
>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-
>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-
>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1
>> _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-
>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1
>> _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
>> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
>> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
>> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
>> tools/image-host.o tools/common/image.o tools/imagetool.o
>> tools/imximage.o tools/imx8image.o tools/imx8mimage.o tools/kwbimage.o
>> tools/lib/md5.o tools/lpc32xximage.o tools/mxsimage.o
>> tools/omapimage.o tools/os_support.o tools/pblimage.o
>> tools/pbl_crc32.o tools/vybridimage.o tools/stm32image.o
>> tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o tools/rksd.o
>> tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o tools/lib/sha1.o
>> tools/lib/sha256.o tools/lib/sha512.o tools/common/hash.o
>> tools/ublimage.o tools/zynqimage.o tools/zynqmpimage.o
>> tools/zynqmpbif.o tools/libfdt/fdt.o tools/libfdt/fdt_wip.o
>> tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
>> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
>> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
>> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
>> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
>> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
>> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
>> tools/fit_check_sign.o  -lssl -lcrypto
>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>>
>> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>>
>> collect2: error: ld returned 1 exit status
>>
>> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>>
>> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Thursday, May 18, 2023 5:10 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>>
>> "External email. Open with Caution"
>>
>> On 5/17/23 13:13, Sandeep Kumar wrote:
>>
>>   >   TCS Confidential
>>
>>   >
>>
>>   > Hi Stefan,
>>
>>   >
>>
>>   > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>>
>>   >
>>
>> There are quite a few commands in u-boot:
>>
>> ast# tpm2
>>
>> tpm2 - Issue a TPMv2.x command
>>
>> Usage:
>>
>> tpm2 <command> [<arguments>]
>>
>> device [num device]
>>
>>        Show all devices or set the specified device info
>>
>>        Show information about the TPM.
>>
>> state
>>
>>        Show internal state from the TPM (if available) init
>>
>>        Initialize the software stack. Always the first command to issue.
>>
>> startup <mode>
>>
>>        Issue a TPM2_Startup command.
>>
>>        <mode> is one of:
>>
>>            * TPM2_SU_CLEAR (reset state)
>>
>>            * TPM2_SU_STATE (preserved state) self_test <type>
>>
>>        Test the TPM capabilities.
>>
>>        <type> is one of:
>>
>>            * full (perform all tests)
>>
>>            * continue (only check untested tests) clear <hierarchy>
>>
>>        Issue a TPM2_Clear command.
>>
>>        <hierarchy> is one of:
>>
>>            * TPM2_RH_LOCKOUT
>>
>>            * TPM2_RH_PLATFORM
>>
>> pcr_extend <pcr> <digest_addr>
>>
>>        Extend PCR #<pcr> with digest at <digest_addr>.
>>
>>        <pcr>: index of the PCR
>>
>>        <digest_addr>: address of a 32-byte SHA256 digest pcr_read <pcr>
>> <digest_addr>
>>
>>        Read PCR #<pcr> to memory address <digest_addr>.
>>
>>       <pcr>: index of the PCR
>>
>>        <digest_addr>: address to store the a 32-byte SHA256 digest
>> get_capability <capability> <property> <addr> <count>
>>
>>        Read and display <count> entries indexed by <capability>/<property>.
>>
>>        Values are 4 bytes long and are written at <addr>.
>>
>>        <capability>: capability
>>
>>        <property>: property
>>
>>        <addr>: address to store <count> entries of 4 bytes
>>
>>        <count>: number of entries to retrieve dam_reset [<password>]
>>
>>        If the TPM is not in a LOCKOUT state, reset the internal error counter.
>>
>>        <password>: optional password
>>
>> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
>> [<password>]
>>
>>        If the TPM is not in a LOCKOUT state, set the DAM parameters
>>
>>        <maxTries>: maximum number of failures before lockout,
>>
>>                    0 means always locking
>>
>>        <recoveryTime>: time before decrement of the error counter,
>>
>>                        0 means no lockout
>>
>>        <lockoutRecovery>: time of a lockout (before the next try),
>>
>>                           0 means a reboot is needed
>>
>>        <password>: optional password of the LOCKOUT hierarchy
>> change_auth <hierarchy> <new_pw> [<old_pw>]
>>
>>        <hierarchy>: the hierarchy
>>
>>        <new_pw>: new password for <hierarchy>
>>
>>        <old_pw>: optional previous password of <hierarchy>
>> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>>
>>        Change the <key> to access PCR #<pcr>.
>>
>>        hierarchy and may be empty.
>>
>>        /!\WARNING: untested function, use at your own risks !
>>
>>        <pcr>: index of the PCR
>>
>>        <key>: secret to protect the access of PCR #<pcr>
>>
>>        <password>: optional password of the PLATFORM hierarchy
>>
>> Regards,
>>
>>       Stefan
>>
>>   > Thanks,
>>
>>   > Sandeep.
>>
>>   >
>>
>>   > -----Original Message-----
>>
>>   > From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   > Sent: Tuesday, May 9, 2023 10:01 PM
>>
>>   > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>>   >
>>
>>   > "External email. Open with Caution"
>>
>>   >
>>
>>   >
>>
>>   > On 5/9/23 08:06, Sandeep Kumar wrote:
>>
>>   >>    TCS Confidential
>>
>>   >>
>>
>>   >> Hi Stefan,
>>
>>   >>
>>
>>   >> Thanks for the help.
>>
>>   >>
>>
>>   >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>>
>>   >
>>
>>   > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>>
>>   >
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>>
>>   >
>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-1
>>
>>   > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>>
>>   > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>>
>>   > patch
>> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>>
>>   >
>>
>>   > Intel: https://github.com/tpm2-software/tpm2-tss#overview
>> <https://github.com/tpm2-software/tpm2-tss#overview>
>>
>>   > IBM: https://github.com/kgoldman/ibmtss
>> <https://github.com/kgoldman/ibmtss>
>>
>>   >
>>
>>   >      Stefan
>>
>>   >
>>
>>   >>
>>
>>   >> Thanks,
>>
>>   >> Sandeep.
>>
>>   >>
>>
>>   >> -----Original Message-----
>>
>>   >> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >> Sent: Saturday, May 6, 2023 2:08 AM
>>
>>   >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>
>>   >> Qemu
>>
>>   >>
>>
>>   >> "External email. Open with Caution"
>>
>>   >>
>>
>>   >>
>>
>>   >> On 5/5/23 13:36, Sandeep Kumar wrote:
>>
>>   >>>     TCS Confidential
>>
>>   >>>
>>
>>   >>> Hi Stefan,
>>
>>   >>>
>>
>>   >>> I have these options set in
>>
>>   >>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>
>>   >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>
>>   >>>
>>
>>   >>> CONFIG_HW_RANDOM=y
>>
>>   >>> CONFIG_HW_RANDOM_TPM=y
>>
>>   >>> CONFIG_TCG_TPM=y
>>
>>   >>> CONFIG_TCG_TIS_CORE=y
>>
>>   >>> CONFIG_TCG_TIS=y
>>
>>   >>> CONFIG_TCG_TIS_SPI=y
>>
>>   >>> CONFIG_TCG_TIS_I2C=y
>>
>>   >>> CONFIG_SECURITYFS=y
>>
>>   >>
>>
>>   >>
>>
>>   >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>
>>   >>
>>
>>   >> As long as these symbols are built into the kernel it should work:
>>
>>   >>
>>
>>   >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>>
>>   >>> tpm_tis_i2c_remove
>>
>>   >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>
>>   >>> 8056323c t tpm_tis_i2c_write_bytes
>>
>>   >>> 80563334 t tpm_tis_i2c_verify_crc
>>
>>   >>> 805633e0 t tpm_tis_i2c_read_bytes
>>
>>   >>> 80563604 t tpm_tis_i2c_probe
>>
>>   >>> 80d23964 t tpm_tis_i2c_driver_init
>>
>>   >>
>>
>>   >>>
>>
>>   >>> and in
>>
>>   >>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>
>>   >>> - k ernel/linux/linux-aspeed.inc I have these,
>>
>>   >>>
>>
>>   >>> SRC_URI += " \
>>
>>   >>> file://defconfig <file://defconfig> \
>>
>>   >>>
>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbaee
>> a41067e54c65176c233ec7b2ab2decf1ddcd
>> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbae
>> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>>
>>   >>>
>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3214
>> d471ac7b83ab7acef41c4425a34662e8372e
>> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f321
>> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>>
>>   >>> ${@bb.utils.contains('MACHINE_FEATURES
>> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
>> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
>> d)} \
>>
>>   >>> ${@bb.utils.contains_any('DISTRO_FEATURES
>> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>>
>>   >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>
>>   >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
>> <file://ubi/ubi.cfg>', '', d)} \
>>
>>   >>>               "
>>
>>   >>>
>>
>>   >>> Anything else needs to be done to enable TPM ?
>>
>>   >>
>>
>>   >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>
>>   >>
>>
>>   >>       Stefan
>>
>>   >>
>>
>>   >>>
>>
>>   >>> Thanks,
>>
>>   >>> Sandeep.
>>
>>   >>>
>>
>>   >>> -----Original Message-----
>>
>>   >>> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >>> Sent: Friday, May 5, 2023 9:41 PM
>>
>>   >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>
>>   >>> Qemu
>>
>>   >>>
>>
>>   >>> "External email. Open with Caution"
>>
>>   >>>
>>
>>   >>> I enable the following kernel build options for OpenBMC Linux kernel:
>>
>>   >>>
>>
>>   >>> CONFIG_TCG_TPM=y
>>
>>   >>> CONFIG_TCG_TIS_CORE=y
>>
>>   >>> CONFIG_TCG_TIS=y
>>
>>   >>> CONFIG_TCG_TIS_I2C=y
>>
>>   >>>
>>
>>   >>> With swtpm running in another terminal:
>>
>>   >>>
>>
>>   >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
>> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
>> done
>>
>>   >>>
>>
>>   >>> I start qemu built from qemu git master branch tip:
>>
>>   >>>
>>
>>   >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot
>> -net nic -net
>> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=
>> udp:127.0.0.1:5723-:623 -drive
>> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.s
>> tatic.mtd,format=raw,if=mtd -chardev
>> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
>> emulator,id=tpm0,chardev=chrtpm     -device
>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device
>>
>>   >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>> rev-id 1)
>>
>>   >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
>> the self test
>>
>>   >>> [   63.784256] tpm tpm0: starting up the TPM manually
>>
>>   >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# uname -a
>>
>>   >>> Linux evb-ast2600
>> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>>
>>   >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>>
>>   >>> tpm_tis_i2c_remove
>>
>>   >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>
>>   >>> 8056323c t tpm_tis_i2c_write_bytes
>>
>>   >>> 80563334 t tpm_tis_i2c_verify_crc
>>
>>   >>> 805633e0 t tpm_tis_i2c_read_bytes
>>
>>   >>> 80563604 t tpm_tis_i2c_probe
>>
>>   >>> 80d23964 t tpm_tis_i2c_driver_init
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>
>>   >>> /sys/class/tpm/tpm0
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# ls -l /dev/tpm*
>>
>>   >>> crw-------    1 root     root       10, 224 May  5 16:03
>> /dev/tpm0
>>
>>   >>> crw-------    1 root     root      252, 65536 May  5 16:03
>> /dev/tpmrm0
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# find /sys/ | grep pcr
>>
>>   >>>
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>
>>   >>> b
>>
>>   >>> u
>>
>>   >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>
>>   >>>
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>
>>   >>> b
>>
>>   >>> u
>>
>>   >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>
>>   >>> [... lots more entries also for sha256, sha384, and sha512 ]
>>
>>   >>>
>>
>>   >>>
>>
>>   >>>
>>
>>   >>>
>>
>>   >>> It seems to work as expected
>>
>>   >>>
>>
>>   >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>
>>   >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>
>>   >>>> Thanks, Sandeep. -----Original Message----- From: Stefan Berger
>>
>>   >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>
>>   >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >>>> ZjQcmQRYFpfptBannerEnd
>>
>>   >>>>
>>
>>   >>>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>
>>
>>   >>>> Hi Stefan,
>>
>>   >>>>
>>
>>   >>>> Please find below my answers inline.
>>
>>   >>>>
>>
>>   >>>> Thanks,
>>
>>   >>>>
>>
>>   >>>> Sandeep.
>>
>>   >>>>
>>
>>   >>>> -----Original Message-----
>>
>>   >>>> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >>>> Sent: Friday, May 5, 2023 6:56 PM
>>
>>   >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >>>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >>>> Qemu
>>
>>   >>>>
>>
>>   >>>> "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >   TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Hi Stefan,
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>>>
>>
>>   >>>>     > Ans:
>>
>>   >>>>
>>
>>   >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>
>>   >>>>
>>
>>   >>>>     >          Kernel version used : Linux evb-ast2600
>> 6.1.15-580639a #1
>>
>>   >>>> SMP
>>
>>   >>>>
>>
>>   >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
>> |
>>
>>   >>>> grep pcr
>>
>>   >>>>
>>
>>   >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Could you please point to the right version of kernel which has all these changes ?
>>
>>   >>>>
>>
>>   >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>
>>   >>>>
>>
>>   >>>> Does this show any files?
>>
>>   >>>>
>>
>>   >>>> find /sys | grep pcr
>>
>>   >>>>
>>
>>   >>>> *Sandeep: It doesn't show any files. *
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>
>>   >>>>
>>
>>   >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>
>>   >>>> Output as below, *
>>
>>   >>>>
>>
>>   >>>> **
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# ls /dev/tpm**
>>
>>   >>>>
>>
>>   >>>> *ls: /dev/tpm*: No such file or directory*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>
>>   >>>>
>>
>>   >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
>> mode
>>
>>   >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>>
>>   >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN
>>
>>   >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT
>>
>>   >>>> -QRENCODE -TPM2
>>
>>   >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>
>>   >>>> -SYSVINIT
>>
>>   >>>> default-hierarchy=unified)*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>         Stefan
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Thanks,
>>
>>   >>>>
>>
>>   >>>>     > Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>
>>   >>>> <mailto:stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>>
>>
>>   >>>>
>>
>>   >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>
>>   >>>>
>>
>>   >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >>>> <mailto:sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>>
>>   >>>>
>>
>>   >>>>     > <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>> Ninad
>>
>>   >>>> Palsule
>>
>>   >>>>
>>
>>   >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>
>>   >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>
>>   >>>>
>>
>>   >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >>>>
>>
>>   >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on Qemu
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential Hi C, I was able to build and run the
>>
>>   >>>> image(for
>>
>>   >>>>
>>
>>   >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
>> with
>>
>>   >>>> the
>>
>>   >>>>
>>
>>   >>>>     >> flash. img provided in your github link(https: //github.
>>
>>   >>>>
>>
>>   >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >>>>
>>
>>   >>>>     >> ZjQcmQRYFpfptBannerEnd
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> Hi C,
>>
>>   >>>>
>>
>>   >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>
>>   >>>>
>>
>>   >>>>     >> Few issues observed,
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> *# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
>> 0x1,
>>
>>   >>>> rev-id
>>
>>   >>>>
>>
>>   >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>
>>   >>>> device
>>
>>   >>>>
>>
>>   >>>>     >> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >>   2. If I run it with the locally built image, I get this
>> error,
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>>
>>
>>   >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
>> device
>>
>>   >>>>
>>
>>   >>>>     >> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > What is the output of this?
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > find /sys/class/tpm | grep pcr
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >     Stefan
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~# cat
>> /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >>>>
>>
>>   >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
>> such
>>
>>   >>>> file or
>>
>>   >>>>
>>
>>   >>>>     >> directory*
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>     >> Please do let me know about what has been done to write
>> the
>>
>>   >>>> values
>>
>>   >>>>
>>
>>   >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> _____________________________________________
>>
>>   >>>>
>>
>>   >>>>     >> *From:* Sandeep Kumar
>>
>>   >>>>
>>
>>   >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>
>>   >>>>
>>
>>   >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>
>>   >>>>
>>
>>   >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>
>>   >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>; Joel
>> Stanley <jms@jms.id.au
>>
>>   >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>>
>>   >>>>
>>
>>   >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >>>>
>>
>>   >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu Hi C, How to build this image =>
>>
>>   >>>>
>>
>>   >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don��t get this image built.
>>
>>   >>>>
>>
>>   >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>
>>   >>>>
>>
>>   >>>>     >> Please advise if we have to build openbmc stack in a
>>
>>   >>>> different way
>>
>>   >>>>
>>
>>   >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>
>>   >>>>
>>
>>   >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     >> From: Sandeep Kumar
>>
>>   >>>>
>>
>>   >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>
>>   >>>>
>>
>>   >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>
>>   >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>>
>>   >>>>
>>
>>   >>>>     >> _openbmc@lists.ozlabs.org_
>> <mailto:_openbmc@lists.ozlabs.org_>
>>
>>   >>>> <mailto:_openbmc@lists.ozlabs.org_
>> <mailto:_openbmc@lists.ozlabs.org_>>
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>>;
>>
>>   >>>> Ninad
>>
>>   >>>>
>>
>>   >>>>     >> Palsule <_ninad@linux.ibm.com_
>> <mailto:ninad@linux.ibm.com
>>
>>   >>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>>
>>   >>>> Joel
>>
>>   >>>>
>>
>>   >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>
>>   >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>
>>   >>>> Jeffery
>>
>>   >>>>
>>
>>   >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>
>>   >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>
>>   >>>> supported on
>>
>>   >>>>
>>
>>   >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>
>>   >>>>
>>
>>   >>>>     >> Thanks,
>>
>>   >>>>
>>
>>   >>>>     >> Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>
>>   >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>
>>   >>>>
>>
>>   >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:sandeep.pkumar@tcs.com
>>
>>   >>>> <mailto:sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:openbmc@lists.ozlabs.org
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>>
>>   >>>> <ninad@linux.ibm.com
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>>
>>   >>>> Joel Stanley <jms@jms.id.au
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>
>>   >>>> Jeffery <andrew@aj.id.au
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>>     >> Hello Sandeep
>>
>>   >>>>
>>
>>   >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>>
>>   >>>>     >>> Hi C,
>>
>>   >>>>
>>
>>   >>>>     >>> Built the qemu from your branch. Few issues, *$
>>
>>   >>>> ./qemu-system-arm -m
>>
>>   >>>>
>>
>>   >>>>     >>> 256 -M romulus-bmc -nographic -drive
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>
>>   >>>> -net
>>
>>   >>>>
>>
>>   >>>>     >>> nic -net
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>
>>   >>>> w
>>
>>   >>>>
>>
>>   >>>>     >>> d
>>
>>   >>>>
>>
>>   >>>>     >>> =
>>
>>   >>>>
>>
>>   >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>>>
>>
>>   >>>>     >>> 1
>>
>>   >>>>
>>
>>   >>>>     >>> 2
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>
>>   >>>>
>>
>>   >>>>     >>> *qemu-system-arm: -net
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>
>>   >>>> w
>>
>>   >>>>
>>
>>   >>>>     >>> d
>>
>>   >>>>
>>
>>   >>>>     >>> =
>>
>>   >>>>
>>
>>   >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>>>
>>
>>   >>>>     >>> 1
>>
>>   >>>>
>>
>>   >>>>     >>> 2
>>
>>   >>>>
>>
>>   >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>
>>   >>>>
>>
>>   >>>>     >>> network backend 'user' is not compiled into this binary*
>> I
>>
>>   >>>> didn’t
>>
>>   >>>>
>>
>>   >>>>     >>> enable the slirp package I guess. So enabled it while
>>
>>   >>>> running
>>
>>   >>>>
>>
>>   >>>>     >>> configure, *$ ../configure --enable-slirp*
>>
>>   >>>>
>>
>>   >>>>     >>> *........*
>>
>>   >>>>
>>
>>   >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>
>>   >>>>
>>
>>   >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
>> found,
>>
>>   >>>> tried
>>
>>   >>>>
>>
>>   >>>>     >>> pkgconfig* *A full log can be found at
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>>
>>   >>>> /
>>
>>   >>>>
>>
>>   >>>>     >>> m
>>
>>   >>>>
>>
>>   >>>>     >>> e
>>
>>   >>>>
>>
>>   >>>>     >>> son-log.txt*
>>
>>   >>>>
>>
>>   >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>>
>>   >>>> with
>>
>>   >>>>
>>
>>   >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>
>>   >>>>
>>
>>   >>>>     >>> *ERROR: meson setup failed*
>>
>>   >>>>
>>
>>   >>>>     >>> I have already installed slirp locally, but still getting the above error.
>>
>>   >>>>
>>
>>   >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>
>>   >>>>
>>
>>   >>>>     >> C.
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> =====-----=====-----=====
>>
>>   >>>>
>>
>>   >>>>     >> Notice: The information contained in this e-mail message
>>
>>   >>>> and/or
>>
>>   >>>>
>>
>>   >>>>     >> attachments to it may contain confidential or privileged information.
>>
>>   >>>>
>>
>>   >>>>     >> If you are not the intended recipient, any dissemination,
>>
>>   >>>> use,
>>
>>   >>>>
>>
>>   >>>>     >> review, distribution, printing or copying of the
>> information
>>
>>   >>>>
>>
>>   >>>>     >> contained in this e-mail message and/or attachments to it
>>
>>   >>>> are
>>
>>   >>>>
>>
>>   >>>>     >> strictly prohibited. If you have received this
>> communication
>>
>>   >>>> in
>>
>>   >>>>
>>
>>   >>>>     >> error, please notify us by reply e-mail or telephone and
>>
>>   >>>> immediately
>>
>>   >>>>
>>
>>   >>>>     >> and permanently delete the message and any attachments.
>>
>>   >>>> Thank you
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >   TCS Confidential
>>
>>   >>>>
>>
>>   >>>>
>>
>>   >>>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>
>>
>>   >>>     TCS Confidential
>>
>>   >>
>>
>>   >>    TCS Confidential
>>
>>   >
>>
>>   >   TCS Confidential
>>
>>
>> TCS Confidential
>>
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi All,

We are still stuck in this step. Tried few things like changing the defconfig for the machine to support TPM, changes to local.conf to include the packages, etc. But nothing helped. Would appreciate any help to rectify this problem.

Thanks,
Sandeep.



-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Thursday, May 25, 2023 6:19 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/25/23 05:49, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi Stefan,
>
> Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"

$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

      obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

      core-image-minimal: A small image just capable of allowing a device to boot

      core-image-full-cmdline: A small image with more Linux functionality
                               installed, including a ssh server.

Note that the core targets will not set the default phosphor password.


    Stefan



>
> Thanks,
> Sandeep.
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Tuesday, May 23, 2023 8:06 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
>
>
> On 5/23/23 01:59, Sandeep Kumar wrote:
>
>>
>> TCS Confidential
>
> What is TCS Confidential ?
>
>>
>>
>> Hi Stefan,
>>
>> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>>
>
> When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.
>
>       Stefan
>
>>     gcc
>> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-as
>> t
>> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v
>> 2 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include
>> -O2 -pipe
>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/
>> t
>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.0
>> 4
>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/
>> t
>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.0
>> 4
>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,--enable-new-dtags
>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/buil
>> d
>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed
>> -
>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>
>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/buil
>> d
>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed
>> - sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb
>> -
>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/
>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb
>> -
>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/
>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
>> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
>> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
>> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
>> tools/image-host.o tools/common/image.o tools/imagetool.o
>> tools/imximage.o tools/imx8image.o tools/imx8mimage.o
>> tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o
>> tools/mxsimage.o tools/omapimage.o tools/os_support.o
>> tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o
>> tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o
>> tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o
>> tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o
>> tools/common/hash.o tools/ublimage.o tools/zynqimage.o
>> tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o
>> tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
>> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
>> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
>> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
>> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
>> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
>> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
>> tools/fit_check_sign.o  -lssl -lcrypto
>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>>
>> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>>
>> collect2: error: ld returned 1 exit status
>>
>> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>>
>> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Thursday, May 18, 2023 5:10 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>> "External email. Open with Caution"
>>
>> On 5/17/23 13:13, Sandeep Kumar wrote:
>>
>>   >   TCS Confidential
>>
>>   >
>>
>>   > Hi Stefan,
>>
>>   >
>>
>>   > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>>
>>   >
>>
>> There are quite a few commands in u-boot:
>>
>> ast# tpm2
>>
>> tpm2 - Issue a TPMv2.x command
>>
>> Usage:
>>
>> tpm2 <command> [<arguments>]
>>
>> device [num device]
>>
>>        Show all devices or set the specified device info
>>
>>        Show information about the TPM.
>>
>> state
>>
>>        Show internal state from the TPM (if available) init
>>
>>        Initialize the software stack. Always the first command to issue.
>>
>> startup <mode>
>>
>>        Issue a TPM2_Startup command.
>>
>>        <mode> is one of:
>>
>>            * TPM2_SU_CLEAR (reset state)
>>
>>            * TPM2_SU_STATE (preserved state) self_test <type>
>>
>>        Test the TPM capabilities.
>>
>>        <type> is one of:
>>
>>            * full (perform all tests)
>>
>>            * continue (only check untested tests) clear <hierarchy>
>>
>>        Issue a TPM2_Clear command.
>>
>>        <hierarchy> is one of:
>>
>>            * TPM2_RH_LOCKOUT
>>
>>            * TPM2_RH_PLATFORM
>>
>> pcr_extend <pcr> <digest_addr>
>>
>>        Extend PCR #<pcr> with digest at <digest_addr>.
>>
>>        <pcr>: index of the PCR
>>
>>        <digest_addr>: address of a 32-byte SHA256 digest pcr_read
>> <pcr> <digest_addr>
>>
>>        Read PCR #<pcr> to memory address <digest_addr>.
>>
>>       <pcr>: index of the PCR
>>
>>        <digest_addr>: address to store the a 32-byte SHA256 digest
>> get_capability <capability> <property> <addr> <count>
>>
>>        Read and display <count> entries indexed by <capability>/<property>.
>>
>>        Values are 4 bytes long and are written at <addr>.
>>
>>        <capability>: capability
>>
>>        <property>: property
>>
>>        <addr>: address to store <count> entries of 4 bytes
>>
>>        <count>: number of entries to retrieve dam_reset [<password>]
>>
>>        If the TPM is not in a LOCKOUT state, reset the internal error counter.
>>
>>        <password>: optional password
>>
>> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
>> [<password>]
>>
>>        If the TPM is not in a LOCKOUT state, set the DAM parameters
>>
>>        <maxTries>: maximum number of failures before lockout,
>>
>>                    0 means always locking
>>
>>        <recoveryTime>: time before decrement of the error counter,
>>
>>                        0 means no lockout
>>
>>        <lockoutRecovery>: time of a lockout (before the next try),
>>
>>                           0 means a reboot is needed
>>
>>        <password>: optional password of the LOCKOUT hierarchy
>> change_auth <hierarchy> <new_pw> [<old_pw>]
>>
>>        <hierarchy>: the hierarchy
>>
>>        <new_pw>: new password for <hierarchy>
>>
>>        <old_pw>: optional previous password of <hierarchy>
>> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>>
>>        Change the <key> to access PCR #<pcr>.
>>
>>        hierarchy and may be empty.
>>
>>        /!\WARNING: untested function, use at your own risks !
>>
>>        <pcr>: index of the PCR
>>
>>        <key>: secret to protect the access of PCR #<pcr>
>>
>>        <password>: optional password of the PLATFORM hierarchy
>>
>> Regards,
>>
>>       Stefan
>>
>>   > Thanks,
>>
>>   > Sandeep.
>>
>>   >
>>
>>   > -----Original Message-----
>>
>>   > From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   > Sent: Tuesday, May 9, 2023 10:01 PM
>>
>>   > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>>   >
>>
>>   > "External email. Open with Caution"
>>
>>   >
>>
>>   >
>>
>>   > On 5/9/23 08:06, Sandeep Kumar wrote:
>>
>>   >>    TCS Confidential
>>
>>   >>
>>
>>   >> Hi Stefan,
>>
>>   >>
>>
>>   >> Thanks for the help.
>>
>>   >>
>>
>>   >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>>
>>   >
>>
>>   > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>>
>>   >
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>>
>>   >
>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-
>> 1
>>
>>   > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>>
>>   > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>>
>>   > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>>
>>   > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>>
>>   > patch
>> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>>
>>   >
>>
>>   > Intel: https://github.com/tpm2-software/tpm2-tss#overview
>> <https://github.com/tpm2-software/tpm2-tss#overview>
>>
>>   > IBM: https://github.com/kgoldman/ibmtss
>> <https://github.com/kgoldman/ibmtss>
>>
>>   >
>>
>>   >      Stefan
>>
>>   >
>>
>>   >>
>>
>>   >> Thanks,
>>
>>   >> Sandeep.
>>
>>   >>
>>
>>   >> -----Original Message-----
>>
>>   >> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >> Sent: Saturday, May 6, 2023 2:08 AM
>>
>>   >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >> Qemu
>>
>>   >>
>>
>>   >> "External email. Open with Caution"
>>
>>   >>
>>
>>   >>
>>
>>   >> On 5/5/23 13:36, Sandeep Kumar wrote:
>>
>>   >>>     TCS Confidential
>>
>>   >>>
>>
>>   >>> Hi Stefan,
>>
>>   >>>
>>
>>   >>> I have these options set in
>>
>>   >>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>
>>   >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>
>>   >>>
>>
>>   >>> CONFIG_HW_RANDOM=y
>>
>>   >>> CONFIG_HW_RANDOM_TPM=y
>>
>>   >>> CONFIG_TCG_TPM=y
>>
>>   >>> CONFIG_TCG_TIS_CORE=y
>>
>>   >>> CONFIG_TCG_TIS=y
>>
>>   >>> CONFIG_TCG_TIS_SPI=y
>>
>>   >>> CONFIG_TCG_TIS_I2C=y
>>
>>   >>> CONFIG_SECURITYFS=y
>>
>>   >>
>>
>>   >>
>>
>>   >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>
>>   >>
>>
>>   >> As long as these symbols are built into the kernel it should work:
>>
>>   >>
>>
>>   >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>>
>>   >>> tpm_tis_i2c_remove
>>
>>   >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>
>>   >>> 8056323c t tpm_tis_i2c_write_bytes
>>
>>   >>> 80563334 t tpm_tis_i2c_verify_crc
>>
>>   >>> 805633e0 t tpm_tis_i2c_read_bytes
>>
>>   >>> 80563604 t tpm_tis_i2c_probe
>>
>>   >>> 80d23964 t tpm_tis_i2c_driver_init
>>
>>   >>
>>
>>   >>>
>>
>>   >>> and in
>>
>>   >>>
>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>
>>   >>> - k ernel/linux/linux-aspeed.inc I have these,
>>
>>   >>>
>>
>>   >>> SRC_URI += " \
>>
>>   >>> file://defconfig <file://defconfig> \
>>
>>   >>>
>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbae
>> e
>> a41067e54c65176c233ec7b2ab2decf1ddcd
>> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dba
>> e
>> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>>
>>   >>>
>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f321
>> 4
>> d471ac7b83ab7acef41c4425a34662e8372e
>> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f32
>> 1
>> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>>
>>   >>> ${@bb.utils.contains('MACHINE_FEATURES
>> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
>> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
>> d)} \
>>
>>   >>> ${@bb.utils.contains_any('DISTRO_FEATURES
>> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>>
>>   >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>
>>   >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
>> <file://ubi/ubi.cfg>', '', d)} \
>>
>>   >>>               "
>>
>>   >>>
>>
>>   >>> Anything else needs to be done to enable TPM ?
>>
>>   >>
>>
>>   >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>
>>   >>
>>
>>   >>       Stefan
>>
>>   >>
>>
>>   >>>
>>
>>   >>> Thanks,
>>
>>   >>> Sandeep.
>>
>>   >>>
>>
>>   >>> -----Original Message-----
>>
>>   >>> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >>> Sent: Friday, May 5, 2023 9:41 PM
>>
>>   >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >>> Qemu
>>
>>   >>>
>>
>>   >>> "External email. Open with Caution"
>>
>>   >>>
>>
>>   >>> I enable the following kernel build options for OpenBMC Linux kernel:
>>
>>   >>>
>>
>>   >>> CONFIG_TCG_TPM=y
>>
>>   >>> CONFIG_TCG_TIS_CORE=y
>>
>>   >>> CONFIG_TCG_TIS=y
>>
>>   >>> CONFIG_TCG_TIS_I2C=y
>>
>>   >>>
>>
>>   >>> With swtpm running in another terminal:
>>
>>   >>>
>>
>>   >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
>> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
>> done
>>
>>   >>>
>>
>>   >>> I start qemu built from qemu git master branch tip:
>>
>>   >>>
>>
>>   >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot
>> -net nic -net
>> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd
>> =
>> udp:127.0.0.1:5723-:623 -drive
>> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.
>> s
>> tatic.mtd,format=raw,if=mtd -chardev
>> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
>> emulator,id=tpm0,chardev=chrtpm     -device
>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device
>>
>>   >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>> rev-id 1)
>>
>>   >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
>> the self test
>>
>>   >>> [   63.784256] tpm tpm0: starting up the TPM manually
>>
>>   >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# uname -a
>>
>>   >>> Linux evb-ast2600
>> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>>
>>   >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>>
>>   >>> tpm_tis_i2c_remove
>>
>>   >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>
>>   >>> 8056323c t tpm_tis_i2c_write_bytes
>>
>>   >>> 80563334 t tpm_tis_i2c_verify_crc
>>
>>   >>> 805633e0 t tpm_tis_i2c_read_bytes
>>
>>   >>> 80563604 t tpm_tis_i2c_probe
>>
>>   >>> 80d23964 t tpm_tis_i2c_driver_init
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>
>>   >>> /sys/class/tpm/tpm0
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# ls -l /dev/tpm*
>>
>>   >>> crw-------    1 root     root       10, 224 May  5 16:03
>> /dev/tpm0
>>
>>   >>> crw-------    1 root     root      252, 65536 May  5 16:03
>> /dev/tpmrm0
>>
>>   >>>
>>
>>   >>> root@evb-ast2600:~# find /sys/ | grep pcr
>>
>>   >>>
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>
>>   >>> b
>>
>>   >>> u
>>
>>   >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>
>>   >>>
>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>
>>   >>> b
>>
>>   >>> u
>>
>>   >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>
>>   >>> [... lots more entries also for sha256, sha384, and sha512 ]
>>
>>   >>>
>>
>>   >>>
>>
>>   >>>
>>
>>   >>>
>>
>>   >>> It seems to work as expected
>>
>>   >>>
>>
>>   >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>
>>   >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>
>>   >>>> Thanks, Sandeep. -----Original Message----- From: Stefan
>> Berger
>>
>>   >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>
>>   >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >>>> ZjQcmQRYFpfptBannerEnd
>>
>>   >>>>
>>
>>   >>>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>
>>
>>   >>>> Hi Stefan,
>>
>>   >>>>
>>
>>   >>>> Please find below my answers inline.
>>
>>   >>>>
>>
>>   >>>> Thanks,
>>
>>   >>>>
>>
>>   >>>> Sandeep.
>>
>>   >>>>
>>
>>   >>>> -----Original Message-----
>>
>>   >>>> From: Stefan Berger <stefanb@linux.ibm.com
>> <mailto:stefanb@linux.ibm.com>>
>>
>>   >>>> Sent: Friday, May 5, 2023 6:56 PM
>>
>>   >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>
>>   >>>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>
>>   >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>
>>   >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>
>>   >>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>> on
>>
>>   >>>> Qemu
>>
>>   >>>>
>>
>>   >>>> "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >   TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Hi Stefan,
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>>>
>>
>>   >>>>     > Ans:
>>
>>   >>>>
>>
>>   >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>
>>   >>>>
>>
>>   >>>>     >          Kernel version used : Linux evb-ast2600
>> 6.1.15-580639a #1
>>
>>   >>>> SMP
>>
>>   >>>>
>>
>>   >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
>> |
>>
>>   >>>> grep pcr
>>
>>   >>>>
>>
>>   >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Could you please point to the right version of kernel which has all these changes ?
>>
>>   >>>>
>>
>>   >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>
>>   >>>>
>>
>>   >>>> Does this show any files?
>>
>>   >>>>
>>
>>   >>>> find /sys | grep pcr
>>
>>   >>>>
>>
>>   >>>> *Sandeep: It doesn't show any files. *
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>
>>   >>>>
>>
>>   >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>
>>   >>>> Output as below, *
>>
>>   >>>>
>>
>>   >>>> **
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# ls /dev/tpm**
>>
>>   >>>>
>>
>>   >>>> *ls: /dev/tpm*: No such file or directory*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>
>>   >>>>
>>
>>   >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
>> mode
>>
>>   >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>>
>>   >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN
>>
>>   >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT
>>
>>   >>>> -QRENCODE -TPM2
>>
>>   >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>
>>   >>>> -SYSVINIT
>>
>>   >>>> default-hierarchy=unified)*
>>
>>   >>>>
>>
>>   >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>
>>   >>>> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>         Stefan
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Thanks,
>>
>>   >>>>
>>
>>   >>>>     > Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>
>>   >>>> <mailto:stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>>
>>
>>   >>>>
>>
>>   >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>
>>   >>>>
>>
>>   >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >>>> <mailto:sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>>
>>   >>>>
>>
>>   >>>>     > <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>> Ninad
>>
>>   >>>> Palsule
>>
>>   >>>>
>>
>>   >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>
>>   >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>
>>   >>>>
>>
>>   >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >>>>
>>
>>   >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on Qemu
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential Hi C, I was able to build and run the
>>
>>   >>>> image(for
>>
>>   >>>>
>>
>>   >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
>> with
>>
>>   >>>> the
>>
>>   >>>>
>>
>>   >>>>     >> flash. img provided in your github link(https: //github.
>>
>>   >>>>
>>
>>   >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>
>>   >>>>
>>
>>   >>>>     >> ZjQcmQRYFpfptBannerEnd
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> Hi C,
>>
>>   >>>>
>>
>>   >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>
>>   >>>>
>>
>>   >>>>     >> Few issues observed,
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> *# echo tpm_tis_i2c 0x2e >
>>
>>   >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
>> 0x1,
>>
>>   >>>> rev-id
>>
>>   >>>>
>>
>>   >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>
>>   >>>> device
>>
>>   >>>>
>>
>>   >>>>     >> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >> *#*
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >>   2. If I run it with the locally built image, I get this
>> error,
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>
>>   >>>>
>>
>>   >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>
>>   >>>>
>>
>>   >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
>> device
>>
>>   >>>>
>>
>>   >>>>     >> tpm_tis_i2c at 0x2e*
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > What is the output of this?
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     > find /sys/class/tpm | grep pcr
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >     Stefan
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~# cat
>> /sys/class/tpm/tpm0/pcr-sha256/0*
>>
>>   >>>>
>>
>>   >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
>> such
>>
>>   >>>> file or
>>
>>   >>>>
>>
>>   >>>>     >> directory*
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>     >> *root@evb-ast2600:~#*
>>
>>   >>>>
>>
>>   >>>>     >> Please do let me know about what has been done to write
>> the
>>
>>   >>>> values
>>
>>   >>>>
>>
>>   >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> _____________________________________________
>>
>>   >>>>
>>
>>   >>>>     >> *From:* Sandeep Kumar
>>
>>   >>>>
>>
>>   >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>
>>   >>>>
>>
>>   >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>
>>   >>>>
>>
>>   >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>
>>   >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>> Joel Stanley <jms@jms.id.au
>>
>>   >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>>
>>   >>>>
>>
>>   >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>
>>   >>>>
>>
>>   >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu Hi C, How to build this image =>
>>
>>   >>>>
>>
>>   >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don  t get this image built.
>>
>>   >>>>
>>
>>   >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>
>>   >>>>
>>
>>   >>>>     >> Please advise if we have to build openbmc stack in a
>>
>>   >>>> different way
>>
>>   >>>>
>>
>>   >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>
>>   >>>>
>>
>>   >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     >> From: Sandeep Kumar
>>
>>   >>>>
>>
>>   >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>
>>   >>>>
>>
>>   >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>
>>   >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>>
>>   >>>>
>>
>>   >>>>     >> _openbmc@lists.ozlabs.org_
>> <mailto:_openbmc@lists.ozlabs.org_>
>>
>>   >>>> <mailto:_openbmc@lists.ozlabs.org_
>> <mailto:_openbmc@lists.ozlabs.org_>>
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>>;
>>
>>   >>>> Ninad
>>
>>   >>>>
>>
>>   >>>>     >> Palsule <_ninad@linux.ibm.com_
>> <mailto:ninad@linux.ibm.com
>>
>>   >>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>>
>>   >>>> Joel
>>
>>   >>>>
>>
>>   >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>
>>   >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>
>>   >>>> Jeffery
>>
>>   >>>>
>>
>>   >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>
>>   >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>
>>   >>>> supported on
>>
>>   >>>>
>>
>>   >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>
>>   >>>>
>>
>>   >>>>     >> Thanks,
>>
>>   >>>>
>>
>>   >>>>     >> Sandeep.
>>
>>   >>>>
>>
>>   >>>>     >> -----Original Message-----
>>
>>   >>>>
>>
>>   >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>
>>   >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>
>>   >>>>
>>
>>   >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:sandeep.pkumar@tcs.com
>>
>>   >>>> <mailto:sandeep.pkumar@tcs.com
>> <mailto:sandeep.pkumar@tcs.com>>>>;
>>
>>   >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:openbmc@lists.ozlabs.org
>>
>>   >>>> <mailto:openbmc@lists.ozlabs.org
>> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>>
>>   >>>> <ninad@linux.ibm.com
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>>
>>   >>>> Joel Stanley <jms@jms.id.au
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>
>>   >>>> Jeffery <andrew@aj.id.au
>>
>>   >>>>
>>
>>   >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>>
>>   >>>>
>>
>>   >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>>
>>   >>>> OpenBMC on
>>
>>   >>>>
>>
>>   >>>>     >> Qemu "External email. Open with Caution"
>>
>>   >>>>
>>
>>   >>>>     >> Hello Sandeep
>>
>>   >>>>
>>
>>   >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>
>>   >>>>
>>
>>   >>>>     >>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>>
>>   >>>>     >>> Hi C,
>>
>>   >>>>
>>
>>   >>>>     >>> Built the qemu from your branch. Few issues, *$
>>
>>   >>>> ./qemu-system-arm -m
>>
>>   >>>>
>>
>>   >>>>     >>> 256 -M romulus-bmc -nographic -drive
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>
>>   >>>> -net
>>
>>   >>>>
>>
>>   >>>>     >>> nic -net
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>
>>   >>>> w
>>
>>   >>>>
>>
>>   >>>>     >>> d
>>
>>   >>>>
>>
>>   >>>>     >>> =
>>
>>   >>>>
>>
>>   >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>>>
>>
>>   >>>>     >>> 1
>>
>>   >>>>
>>
>>   >>>>     >>> 2
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>
>>   >>>>
>>
>>   >>>>     >>> *qemu-system-arm: -net
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>
>>   >>>> w
>>
>>   >>>>
>>
>>   >>>>     >>> d
>>
>>   >>>>
>>
>>   >>>>     >>> =
>>
>>   >>>>
>>
>>   >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>
>>   >>>>
>>
>>   >>>>     >>> 1
>>
>>   >>>>
>>
>>   >>>>     >>> 2
>>
>>   >>>>
>>
>>   >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>
>>   >>>>
>>
>>   >>>>     >>> network backend 'user' is not compiled into this binary*
>> I
>>
>>   >>>> didn’t
>>
>>   >>>>
>>
>>   >>>>     >>> enable the slirp package I guess. So enabled it while
>>
>>   >>>> running
>>
>>   >>>>
>>
>>   >>>>     >>> configure, *$ ../configure --enable-slirp*
>>
>>   >>>>
>>
>>   >>>>     >>> *........*
>>
>>   >>>>
>>
>>   >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>
>>   >>>>
>>
>>   >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
>> found,
>>
>>   >>>> tried
>>
>>   >>>>
>>
>>   >>>>     >>> pkgconfig* *A full log can be found at
>>
>>   >>>>
>>
>>   >>>>     >>>
>>
>>   >>>>
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>>
>>   >>>> /
>>
>>   >>>>
>>
>>   >>>>     >>> m
>>
>>   >>>>
>>
>>   >>>>     >>> e
>>
>>   >>>>
>>
>>   >>>>     >>> son-log.txt*
>>
>>   >>>>
>>
>>   >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>>
>>   >>>> with
>>
>>   >>>>
>>
>>   >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>
>>   >>>>
>>
>>   >>>>     >>> *ERROR: meson setup failed*
>>
>>   >>>>
>>
>>   >>>>     >>> I have already installed slirp locally, but still getting the above error.
>>
>>   >>>>
>>
>>   >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>
>>   >>>>
>>
>>   >>>>     >> C.
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> TCS Confidential
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >> =====-----=====-----=====
>>
>>   >>>>
>>
>>   >>>>     >> Notice: The information contained in this e-mail message
>>
>>   >>>> and/or
>>
>>   >>>>
>>
>>   >>>>     >> attachments to it may contain confidential or privileged information.
>>
>>   >>>>
>>
>>   >>>>     >> If you are not the intended recipient, any dissemination,
>>
>>   >>>> use,
>>
>>   >>>>
>>
>>   >>>>     >> review, distribution, printing or copying of the
>> information
>>
>>   >>>>
>>
>>   >>>>     >> contained in this e-mail message and/or attachments to it
>>
>>   >>>> are
>>
>>   >>>>
>>
>>   >>>>     >> strictly prohibited. If you have received this
>> communication
>>
>>   >>>> in
>>
>>   >>>>
>>
>>   >>>>     >> error, please notify us by reply e-mail or telephone and
>>
>>   >>>> immediately
>>
>>   >>>>
>>
>>   >>>>     >> and permanently delete the message and any attachments.
>>
>>   >>>> Thank you
>>
>>   >>>>
>>
>>   >>>>     >>
>>
>>   >>>>
>>
>>   >>>>     >
>>
>>   >>>>
>>
>>   >>>>     >   TCS Confidential
>>
>>   >>>>
>>
>>   >>>>
>>
>>   >>>> TCS Confidential
>>
>>   >>>>
>>
>>   >>>
>>
>>   >>>     TCS Confidential
>>
>>   >>
>>
>>   >>    TCS Confidential
>>
>>   >
>>
>>   >   TCS Confidential
>>
>>
>> TCS Confidential
>>
>
>   TCS Confidential

 TCS Confidential

Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Stefan Berger]

On 5/31/23 01:04, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi All,
> 
> We are still stuck in this step. Tried few things like changing the defconfig for the machine to support TPM, changes to local.conf to include the packages, etc. But nothing helped. Would appreciate any help to rectify this problem.

Maybe you need to show the config files you made changes to so that others can try to recreate the issue. As I stated below for me uboot has TPM 2 support with the default configuration -- no changes needed:

$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

      obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

      core-image-minimal: A small image just capable of allowing a device to boot

      core-image-full-cmdline: A small image with more Linux functionality
                               installed, including a ssh server.

Note that the core targets will not set the default phosphor password.

$ bitbake obmc-phosphor-image
[...]

$ ~/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mt
[...]


Hit any key to stop autoboot:  0
ast# help
?         - alias for 'help'
base      - print or set address offset
bdinfo    - print Board Info structure
blkcache  - block cache diagnostics and control
boot      - boot default, i.e., run 'bootcmd'
bootd     - boot default, i.e., run 'bootcmd'
bootm     - boot application image from memory
bootp     - boot image via network using BOOTP/TFTP protocol
bootz     - boot Linux zImage image from memory
chpart    - change active partition
clk       - CLK sub-system
cmp       - memory compare
coninfo   - print console devices and information
cp        - memory copy
crc32     - checksum calculation
dhcp      - boot image via network using DHCP/TFTP protocol
dm        - Driver model low level access
dramtest  - ASPEED DRAM BIST
echo      - echo args to console
editenv   - edit environment variable
env       - environment handling commands
erase     - erase FLASH memory
exit      - exit script
ext2load  - load binary file from a Ext2 filesystem
ext2ls    - list files in a directory (default /)
ext4load  - load binary file from a Ext4 filesystem
ext4ls    - list files in a directory (default /)
ext4size  - determine a file's size
ext4write - create a file in the root directory
false     - do nothing, unsuccessfully
fatinfo   - print information about filesystem
fatload   - load binary file from a dos filesystem
fatls     - list files in a directory (default /)
fatsize   - determine a file's size
fdt       - flattened device tree utility commands
flinfo    - print FLASH memory information
fstype    - Look up a filesystem type
go        - start application at address 'addr'
gpio      - query and control gpio pins
gpt       - GUID Partition Table
hash      - compute hash message digest
help      - print command description/usage
i2c       - I2C sub-system
itest     - return true/false on integer compare
load      - load binary file from a filesystem
loadb     - load binary file over serial line (kermit mode)
loads     - load S-Record file over serial line
loadx     - load binary file over serial line (xmodem mode)
loady     - load binary file over serial line (ymodem mode)
log       - log system
loop      - infinite loop on address range
ls        - list files in a directory (default /)
md        - memory display
mdio      - MDIO utility commands
mii       - MII utility commands
mm        - memory modify (auto-incrementing address)
mmc       - MMC sub system
mmcinfo   - display MMC info
mtdparts  - define flash/nand partitions
mtest     - simple RAM read/write test
mw        - memory write (fill)
ncsi      - Configure attached NIC via NC-SI
nfs       - boot image via network using NFS protocol
nm        - memory modify (constant address)
otp       - ASPEED One-Time-Programmable sub-system
part      - disk partition related commands
peci      - ASPEED PECI general bus command test program
ping      - send ICMP ECHO_REQUEST to network host
pinmux    - show pin-controller muxing
printenv  - print environment variables
protect   - enable or disable FLASH write protection
reset     - Perform RESET of the CPU
run       - run commands in an environment variable
save      - save file to a filesystem
saveenv   - save environment variables to persistent storage
setenv    - set environment variables
setexpr   - set environment variable as the result of eval expression
sf        - SPI flash sub-system
showvar   - print local hushshell variables
size      - determine a file's size
sleep     - delay execution for some time
source    - run script from memory
test      - minimal test like /bin/sh
tftpboot  - boot image via network using TFTP protocol
tpm2      - Issue a TPMv2.x command
true      - do nothing, successfully
version   - print monitor, compiler and linker version
ast# help tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

device [num device]
     Show all devices or set the specified device
[...]

Regards,
    Stefan

> 
> Thanks,
> Sandeep.
> 
> 
> 
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 25, 2023 6:19 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> On 5/25/23 05:49, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.
> 
> $ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=22.04
> DISTRIB_CODENAME=jammy
> DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
> 
> $ . setup evb-ast2600
> Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
> Common targets are:
> 
>        obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI
> 
>        core-image-minimal: A small image just capable of allowing a device to boot
> 
>        core-image-full-cmdline: A small image with more Linux functionality
>                                 installed, including a ssh server.
> 
> Note that the core targets will not set the default phosphor password.
> 
> 
>      Stefan
> 
> 
> 
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Tuesday, May 23, 2023 8:06 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>>
>> "External email. Open with Caution"
>>
>>
>>
>> On 5/23/23 01:59, Sandeep Kumar wrote:
>>
>>>
>>> TCS Confidential
>>
>> What is TCS Confidential ?
>>
>>>
>>>
>>> Hi Stefan,
>>>
>>> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>>>
>>
>> When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.
>>
>>        Stefan
>>
>>>      gcc
>>> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-as
>>> t
>>> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v
>>> 2 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include
>>> -O2 -pipe
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,--enable-new-dtags
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/buil
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed
>>> -
>>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>>
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/buil
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed
>>> - sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
>>> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
>>> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
>>> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
>>> tools/image-host.o tools/common/image.o tools/imagetool.o
>>> tools/imximage.o tools/imx8image.o tools/imx8mimage.o
>>> tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o
>>> tools/mxsimage.o tools/omapimage.o tools/os_support.o
>>> tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o
>>> tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o
>>> tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o
>>> tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o
>>> tools/common/hash.o tools/ublimage.o tools/zynqimage.o
>>> tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o
>>> tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
>>> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
>>> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
>>> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
>>> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
>>> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
>>> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
>>> tools/fit_check_sign.o  -lssl -lcrypto
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>>>
>>> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>>>
>>> collect2: error: ld returned 1 exit status
>>>
>>> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>>>
>>> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Thursday, May 18, 2023 5:10 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> On 5/17/23 13:13, Sandeep Kumar wrote:
>>>
>>>    >   TCS Confidential
>>>
>>>    >
>>>
>>>    > Hi Stefan,
>>>
>>>    >
>>>
>>>    > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>>>
>>>    >
>>>
>>> There are quite a few commands in u-boot:
>>>
>>> ast# tpm2
>>>
>>> tpm2 - Issue a TPMv2.x command
>>>
>>> Usage:
>>>
>>> tpm2 <command> [<arguments>]
>>>
>>> device [num device]
>>>
>>>         Show all devices or set the specified device info
>>>
>>>         Show information about the TPM.
>>>
>>> state
>>>
>>>         Show internal state from the TPM (if available) init
>>>
>>>         Initialize the software stack. Always the first command to issue.
>>>
>>> startup <mode>
>>>
>>>         Issue a TPM2_Startup command.
>>>
>>>         <mode> is one of:
>>>
>>>             * TPM2_SU_CLEAR (reset state)
>>>
>>>             * TPM2_SU_STATE (preserved state) self_test <type>
>>>
>>>         Test the TPM capabilities.
>>>
>>>         <type> is one of:
>>>
>>>             * full (perform all tests)
>>>
>>>             * continue (only check untested tests) clear <hierarchy>
>>>
>>>         Issue a TPM2_Clear command.
>>>
>>>         <hierarchy> is one of:
>>>
>>>             * TPM2_RH_LOCKOUT
>>>
>>>             * TPM2_RH_PLATFORM
>>>
>>> pcr_extend <pcr> <digest_addr>
>>>
>>>         Extend PCR #<pcr> with digest at <digest_addr>.
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address of a 32-byte SHA256 digest pcr_read
>>> <pcr> <digest_addr>
>>>
>>>         Read PCR #<pcr> to memory address <digest_addr>.
>>>
>>>        <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address to store the a 32-byte SHA256 digest
>>> get_capability <capability> <property> <addr> <count>
>>>
>>>         Read and display <count> entries indexed by <capability>/<property>.
>>>
>>>         Values are 4 bytes long and are written at <addr>.
>>>
>>>         <capability>: capability
>>>
>>>         <property>: property
>>>
>>>         <addr>: address to store <count> entries of 4 bytes
>>>
>>>         <count>: number of entries to retrieve dam_reset [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, reset the internal error counter.
>>>
>>>         <password>: optional password
>>>
>>> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
>>> [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, set the DAM parameters
>>>
>>>         <maxTries>: maximum number of failures before lockout,
>>>
>>>                     0 means always locking
>>>
>>>         <recoveryTime>: time before decrement of the error counter,
>>>
>>>                         0 means no lockout
>>>
>>>         <lockoutRecovery>: time of a lockout (before the next try),
>>>
>>>                            0 means a reboot is needed
>>>
>>>         <password>: optional password of the LOCKOUT hierarchy
>>> change_auth <hierarchy> <new_pw> [<old_pw>]
>>>
>>>         <hierarchy>: the hierarchy
>>>
>>>         <new_pw>: new password for <hierarchy>
>>>
>>>         <old_pw>: optional previous password of <hierarchy>
>>> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>>>
>>>         Change the <key> to access PCR #<pcr>.
>>>
>>>         hierarchy and may be empty.
>>>
>>>         /!\WARNING: untested function, use at your own risks !
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <key>: secret to protect the access of PCR #<pcr>
>>>
>>>         <password>: optional password of the PLATFORM hierarchy
>>>
>>> Regards,
>>>
>>>        Stefan
>>>
>>>    > Thanks,
>>>
>>>    > Sandeep.
>>>
>>>    >
>>>
>>>    > -----Original Message-----
>>>
>>>    > From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    > Sent: Tuesday, May 9, 2023 10:01 PM
>>>
>>>    > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>>    >
>>>
>>>    > "External email. Open with Caution"
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > On 5/9/23 08:06, Sandeep Kumar wrote:
>>>
>>>    >>    TCS Confidential
>>>
>>>    >>
>>>
>>>    >> Hi Stefan,
>>>
>>>    >>
>>>
>>>    >> Thanks for the help.
>>>
>>>    >>
>>>
>>>    >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>>>
>>>    >
>>>
>>>    > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>>>
>>>    >
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>>>
>>>    >
>>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-
>>> 1
>>>
>>>    > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>>>
>>>    > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>>>
>>>    > patch
>>> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>>>
>>>    >
>>>
>>>    > Intel: https://github.com/tpm2-software/tpm2-tss#overview
>>> <https://github.com/tpm2-software/tpm2-tss#overview>
>>>
>>>    > IBM: https://github.com/kgoldman/ibmtss
>>> <https://github.com/kgoldman/ibmtss>
>>>
>>>    >
>>>
>>>    >      Stefan
>>>
>>>    >
>>>
>>>    >>
>>>
>>>    >> Thanks,
>>>
>>>    >> Sandeep.
>>>
>>>    >>
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >> Sent: Saturday, May 6, 2023 2:08 AM
>>>
>>>    >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel Stanley
>>> <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu
>>>
>>>    >>
>>>
>>>    >> "External email. Open with Caution"
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> On 5/5/23 13:36, Sandeep Kumar wrote:
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>>
>>>
>>>    >>> Hi Stefan,
>>>
>>>    >>>
>>>
>>>    >>> I have these options set in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_HW_RANDOM=y
>>>
>>>    >>> CONFIG_HW_RANDOM_TPM=y
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_SPI=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>> CONFIG_SECURITYFS=y
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>>
>>>    >>
>>>
>>>    >> As long as these symbols are built into the kernel it should work:
>>>
>>>    >>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> and in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed.inc I have these,
>>>
>>>    >>>
>>>
>>>    >>> SRC_URI += " \
>>>
>>>    >>> file://defconfig <file://defconfig> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dbae
>>> e
>>> a41067e54c65176c233ec7b2ab2decf1ddcd
>>> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dba
>>> e
>>> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f321
>>> 4
>>> d471ac7b83ab7acef41c4425a34662e8372e
>>> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f32
>>> 1
>>> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>>>
>>>    >>> ${@bb.utils.contains('MACHINE_FEATURES
>>> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
>>> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
>>> d)} \
>>>
>>>    >>> ${@bb.utils.contains_any('DISTRO_FEATURES
>>> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>>>
>>>    >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>>
>>>    >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
>>> <file://ubi/ubi.cfg>', '', d)} \
>>>
>>>    >>>               "
>>>
>>>    >>>
>>>
>>>    >>> Anything else needs to be done to enable TPM ?
>>>
>>>    >>
>>>
>>>    >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>>
>>>    >>
>>>
>>>    >>       Stefan
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> Thanks,
>>>
>>>    >>> Sandeep.
>>>
>>>    >>>
>>>
>>>    >>> -----Original Message-----
>>>
>>>    >>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>> Sent: Friday, May 5, 2023 9:41 PM
>>>
>>>    >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >>> Qemu
>>>
>>>    >>>
>>>
>>>    >>> "External email. Open with Caution"
>>>
>>>    >>>
>>>
>>>    >>> I enable the following kernel build options for OpenBMC Linux kernel:
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>>
>>>
>>>    >>> With swtpm running in another terminal:
>>>
>>>    >>>
>>>
>>>    >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
>>> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
>>> done
>>>
>>>    >>>
>>>
>>>    >>> I start qemu built from qemu git master branch tip:
>>>
>>>    >>>
>>>
>>>    >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic -no-reboot
>>> -net nic -net
>>> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd
>>> =
>>> udp:127.0.0.1:5723-:623 -drive
>>> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.
>>> s
>>> tatic.mtd,format=raw,if=mtd -chardev
>>> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
>>> emulator,id=tpm0,chardev=chrtpm     -device
>>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device
>>>
>>>    >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>> rev-id 1)
>>>
>>>    >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
>>> the self test
>>>
>>>    >>> [   63.784256] tpm tpm0: starting up the TPM manually
>>>
>>>    >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# uname -a
>>>
>>>    >>> Linux evb-ast2600
>>> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>>>
>>>    >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>>
>>>    >>> /sys/class/tpm/tpm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# ls -l /dev/tpm*
>>>
>>>    >>> crw-------    1 root     root       10, 224 May  5 16:03
>>> /dev/tpm0
>>>
>>>    >>> crw-------    1 root     root      252, 65536 May  5 16:03
>>> /dev/tpmrm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/ | grep pcr
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>>
>>>    >>> [... lots more entries also for sha256, sha384, and sha512 ]
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>> It seems to work as expected
>>>
>>>    >>>
>>>
>>>    >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>>
>>>    >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>>
>>>    >>>> Thanks, Sandeep. -----Original Message----- From: Stefan
>>> Berger
>>>
>>>    >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>>
>>>    >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>> Please find below my answers inline.
>>>
>>>    >>>>
>>>
>>>    >>>> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>> -----Original Message-----
>>>
>>>    >>>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>>> Sent: Friday, May 5, 2023 6:56 PM
>>>
>>>    >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>>> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >>>> Qemu
>>>
>>>    >>>>
>>>
>>>    >>>> "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ans:
>>>
>>>    >>>>
>>>
>>>    >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>
>>>    >>>>
>>>
>>>    >>>>     >          Kernel version used : Linux evb-ast2600
>>> 6.1.15-580639a #1
>>>
>>>    >>>> SMP
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
>>> |
>>>
>>>    >>>> grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Could you please point to the right version of kernel which has all these changes ?
>>>
>>>    >>>>
>>>
>>>    >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>
>>>    >>>>
>>>
>>>    >>>> Does this show any files?
>>>
>>>    >>>>
>>>
>>>    >>>> find /sys | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep: It doesn't show any files. *
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>>
>>>    >>>> Output as below, *
>>>
>>>    >>>>
>>>
>>>    >>>> **
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>
>>>    >>>>
>>>
>>>    >>>> *ls: /dev/tpm*: No such file or directory*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>
>>>    >>>>
>>>
>>>    >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
>>> mode
>>>
>>>    >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>>>
>>>    >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN
>>>
>>>    >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT
>>>
>>>    >>>> -QRENCODE -TPM2
>>>
>>>    >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>>
>>>    >>>> -SYSVINIT
>>>
>>>    >>>> default-hierarchy=unified)*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>         Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>>
>>>    >>>> <mailto:stefanb@linux.ibm.com <mailto:stefanb@linux.ibm.com>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>>>
>>>    >>>>
>>>
>>>    >>>>     > <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>> Ninad
>>>
>>>    >>>> Palsule
>>>
>>>    >>>>
>>>
>>>    >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>>
>>>    >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on Qemu
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential Hi C, I was able to build and run the
>>>
>>>    >>>> image(for
>>>
>>>    >>>>
>>>
>>>    >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
>>> with
>>>
>>>    >>>> the
>>>
>>>    >>>>
>>>
>>>    >>>>     >> flash. img provided in your github link(https: //github.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Few issues observed,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
>>> 0x1,
>>>
>>>    >>>> rev-id
>>>
>>>    >>>>
>>>
>>>    >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>>
>>>    >>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   2. If I run it with the locally built image, I get this
>>> error,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > What is the output of this?
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > find /sys/class/tpm | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >     Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# cat
>>> /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
>>> such
>>>
>>>    >>>> file or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> directory*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please do let me know about what has been done to write
>>> the
>>>
>>>    >>>> values
>>>
>>>    >>>>
>>>
>>>    >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _____________________________________________
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *From:* Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>>
>>>    >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, How to build this image =>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don  t get this image built.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please advise if we have to build openbmc stack in a
>>>
>>>    >>>> different way
>>>
>>>    >>>>
>>>
>>>    >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>
>>>
>>>    >>>> <mailto:_openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>>
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>;
>>>
>>>    >>>> Ninad
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Palsule <_ninad@linux.ibm.com_
>>> <mailto:ninad@linux.ibm.com
>>>
>>>    >>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>>
>>>    >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>>
>>>    >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>>
>>>    >>>> supported on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery <andrew@aj.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hello Sandeep
>>>
>>>    >>>>
>>>
>>>    >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Built the qemu from your branch. Few issues, *$
>>>
>>>    >>>> ./qemu-system-arm -m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 256 -M romulus-bmc -nographic -drive
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>>
>>>    >>>> -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> nic -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *qemu-system-arm: -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> network backend 'user' is not compiled into this binary*
>>> I
>>>
>>>    >>>> didn’t
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> enable the slirp package I guess. So enabled it while
>>>
>>>    >>>> running
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> configure, *$ ../configure --enable-slirp*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *........*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
>>> found,
>>>
>>>    >>>> tried
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> pkgconfig* *A full log can be found at
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>>>
>>>    >>>> /
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> e
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> son-log.txt*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>>>
>>>    >>>> with
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *ERROR: meson setup failed*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> I have already installed slirp locally, but still getting the above error.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>>
>>>    >>>>
>>>
>>>    >>>>     >> C.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> =====-----=====-----=====
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Notice: The information contained in this e-mail message
>>>
>>>    >>>> and/or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> attachments to it may contain confidential or privileged information.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> If you are not the intended recipient, any dissemination,
>>>
>>>    >>>> use,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> review, distribution, printing or copying of the
>>> information
>>>
>>>    >>>>
>>>
>>>    >>>>     >> contained in this e-mail message and/or attachments to it
>>>
>>>    >>>> are
>>>
>>>    >>>>
>>>
>>>    >>>>     >> strictly prohibited. If you have received this
>>> communication
>>>
>>>    >>>> in
>>>
>>>    >>>>
>>>
>>>    >>>>     >> error, please notify us by reply e-mail or telephone and
>>>
>>>    >>>> immediately
>>>
>>>    >>>>
>>>
>>>    >>>>     >> and permanently delete the message and any attachments.
>>>
>>>    >>>> Thank you
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>
>>>
>>>    >>    TCS Confidential
>>>
>>>    >
>>>
>>>    >   TCS Confidential
>>>
>>>
>>> TCS Confidential
>>>
>>
>>    TCS Confidential
> 
>   TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

Hi All,

Please find below the config files with TPM support used in our environment.

=============================================================================================
Local.conf

MACHINE ??= "evb-ast2600"
DISTRO ?= "openbmc-phosphor"
PACKAGE_CLASSES ?= "package_ipk"
SANITY_TESTED_DISTROS:append ?= " *"
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
USER_CLASSES ?= "buildstats"
PATCHRESOLVE = "noop"
MACHINE_FEATURES:append = " tpm2"
DISTRO_FEATURES:append = " tpm2"
BB_DISKMON_DIRS ??= "\
    STOPTASKS,${TMPDIR},1G,100K \
    STOPTASKS,${DL_DIR},1G,100K \
    STOPTASKS,${SSTATE_DIR},1G,100K \
    STOPTASKS,/tmp,100M,100K \
    HALT,${TMPDIR},100M,1K \
    HALT,${DL_DIR},100M,1K \
    HALT,${SSTATE_DIR},100M,1K \
    HALT,/tmp,10M,1K"
CONF_VERSION = "2"

require conf/machine/include/obmc-bsp-common.inc

=============================================================================================
bblayers.conf

# LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf
# changes incompatibly
LCONF_VERSION = "8"

BBPATH = "${TOPDIR}"
BBFILES ?= ""

BBLAYERS ?= " \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-poky \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-oe \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-networking \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-python \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-phosphor \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-security/meta-tpm \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-evb/meta-evb-aspeed/meta-evb-ast2600 \
  "
=============================================================================================
with respect to defconfig => ast2600_openbmc_spl_defconfig tpm is enabled as below(No change from our side, it was existing),
CONFIG_CMD_TPM=y
CONFIG_TPM2_TIS_I2C=y
CONFIG_TPM=y
CONFIG_SPL_TPM=y

=============================================================================================

To reproduce , you can add any API call from include/tpm-v2.h i.e u32 tpm2_auto_start(struct udevice *dev)/u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
into common/image-fit.c file.

After the change, following these steps:
1.      doing git diff > image-fit.patch
2.      copying it to /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed/recipes-bsp/u-boot/files/
3.      Recipe include file changed accordingly  as below (/home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc)

require conf/machine/distro/include/uboot-distrovars.inc

HOMEPAGE = https://github.com/AspeedTech-BMC/u-boot
SECTION = "bootloaders"
DEPENDS += "flex-native bison-native xxd-native"

LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = file://Licenses/README;md5=30503fd321432fc713238f582193b78e
PE = "1"

# We use the revision in order to avoid having to fetch it from the
# repo during parse
SRCREV = "fd915728e1434725171e28614bc12ca5fb4f6cea"
SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https"
SRC_URI += file://image-fit.patch

SRC_URI:append:uboot-flash-32768 = " file://u-boot_flash_32M.cfg"
SRC_URI:append:uboot-flash-65536 = " file://u-boot_flash_64M.cfg"

S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

# We don't have 'u-boot-initial-env' target in our u-boot version
UBOOT_INITIAL_ENV=""

PV = "v2019.04+git${SRCPV}"
=============================================================================================

Additional configuration information:
tcs@tcs-S2600GZ:~/work/san/openbmc/openbmc_may/openbmc$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

     obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

     core-image-minimal: A small image just capable of allowing a device to boot

     core-image-full-cmdline: A small image with more Linux functionality
                              installed, including a ssh server.

Note that the core targets will not set the default phosphor password.

=============================================================================================
tcs@tcs-S2600GZ:~/work/san/openbmc/openbmc_may/openbmc/build/evb-ast2600$ bitbake -c compile u-boot-aspeed-sdk
Loading cache: 100% |#########################################################################################################################################################################################################| Time: 0:00:01
Loaded 4419 entries from dependency cache.
Parsing recipes: 100% |#######################################################################################################################################################################################################| Time: 0:00:00
Parsing of 2735 .bb files complete (2733 cached, 2 parsed). 4420 targets, 568 skipped, 0 masked, 0 errors.
WARNING: No bb files in default matched BBFILE_PATTERN_meta-evb-ast2600 '^/home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-evb/meta-evb-aspeed/meta-evb-ast2600/'
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION           = "2.4.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "ubuntu-20.04"
TARGET_SYS           = "arm-openbmc-linux-gnueabi"
MACHINE              = "evb-ast2600"
DISTRO               = "openbmc-phosphor"
DISTRO_VERSION       = "nodistro.0"
TUNE_FEATURES        = "arm armv7a vfp vfpv4d16 callconvention-hard"
TARGET_FPU           = "hard"
meta
meta-poky
meta-oe
meta-networking
meta-python
meta-phosphor
meta-aspeed
meta-tpm
meta-evb-ast2600     = "master:ed7346e3a02e40eeb6357d466513d537897e592a"

=============================================================================================

tcs@tcs-S2600GZ:~/work/san/measured_boot/binaries$ ./qemu-system-arm -M ast2600-evb -nographic -drive file=./obmc-phosphor-image-evb-ast2600-20230509105556.static.mtd,if=mtd,format=raw -net nic -net user -chardev socket,id=chrtpm,path=/tmp/emulated_tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
qemu-system-arm: warning: Aspeed iBT has no chardev backend
qemu-system-arm: warning: nic ftgmac100.1 has no peer
qemu-system-arm: warning: nic ftgmac100.2 has no peer
qemu-system-arm: warning: nic ftgmac100.3 has no peer

U-Boot SPL 2019.04 (Mar 10 2023 - 01:54:10 +0000)
Trying to boot from RAM


U-Boot 2019.04 (Mar 10 2023 - 01:54:10 +0000)

SOC: AST2600-A3
eSPI Mode: SIO:Enable : SuperIO-2e
Eth: MAC0: RGMII, MAC1: RGMII, MAC2: RGMII, MAC3: RGMII
Model: AST2600 EVB
DRAM:  already initialized, 1008 MiB (capacity:1024 MiB, VGA:64 MiB, ECC:off)
MMC:

sdhci_slot0@100: 1, sdhci_slot1@200: 2, emmc_slot0@100: 0
Loading Environment from SPI Flash... SF: Detected mx66u51235f with page size 256 Bytes, erase size 4 KiB, total 64 MiB
OK
In:    serial@1e784000
Out:   serial@1e784000
Err:   serial@1e784000
Model: AST2600 EVB
Net:
Warning: ftgmac@1e660000 (eth0) using random MAC address - be:d9:95:18:c6:54
eth0: ftgmac@1e660000
Warning: ftgmac@1e680000 (eth1) using random MAC address - 96:3f:48:1b:ca:62
, eth1: ftgmac@1e680000
Warning: ftgmac@1e670000 (eth2) using random MAC address - 22:cd:77:38:02:6b
, eth2: ftgmac@1e670000
Warning: ftgmac@1e690000 (eth3) using random MAC address - 9e:92:8e:94:df:04
, eth3: ftgmac@1e690000
Hit any key to stop autoboot:  0
ast#
ast# help
[…]
tpm2      - Issue a TPMv2.x command
true      - do nothing, successfully
version   - print monitor, compiler and linker version
ast# help tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

=============================================================================================
Please do let me know if you need any help in reproducing it.

P S: u-boot is downloaded directly from openbmc github site and changed to commit ID: fd915728e1434725171e28614bc12ca5fb4f6cea  to be in sync with the one being used by openbmc.

Thanks,
Sandeep.

-----Original Message-----
From: openbmc <openbmc-bounces+sandeep.pkumar=tcs.com@lists.ozlabs.org> On Behalf Of Stefan Berger
Sent: Wednesday, May 31, 2023 6:27 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/31/23 01:04, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi All,
>
> We are still stuck in this step. Tried few things like changing the defconfig for the machine to support TPM, changes to local.conf to include the packages, etc. But nothing helped. Would appreciate any help to rectify this problem.

Maybe you need to show the config files you made changes to so that others can try to recreate the issue. As I stated below for me uboot has TPM 2 support with the default configuration -- no changes needed:

$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

      obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

      core-image-minimal: A small image just capable of allowing a device to boot

      core-image-full-cmdline: A small image with more Linux functionality
                               installed, including a ssh server.

Note that the core targets will not set the default phosphor password.

$ bitbake obmc-phosphor-image
[...]

$ ~/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mt
[...]


Hit any key to stop autoboot:  0
ast# help
?         - alias for 'help'
base      - print or set address offset
bdinfo    - print Board Info structure
blkcache  - block cache diagnostics and control
boot      - boot default, i.e., run 'bootcmd'
bootd     - boot default, i.e., run 'bootcmd'
bootm     - boot application image from memory
bootp     - boot image via network using BOOTP/TFTP protocol
bootz     - boot Linux zImage image from memory
chpart    - change active partition
clk       - CLK sub-system
cmp       - memory compare
coninfo   - print console devices and information
cp        - memory copy
crc32     - checksum calculation
dhcp      - boot image via network using DHCP/TFTP protocol
dm        - Driver model low level access
dramtest  - ASPEED DRAM BIST
echo      - echo args to console
editenv   - edit environment variable
env       - environment handling commands
erase     - erase FLASH memory
exit      - exit script
ext2load  - load binary file from a Ext2 filesystem
ext2ls    - list files in a directory (default /)
ext4load  - load binary file from a Ext4 filesystem
ext4ls    - list files in a directory (default /)
ext4size  - determine a file's size
ext4write - create a file in the root directory
false     - do nothing, unsuccessfully
fatinfo   - print information about filesystem
fatload   - load binary file from a dos filesystem
fatls     - list files in a directory (default /)
fatsize   - determine a file's size
fdt       - flattened device tree utility commands
flinfo    - print FLASH memory information
fstype    - Look up a filesystem type
go        - start application at address 'addr'
gpio      - query and control gpio pins
gpt       - GUID Partition Table
hash      - compute hash message digest
help      - print command description/usage
i2c       - I2C sub-system
itest     - return true/false on integer compare
load      - load binary file from a filesystem
loadb     - load binary file over serial line (kermit mode)
loads     - load S-Record file over serial line
loadx     - load binary file over serial line (xmodem mode)
loady     - load binary file over serial line (ymodem mode)
log       - log system
loop      - infinite loop on address range
ls        - list files in a directory (default /)
md        - memory display
mdio      - MDIO utility commands
mii       - MII utility commands
mm        - memory modify (auto-incrementing address)
mmc       - MMC sub system
mmcinfo   - display MMC info
mtdparts  - define flash/nand partitions
mtest     - simple RAM read/write test
mw        - memory write (fill)
ncsi      - Configure attached NIC via NC-SI
nfs       - boot image via network using NFS protocol
nm        - memory modify (constant address)
otp       - ASPEED One-Time-Programmable sub-system
part      - disk partition related commands
peci      - ASPEED PECI general bus command test program
ping      - send ICMP ECHO_REQUEST to network host
pinmux    - show pin-controller muxing
printenv  - print environment variables
protect   - enable or disable FLASH write protection
reset     - Perform RESET of the CPU
run       - run commands in an environment variable
save      - save file to a filesystem
saveenv   - save environment variables to persistent storage
setenv    - set environment variables
setexpr   - set environment variable as the result of eval expression
sf        - SPI flash sub-system
showvar   - print local hushshell variables
size      - determine a file's size
sleep     - delay execution for some time
source    - run script from memory
test      - minimal test like /bin/sh
tftpboot  - boot image via network using TFTP protocol
tpm2      - Issue a TPMv2.x command
true      - do nothing, successfully
version   - print monitor, compiler and linker version
ast# help tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

device [num device]
     Show all devices or set the specified device [...]

Regards,
    Stefan

>
> Thanks,
> Sandeep.
>
>
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 25, 2023 6:19 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
>
> On 5/25/23 05:49, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.
>
> $ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=22.04
> DISTRIB_CODENAME=jammy
> DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
>
> $ . setup evb-ast2600
> Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
> Common targets are:
>
>        obmc-phosphor-image: Includes OpenBMC Phosphor userspace and
> Web UI
>
>        core-image-minimal: A small image just capable of allowing a
> device to boot
>
>        core-image-full-cmdline: A small image with more Linux functionality
>                                 installed, including a ssh server.
>
> Note that the core targets will not set the default phosphor password.
>
>
>      Stefan
>
>
>
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Tuesday, May 23, 2023 8:06 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>> "External email. Open with Caution"
>>
>>
>>
>> On 5/23/23 01:59, Sandeep Kumar wrote:
>>
>>>
>>> TCS Confidential
>>
>> What is TCS Confidential ?
>>
>>>
>>>
>>> Hi Stefan,
>>>
>>> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>>>
>>
>> When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.
>>
>>        Stefan
>>
>>>      gcc
>>> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-a
>>> s
>>> t
>>> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_
>>> v
>>> 2 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include
>>> -O2 -pipe
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600
>>> /
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.
>>> 0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600
>>> /
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.
>>> 0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,--enable-new-dtags
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/bui
>>> l
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspee
>>> d
>>> -
>>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/li
>>> b
>>>
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/bui
>>> l
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspee
>>> d
>>> - sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/ev
>>> b
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk
>>> /
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/ev
>>> b
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk
>>> /
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
>>> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
>>> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
>>> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
>>> tools/image-host.o tools/common/image.o tools/imagetool.o
>>> tools/imximage.o tools/imx8image.o tools/imx8mimage.o
>>> tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o
>>> tools/mxsimage.o tools/omapimage.o tools/os_support.o
>>> tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o
>>> tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o
>>> tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o
>>> tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o
>>> tools/common/hash.o tools/ublimage.o tools/zynqimage.o
>>> tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o
>>> tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
>>> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
>>> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
>>> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
>>> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
>>> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
>>> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
>>> tools/fit_check_sign.o  -lssl -lcrypto
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>>>
>>> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>>>
>>> collect2: error: ld returned 1 exit status
>>>
>>> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>>>
>>> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Thursday, May 18, 2023 5:10 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> On 5/17/23 13:13, Sandeep Kumar wrote:
>>>
>>>    >   TCS Confidential
>>>
>>>    >
>>>
>>>    > Hi Stefan,
>>>
>>>    >
>>>
>>>    > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>>>
>>>    >
>>>
>>> There are quite a few commands in u-boot:
>>>
>>> ast# tpm2
>>>
>>> tpm2 - Issue a TPMv2.x command
>>>
>>> Usage:
>>>
>>> tpm2 <command> [<arguments>]
>>>
>>> device [num device]
>>>
>>>         Show all devices or set the specified device info
>>>
>>>         Show information about the TPM.
>>>
>>> state
>>>
>>>         Show internal state from the TPM (if available) init
>>>
>>>         Initialize the software stack. Always the first command to issue.
>>>
>>> startup <mode>
>>>
>>>         Issue a TPM2_Startup command.
>>>
>>>         <mode> is one of:
>>>
>>>             * TPM2_SU_CLEAR (reset state)
>>>
>>>             * TPM2_SU_STATE (preserved state) self_test <type>
>>>
>>>         Test the TPM capabilities.
>>>
>>>         <type> is one of:
>>>
>>>             * full (perform all tests)
>>>
>>>             * continue (only check untested tests) clear <hierarchy>
>>>
>>>         Issue a TPM2_Clear command.
>>>
>>>         <hierarchy> is one of:
>>>
>>>             * TPM2_RH_LOCKOUT
>>>
>>>             * TPM2_RH_PLATFORM
>>>
>>> pcr_extend <pcr> <digest_addr>
>>>
>>>         Extend PCR #<pcr> with digest at <digest_addr>.
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address of a 32-byte SHA256 digest pcr_read
>>> <pcr> <digest_addr>
>>>
>>>         Read PCR #<pcr> to memory address <digest_addr>.
>>>
>>>        <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address to store the a 32-byte SHA256 digest
>>> get_capability <capability> <property> <addr> <count>
>>>
>>>         Read and display <count> entries indexed by <capability>/<property>.
>>>
>>>         Values are 4 bytes long and are written at <addr>.
>>>
>>>         <capability>: capability
>>>
>>>         <property>: property
>>>
>>>         <addr>: address to store <count> entries of 4 bytes
>>>
>>>         <count>: number of entries to retrieve dam_reset
>>> [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, reset the internal error counter.
>>>
>>>         <password>: optional password
>>>
>>> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
>>> [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, set the DAM parameters
>>>
>>>         <maxTries>: maximum number of failures before lockout,
>>>
>>>                     0 means always locking
>>>
>>>         <recoveryTime>: time before decrement of the error counter,
>>>
>>>                         0 means no lockout
>>>
>>>         <lockoutRecovery>: time of a lockout (before the next try),
>>>
>>>                            0 means a reboot is needed
>>>
>>>         <password>: optional password of the LOCKOUT hierarchy
>>> change_auth <hierarchy> <new_pw> [<old_pw>]
>>>
>>>         <hierarchy>: the hierarchy
>>>
>>>         <new_pw>: new password for <hierarchy>
>>>
>>>         <old_pw>: optional previous password of <hierarchy>
>>> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>>>
>>>         Change the <key> to access PCR #<pcr>.
>>>
>>>         hierarchy and may be empty.
>>>
>>>         /!\WARNING: untested function, use at your own risks !
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <key>: secret to protect the access of PCR #<pcr>
>>>
>>>         <password>: optional password of the PLATFORM hierarchy
>>>
>>> Regards,
>>>
>>>        Stefan
>>>
>>>    > Thanks,
>>>
>>>    > Sandeep.
>>>
>>>    >
>>>
>>>    > -----Original Message-----
>>>
>>>    > From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    > Sent: Tuesday, May 9, 2023 10:01 PM
>>>
>>>    > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on Qemu
>>>
>>>    >
>>>
>>>    > "External email. Open with Caution"
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > On 5/9/23 08:06, Sandeep Kumar wrote:
>>>
>>>    >>    TCS Confidential
>>>
>>>    >>
>>>
>>>    >> Hi Stefan,
>>>
>>>    >>
>>>
>>>    >> Thanks for the help.
>>>
>>>    >>
>>>
>>>    >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>>>
>>>    >
>>>
>>>    > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>>>
>>>    >
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>>>
>>>    >
>>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils
>>> -
>>> 1
>>>
>>>    > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>>>
>>>    >
>>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>>>
>>>    > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>>>
>>>    > patch
>>> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>>>
>>>    >
>>>
>>>    > Intel: https://github.com/tpm2-software/tpm2-tss#overview
>>> <https://github.com/tpm2-software/tpm2-tss#overview>
>>>
>>>    > IBM: https://github.com/kgoldman/ibmtss
>>> <https://github.com/kgoldman/ibmtss>
>>>
>>>    >
>>>
>>>    >      Stefan
>>>
>>>    >
>>>
>>>    >>
>>>
>>>    >> Thanks,
>>>
>>>    >> Sandeep.
>>>
>>>    >>
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >> Sent: Saturday, May 6, 2023 2:08 AM
>>>
>>>    >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu
>>>
>>>    >>
>>>
>>>    >> "External email. Open with Caution"
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> On 5/5/23 13:36, Sandeep Kumar wrote:
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>>
>>>
>>>    >>> Hi Stefan,
>>>
>>>    >>>
>>>
>>>    >>> I have these options set in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_HW_RANDOM=y
>>>
>>>    >>> CONFIG_HW_RANDOM_TPM=y
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_SPI=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>> CONFIG_SECURITYFS=y
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>>
>>>    >>
>>>
>>>    >> As long as these symbols are built into the kernel it should work:
>>>
>>>    >>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c
>>> t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> and in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed.inc I have these,
>>>
>>>    >>>
>>>
>>>    >>> SRC_URI += " \
>>>
>>>    >>> file://defconfig <file://defconfig> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dba
>>> e
>>> e
>>> a41067e54c65176c233ec7b2ab2decf1ddcd
>>> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6db
>>> a
>>> e
>>> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f32
>>> 1
>>> 4
>>> d471ac7b83ab7acef41c4425a34662e8372e
>>> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3
>>> 2
>>> 1
>>> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>>>
>>>    >>> ${@bb.utils.contains('MACHINE_FEATURES
>>> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
>>> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
>>> d)} \
>>>
>>>    >>> ${@bb.utils.contains_any('DISTRO_FEATURES
>>> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>>>
>>>    >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>>
>>>    >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
>>> <file://ubi/ubi.cfg>', '', d)} \
>>>
>>>    >>>               "
>>>
>>>    >>>
>>>
>>>    >>> Anything else needs to be done to enable TPM ?
>>>
>>>    >>
>>>
>>>    >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>>
>>>    >>
>>>
>>>    >>       Stefan
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> Thanks,
>>>
>>>    >>> Sandeep.
>>>
>>>    >>>
>>>
>>>    >>> -----Original Message-----
>>>
>>>    >>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>> Sent: Friday, May 5, 2023 9:41 PM
>>>
>>>    >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>> <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad
>>> Palsule
>>>
>>>    >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>> Subject: Re: Integrating swtpm(as a software TPM) with
>>> OpenBMC on
>>>
>>>    >>> Qemu
>>>
>>>    >>>
>>>
>>>    >>> "External email. Open with Caution"
>>>
>>>    >>>
>>>
>>>    >>> I enable the following kernel build options for OpenBMC Linux kernel:
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>>
>>>
>>>    >>> With swtpm running in another terminal:
>>>
>>>    >>>
>>>
>>>    >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
>>> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
>>> done
>>>
>>>    >>>
>>>
>>>    >>> I start qemu built from qemu git master branch tip:
>>>
>>>    >>>
>>>
>>>    >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic
>>> -no-reboot -net nic -net
>>> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfw
>>> d
>>> =
>>> udp:127.0.0.1:5723-:623 -drive
>>> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.
>>> s
>>> tatic.mtd,format=raw,if=mtd -chardev
>>> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
>>> emulator,id=tpm0,chardev=chrtpm     -device
>>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device
>>>
>>>    >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>> rev-id 1)
>>>
>>>    >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
>>> the self test
>>>
>>>    >>> [   63.784256] tpm tpm0: starting up the TPM manually
>>>
>>>    >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# uname -a
>>>
>>>    >>> Linux evb-ast2600
>>> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>>>
>>>    >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c
>>> t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>>
>>>    >>> /sys/class/tpm/tpm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# ls -l /dev/tpm*
>>>
>>>    >>> crw-------    1 root     root       10, 224 May  5 16:03
>>> /dev/tpm0
>>>
>>>    >>> crw-------    1 root     root      252, 65536 May  5 16:03
>>> /dev/tpmrm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/ | grep pcr
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>>
>>>    >>> [... lots more entries also for sha256, sha384, and sha512 ]
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>> It seems to work as expected
>>>
>>>    >>>
>>>
>>>    >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>>
>>>    >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>>
>>>    >>>> Thanks, Sandeep. -----Original Message----- From: Stefan
>>> Berger
>>>
>>>    >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>>
>>>    >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>> Please find below my answers inline.
>>>
>>>    >>>>
>>>
>>>    >>>> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>> -----Original Message-----
>>>
>>>    >>>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>>> Sent: Friday, May 5, 2023 6:56 PM
>>>
>>>    >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>>> <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad
>>> Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>>> Subject: Re: Integrating swtpm(as a software TPM) with
>>> OpenBMC on
>>>
>>>    >>>> Qemu
>>>
>>>    >>>>
>>>
>>>    >>>> "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ans:
>>>
>>>    >>>>
>>>
>>>    >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>
>>>    >>>>
>>>
>>>    >>>>     >          Kernel version used : Linux evb-ast2600
>>> 6.1.15-580639a #1
>>>
>>>    >>>> SMP
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
>>> |
>>>
>>>    >>>> grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Could you please point to the right version of kernel which has all these changes ?
>>>
>>>    >>>>
>>>
>>>    >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>
>>>    >>>>
>>>
>>>    >>>> Does this show any files?
>>>
>>>    >>>>
>>>
>>>    >>>> find /sys | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep: It doesn't show any files. *
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>>
>>>    >>>> Output as below, *
>>>
>>>    >>>>
>>>
>>>    >>>> **
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>
>>>    >>>>
>>>
>>>    >>>> *ls: /dev/tpm*: No such file or directory*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>
>>>    >>>>
>>>
>>>    >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
>>> mode
>>>
>>>    >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>>>
>>>    >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2
>>> -IDN
>>>
>>>    >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY
>>> -P11KIT
>>>
>>>    >>>> -QRENCODE -TPM2
>>>
>>>    >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>>
>>>    >>>> -SYSVINIT
>>>
>>>    >>>> default-hierarchy=unified)*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>         Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>>
>>>    >>>> <mailto:stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>>>
>>>    >>>>
>>>
>>>    >>>>     > <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>> Ninad
>>>
>>>    >>>> Palsule
>>>
>>>    >>>>
>>>
>>>    >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>>
>>>    >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on Qemu
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential Hi C, I was able to build and run the
>>>
>>>    >>>> image(for
>>>
>>>    >>>>
>>>
>>>    >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
>>> with
>>>
>>>    >>>> the
>>>
>>>    >>>>
>>>
>>>    >>>>     >> flash. img provided in your github link(https: //github.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Few issues observed,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
>>> 0x1,
>>>
>>>    >>>> rev-id
>>>
>>>    >>>>
>>>
>>>    >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>>
>>>    >>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   2. If I run it with the locally built image, I get this
>>> error,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > What is the output of this?
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > find /sys/class/tpm | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >     Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# cat
>>> /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
>>> such
>>>
>>>    >>>> file or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> directory*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please do let me know about what has been done to write
>>> the
>>>
>>>    >>>> values
>>>
>>>    >>>>
>>>
>>>    >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _____________________________________________
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *From:* Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>>
>>>    >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, How to build this image =>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don  t get this image built.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please advise if we have to build openbmc stack in a
>>>
>>>    >>>> different way
>>>
>>>    >>>>
>>>
>>>    >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>
>>>
>>>    >>>> <mailto:_openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>>
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>;
>>>
>>>    >>>> Ninad
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Palsule <_ninad@linux.ibm.com_
>>> <mailto:ninad@linux.ibm.com
>>>
>>>    >>>>
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>>
>>>    >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>>
>>>    >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>>
>>>    >>>> supported on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery <andrew@aj.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hello Sandeep
>>>
>>>    >>>>
>>>
>>>    >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Built the qemu from your branch. Few issues, *$
>>>
>>>    >>>> ./qemu-system-arm -m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 256 -M romulus-bmc -nographic -drive
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>>
>>>    >>>> -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> nic -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *qemu-system-arm: -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> network backend 'user' is not compiled into this binary*
>>> I
>>>
>>>    >>>> didn’t
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> enable the slirp package I guess. So enabled it while
>>>
>>>    >>>> running
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> configure, *$ ../configure --enable-slirp*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *........*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
>>> found,
>>>
>>>    >>>> tried
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> pkgconfig* *A full log can be found at
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>>>
>>>    >>>> /
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> e
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> son-log.txt*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>>>
>>>    >>>> with
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *ERROR: meson setup failed*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> I have already installed slirp locally, but still getting the above error.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>>
>>>    >>>>
>>>
>>>    >>>>     >> C.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> =====-----=====-----=====
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Notice: The information contained in this e-mail message
>>>
>>>    >>>> and/or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> attachments to it may contain confidential or privileged information.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> If you are not the intended recipient, any dissemination,
>>>
>>>    >>>> use,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> review, distribution, printing or copying of the
>>> information
>>>
>>>    >>>>
>>>
>>>    >>>>     >> contained in this e-mail message and/or attachments to it
>>>
>>>    >>>> are
>>>
>>>    >>>>
>>>
>>>    >>>>     >> strictly prohibited. If you have received this
>>> communication
>>>
>>>    >>>> in
>>>
>>>    >>>>
>>>
>>>    >>>>     >> error, please notify us by reply e-mail or telephone and
>>>
>>>    >>>> immediately
>>>
>>>    >>>>
>>>
>>>    >>>>     >> and permanently delete the message and any attachments.
>>>
>>>    >>>> Thank you
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>
>>>
>>>    >>    TCS Confidential
>>>
>>>    >
>>>
>>>    >   TCS Confidential
>>>
>>>
>>> TCS Confidential
>>>
>>
>>    TCS Confidential
>
>   TCS Confidential

 TCS Confidential

RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

[Sandeep Kumar]

 TCS Confidential

One strange thing is,  "common/bootm.c" has calls to TPM API's  for example  tcg2_measurement_init() . If I do the same API call in "common/image-fit.c", I get undefined reference error.

Thanks,
Sandeep.

-----Original Message-----
From: Sandeep Kumar
Sent: Thursday, June 1, 2023 4:23 PM
To: Stefan Berger <stefanb@linux.ibm.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Hi All,

Please find below the config files with TPM support used in our environment.

=============================================================================================
Local.conf

MACHINE ??= "evb-ast2600"
DISTRO ?= "openbmc-phosphor"
PACKAGE_CLASSES ?= "package_ipk"
SANITY_TESTED_DISTROS:append ?= " *"
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
USER_CLASSES ?= "buildstats"
PATCHRESOLVE = "noop"
MACHINE_FEATURES:append = " tpm2"
DISTRO_FEATURES:append = " tpm2"
BB_DISKMON_DIRS ??= "\
    STOPTASKS,${TMPDIR},1G,100K \
    STOPTASKS,${DL_DIR},1G,100K \
    STOPTASKS,${SSTATE_DIR},1G,100K \
    STOPTASKS,/tmp,100M,100K \
    HALT,${TMPDIR},100M,1K \
    HALT,${DL_DIR},100M,1K \
    HALT,${SSTATE_DIR},100M,1K \
    HALT,/tmp,10M,1K"
CONF_VERSION = "2"

require conf/machine/include/obmc-bsp-common.inc

=============================================================================================
bblayers.conf

# LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf
# changes incompatibly
LCONF_VERSION = "8"

BBPATH = "${TOPDIR}"
BBFILES ?= ""

BBLAYERS ?= " \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-poky \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-oe \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-networking \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-openembedded/meta-python \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-phosphor \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-security/meta-tpm \
  /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-evb/meta-evb-aspeed/meta-evb-ast2600 \
  "
=============================================================================================
with respect to defconfig => ast2600_openbmc_spl_defconfig tpm is enabled as below(No change from our side, it was existing),
CONFIG_CMD_TPM=y
CONFIG_TPM2_TIS_I2C=y
CONFIG_TPM=y
CONFIG_SPL_TPM=y

=============================================================================================

To reproduce , you can add any API call from include/tpm-v2.h i.e u32 tpm2_auto_start(struct udevice *dev)/u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
into common/image-fit.c file.

After the change, following these steps:
1.      doing git diff > image-fit.patch
2.      copying it to /home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed/recipes-bsp/u-boot/files/
3.      Recipe include file changed accordingly  as below (/home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc)

require conf/machine/distro/include/uboot-distrovars.inc

HOMEPAGE = https://github.com/AspeedTech-BMC/u-boot
SECTION = "bootloaders"
DEPENDS += "flex-native bison-native xxd-native"

LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = file://Licenses/README;md5=30503fd321432fc713238f582193b78e
PE = "1"

# We use the revision in order to avoid having to fetch it from the
# repo during parse
SRCREV = "fd915728e1434725171e28614bc12ca5fb4f6cea"
SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https"
SRC_URI += file://image-fit.patch

SRC_URI:append:uboot-flash-32768 = " file://u-boot_flash_32M.cfg"
SRC_URI:append:uboot-flash-65536 = " file://u-boot_flash_64M.cfg"

S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

# We don't have 'u-boot-initial-env' target in our u-boot version
UBOOT_INITIAL_ENV=""

PV = "v2019.04+git${SRCPV}"
=============================================================================================

Additional configuration information:
tcs@tcs-S2600GZ:~/work/san/openbmc/openbmc_may/openbmc$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

     obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

     core-image-minimal: A small image just capable of allowing a device to boot

     core-image-full-cmdline: A small image with more Linux functionality
                              installed, including a ssh server.

Note that the core targets will not set the default phosphor password.

=============================================================================================
tcs@tcs-S2600GZ:~/work/san/openbmc/openbmc_may/openbmc/build/evb-ast2600$ bitbake -c compile u-boot-aspeed-sdk
Loading cache: 100% |#########################################################################################################################################################################################################| Time: 0:00:01
Loaded 4419 entries from dependency cache.
Parsing recipes: 100% |#######################################################################################################################################################################################################| Time: 0:00:00
Parsing of 2735 .bb files complete (2733 cached, 2 parsed). 4420 targets, 568 skipped, 0 masked, 0 errors.
WARNING: No bb files in default matched BBFILE_PATTERN_meta-evb-ast2600 '^/home/tcs/work/san/openbmc/openbmc_may/openbmc/meta-evb/meta-evb-aspeed/meta-evb-ast2600/'
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION           = "2.4.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "ubuntu-20.04"
TARGET_SYS           = "arm-openbmc-linux-gnueabi"
MACHINE              = "evb-ast2600"
DISTRO               = "openbmc-phosphor"
DISTRO_VERSION       = "nodistro.0"
TUNE_FEATURES        = "arm armv7a vfp vfpv4d16 callconvention-hard"
TARGET_FPU           = "hard"
meta
meta-poky
meta-oe
meta-networking
meta-python
meta-phosphor
meta-aspeed
meta-tpm
meta-evb-ast2600     = "master:ed7346e3a02e40eeb6357d466513d537897e592a"

=============================================================================================

tcs@tcs-S2600GZ:~/work/san/measured_boot/binaries$ ./qemu-system-arm -M ast2600-evb -nographic -drive file=./obmc-phosphor-image-evb-ast2600-20230509105556.static.mtd,if=mtd,format=raw -net nic -net user -chardev socket,id=chrtpm,path=/tmp/emulated_tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
qemu-system-arm: warning: Aspeed iBT has no chardev backend
qemu-system-arm: warning: nic ftgmac100.1 has no peer
qemu-system-arm: warning: nic ftgmac100.2 has no peer
qemu-system-arm: warning: nic ftgmac100.3 has no peer

U-Boot SPL 2019.04 (Mar 10 2023 - 01:54:10 +0000)
Trying to boot from RAM


U-Boot 2019.04 (Mar 10 2023 - 01:54:10 +0000)

SOC: AST2600-A3
eSPI Mode: SIO:Enable : SuperIO-2e
Eth: MAC0: RGMII, MAC1: RGMII, MAC2: RGMII, MAC3: RGMII
Model: AST2600 EVB
DRAM:  already initialized, 1008 MiB (capacity:1024 MiB, VGA:64 MiB, ECC:off)
MMC:

sdhci_slot0@100: 1, sdhci_slot1@200: 2, emmc_slot0@100: 0
Loading Environment from SPI Flash... SF: Detected mx66u51235f with page size 256 Bytes, erase size 4 KiB, total 64 MiB
OK
In:    serial@1e784000
Out:   serial@1e784000
Err:   serial@1e784000
Model: AST2600 EVB
Net:
Warning: ftgmac@1e660000 (eth0) using random MAC address - be:d9:95:18:c6:54
eth0: ftgmac@1e660000
Warning: ftgmac@1e680000 (eth1) using random MAC address - 96:3f:48:1b:ca:62
, eth1: ftgmac@1e680000
Warning: ftgmac@1e670000 (eth2) using random MAC address - 22:cd:77:38:02:6b
, eth2: ftgmac@1e670000
Warning: ftgmac@1e690000 (eth3) using random MAC address - 9e:92:8e:94:df:04
, eth3: ftgmac@1e690000
Hit any key to stop autoboot:  0
ast#
ast# help
[…]
tpm2      - Issue a TPMv2.x command
true      - do nothing, successfully
version   - print monitor, compiler and linker version
ast# help tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

=============================================================================================
Please do let me know if you need any help in reproducing it.

P S: u-boot is downloaded directly from openbmc github site and changed to commit ID: fd915728e1434725171e28614bc12ca5fb4f6cea  to be in sync with the one being used by openbmc.

Thanks,
Sandeep.

-----Original Message-----
From: openbmc <openbmc-bounces+sandeep.pkumar=tcs.com@lists.ozlabs.org> On Behalf Of Stefan Berger
Sent: Wednesday, May 31, 2023 6:27 PM
To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery <andrew@aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu

"External email. Open with Caution"


On 5/31/23 01:04, Sandeep Kumar wrote:
>   TCS Confidential
>
> Hi All,
>
> We are still stuck in this step. Tried few things like changing the defconfig for the machine to support TPM, changes to local.conf to include the packages, etc. But nothing helped. Would appreciate any help to rectify this problem.

Maybe you need to show the config files you made changes to so that others can try to recreate the issue. As I stated below for me uboot has TPM 2 support with the default configuration -- no changes needed:

$ . setup evb-ast2600
Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
Common targets are:

      obmc-phosphor-image: Includes OpenBMC Phosphor userspace and Web UI

      core-image-minimal: A small image just capable of allowing a device to boot

      core-image-full-cmdline: A small image with more Linux functionality
                               installed, including a ssh server.

Note that the core targets will not set the default phosphor password.

$ bitbake obmc-phosphor-image
[...]

$ ~/qemu-system-arm -machine ast2600-evb -nographic -no-reboot -net nic -net user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfwd=udp:127.0.0.1:5723-:623 -drive file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.static.mtd,format=raw,if=mt
[...]


Hit any key to stop autoboot:  0
ast# help
?         - alias for 'help'
base      - print or set address offset
bdinfo    - print Board Info structure
blkcache  - block cache diagnostics and control
boot      - boot default, i.e., run 'bootcmd'
bootd     - boot default, i.e., run 'bootcmd'
bootm     - boot application image from memory
bootp     - boot image via network using BOOTP/TFTP protocol
bootz     - boot Linux zImage image from memory
chpart    - change active partition
clk       - CLK sub-system
cmp       - memory compare
coninfo   - print console devices and information
cp        - memory copy
crc32     - checksum calculation
dhcp      - boot image via network using DHCP/TFTP protocol
dm        - Driver model low level access
dramtest  - ASPEED DRAM BIST
echo      - echo args to console
editenv   - edit environment variable
env       - environment handling commands
erase     - erase FLASH memory
exit      - exit script
ext2load  - load binary file from a Ext2 filesystem
ext2ls    - list files in a directory (default /)
ext4load  - load binary file from a Ext4 filesystem
ext4ls    - list files in a directory (default /)
ext4size  - determine a file's size
ext4write - create a file in the root directory
false     - do nothing, unsuccessfully
fatinfo   - print information about filesystem
fatload   - load binary file from a dos filesystem
fatls     - list files in a directory (default /)
fatsize   - determine a file's size
fdt       - flattened device tree utility commands
flinfo    - print FLASH memory information
fstype    - Look up a filesystem type
go        - start application at address 'addr'
gpio      - query and control gpio pins
gpt       - GUID Partition Table
hash      - compute hash message digest
help      - print command description/usage
i2c       - I2C sub-system
itest     - return true/false on integer compare
load      - load binary file from a filesystem
loadb     - load binary file over serial line (kermit mode)
loads     - load S-Record file over serial line
loadx     - load binary file over serial line (xmodem mode)
loady     - load binary file over serial line (ymodem mode)
log       - log system
loop      - infinite loop on address range
ls        - list files in a directory (default /)
md        - memory display
mdio      - MDIO utility commands
mii       - MII utility commands
mm        - memory modify (auto-incrementing address)
mmc       - MMC sub system
mmcinfo   - display MMC info
mtdparts  - define flash/nand partitions
mtest     - simple RAM read/write test
mw        - memory write (fill)
ncsi      - Configure attached NIC via NC-SI
nfs       - boot image via network using NFS protocol
nm        - memory modify (constant address)
otp       - ASPEED One-Time-Programmable sub-system
part      - disk partition related commands
peci      - ASPEED PECI general bus command test program
ping      - send ICMP ECHO_REQUEST to network host
pinmux    - show pin-controller muxing
printenv  - print environment variables
protect   - enable or disable FLASH write protection
reset     - Perform RESET of the CPU
run       - run commands in an environment variable
save      - save file to a filesystem
saveenv   - save environment variables to persistent storage
setenv    - set environment variables
setexpr   - set environment variable as the result of eval expression
sf        - SPI flash sub-system
showvar   - print local hushshell variables
size      - determine a file's size
sleep     - delay execution for some time
source    - run script from memory
test      - minimal test like /bin/sh
tftpboot  - boot image via network using TFTP protocol
tpm2      - Issue a TPMv2.x command
true      - do nothing, successfully
version   - print monitor, compiler and linker version
ast# help tpm2
tpm2 - Issue a TPMv2.x command

Usage:
tpm2 <command> [<arguments>]

device [num device]
     Show all devices or set the specified device [...]

Regards,
    Stefan

>
> Thanks,
> Sandeep.
>
>
>
> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, May 25, 2023 6:19 PM
> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
> <andrew@aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
>
> On 5/25/23 05:49, Sandeep Kumar wrote:
>>    TCS Confidential
>>
>> Hi Stefan,
>>
>> Which OS are you building this ? I am building it on ubuntu 20.04. Also, I am building it for evb-ast2600 and I don’t see TPM enabled in the configs/evb-ast2600_defconfig  file.
>
> $ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=22.04
> DISTRIB_CODENAME=jammy
> DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
>
> $ . setup evb-ast2600
> Machine evb-ast2600 found in meta-evb/meta-evb-aspeed/meta-evb-ast2600
> Common targets are:
>
>        obmc-phosphor-image: Includes OpenBMC Phosphor userspace and
> Web UI
>
>        core-image-minimal: A small image just capable of allowing a
> device to boot
>
>        core-image-full-cmdline: A small image with more Linux functionality
>                                 installed, including a ssh server.
>
> Note that the core targets will not set the default phosphor password.
>
>
>      Stefan
>
>
>
>>
>> Thanks,
>> Sandeep.
>>
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Tuesday, May 23, 2023 8:06 PM
>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>> <andrew@aj.id.au>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu
>>
>> "External email. Open with Caution"
>>
>>
>>
>> On 5/23/23 01:59, Sandeep Kumar wrote:
>>
>>>
>>> TCS Confidential
>>
>> What is TCS Confidential ?
>>
>>>
>>>
>>> Hi Stefan,
>>>
>>> Thanks for the information. I am trying to make use of the commands by using tpm_init() inside image-fit.c file. It compiles but gives an undefined reference error as below.
>>>
>>
>> When I am running the OpenBMC image that I build with `bitbake obmc-phosphor-image` I already have uboot with TPM 2 support built-in. I am not sure how you are getting this error.
>>
>>        Stefan
>>
>>>      gcc
>>> -isystem/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-a
>>> s
>>> t
>>> 2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_
>>> v
>>> 2 019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/include
>>> -O2 -pipe
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600
>>> /
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.
>>> 0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -L/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600
>>> /
>>> t
>>> mp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk/1_v2019.
>>> 0
>>> 4
>>> +gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,--enable-new-dtags
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/bui
>>> l
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspee
>>> d
>>> -
>>> sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/li
>>> b
>>>
>>> -Wl,-rpath-link,/home/tcs/work/san/openbmc/openbmc_april/openbmc/bui
>>> l
>>> d
>>> /evb-ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspee
>>> d
>>> - sdk/1_v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/ev
>>> b
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk
>>> /
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/usr/lib
>>> -Wl,-rpath,/home/tcs/work/san/openbmc/openbmc_april/openbmc/build/ev
>>> b
>>> -
>>> ast2600/tmp/work/evb_ast2600-openbmc-linux-gnueabi/u-boot-aspeed-sdk
>>> /
>>> 1 _v2019.04+gitAUTOINC+fd915728e1-r0/recipe-sysroot-native/lib
>>> -Wl,-O1  -o tools/fit_check_sign tools/aisimage.o tools/atmelimage.o
>>> tools/common/image-sig.o tools/common/bootm.o tools/lib/crc32.o
>>> tools/default_image.o tools/lib/fdtdec_common.o tools/lib/fdtdec.o
>>> tools/fit_common.o tools/fit_image.o tools/common/image-fit.o
>>> tools/image-host.o tools/common/image.o tools/imagetool.o
>>> tools/imximage.o tools/imx8image.o tools/imx8mimage.o
>>> tools/kwbimage.o tools/lib/md5.o tools/lpc32xximage.o
>>> tools/mxsimage.o tools/omapimage.o tools/os_support.o
>>> tools/pblimage.o tools/pbl_crc32.o tools/vybridimage.o
>>> tools/stm32image.o tools/lib/rc4.o tools/rkcommon.o tools/rkimage.o
>>> tools/rksd.o tools/rkspi.o tools/socfpgaimage.o tools/lib/crc16.o
>>> tools/lib/sha1.o tools/lib/sha256.o tools/lib/sha512.o
>>> tools/common/hash.o tools/ublimage.o tools/zynqimage.o
>>> tools/zynqmpimage.o tools/zynqmpbif.o tools/libfdt/fdt.o
>>> tools/libfdt/fdt_wip.o tools/libfdt/fdt_sw.o tools/libfdt/fdt_rw.o
>>> tools/libfdt/fdt_strerror.o tools/libfdt/fdt_empty_tree.o
>>> tools/libfdt/fdt_addresses.o tools/libfdt/fdt_overlay.o
>>> tools/lib/libfdt/fdt_ro.o tools/lib/libfdt/fdt_region.o
>>> tools/gpimage.o tools/gpimage-common.o tools/mtk_image.o
>>> tools/lib/rsa/rsa-sign.o tools/lib/rsa/rsa-verify.o
>>> tools/lib/rsa/rsa-checksum.o tools/lib/rsa/rsa-mod-exp.o
>>> tools/fit_check_sign.o  -lssl -lcrypto
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: tools/common/image-fit.o: in function `boot_get_setup_fit':
>>>
>>> image-fit.c:(.text+0x27e1): undefined reference to `get_tpm'
>>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/build/evb-ast2600/tmp/hosttools/ld: image-fit.c:(.text+0x280e): undefined reference to `tpm_init'
>>>
>>> collect2: error: ld returned 1 exit status
>>>
>>> make[2]: *** [scripts/Makefile.host:106: tools/dumpimage] Error 1
>>>
>>> Although the tpm_init() is present in tpm-common.c  and image-fit.c is present in the same module as well. But still I get the above error. I have tried including the DEPENDS on libtpm in the u-boot recipe but nothing seems to work. Any specific library/specific location to be included for TPM support?
>>>
>>> -----Original Message-----
>>> From: Stefan Berger <stefanb@linux.ibm.com>
>>> Sent: Thursday, May 18, 2023 5:10 PM
>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com>; Cédric Le Goater
>>> <clg@kaod.org>; openbmc@lists.ozlabs.org; Ninad Palsule
>>> <ninad@linux.ibm.com>; Joel Stanley <jms@jms.id.au>; Andrew Jeffery
>>> <andrew@aj.id.au>
>>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>>> Qemu
>>>
>>> "External email. Open with Caution"
>>>
>>> On 5/17/23 13:13, Sandeep Kumar wrote:
>>>
>>>    >   TCS Confidential
>>>
>>>    >
>>>
>>>    > Hi Stefan,
>>>
>>>    >
>>>
>>>    > Thanks for providing the information. I am able to make use of it. But is it possible to make use of this stack at the bootloader(inside u-boot) level ?
>>>
>>>    >
>>>
>>> There are quite a few commands in u-boot:
>>>
>>> ast# tpm2
>>>
>>> tpm2 - Issue a TPMv2.x command
>>>
>>> Usage:
>>>
>>> tpm2 <command> [<arguments>]
>>>
>>> device [num device]
>>>
>>>         Show all devices or set the specified device info
>>>
>>>         Show information about the TPM.
>>>
>>> state
>>>
>>>         Show internal state from the TPM (if available) init
>>>
>>>         Initialize the software stack. Always the first command to issue.
>>>
>>> startup <mode>
>>>
>>>         Issue a TPM2_Startup command.
>>>
>>>         <mode> is one of:
>>>
>>>             * TPM2_SU_CLEAR (reset state)
>>>
>>>             * TPM2_SU_STATE (preserved state) self_test <type>
>>>
>>>         Test the TPM capabilities.
>>>
>>>         <type> is one of:
>>>
>>>             * full (perform all tests)
>>>
>>>             * continue (only check untested tests) clear <hierarchy>
>>>
>>>         Issue a TPM2_Clear command.
>>>
>>>         <hierarchy> is one of:
>>>
>>>             * TPM2_RH_LOCKOUT
>>>
>>>             * TPM2_RH_PLATFORM
>>>
>>> pcr_extend <pcr> <digest_addr>
>>>
>>>         Extend PCR #<pcr> with digest at <digest_addr>.
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address of a 32-byte SHA256 digest pcr_read
>>> <pcr> <digest_addr>
>>>
>>>         Read PCR #<pcr> to memory address <digest_addr>.
>>>
>>>        <pcr>: index of the PCR
>>>
>>>         <digest_addr>: address to store the a 32-byte SHA256 digest
>>> get_capability <capability> <property> <addr> <count>
>>>
>>>         Read and display <count> entries indexed by <capability>/<property>.
>>>
>>>         Values are 4 bytes long and are written at <addr>.
>>>
>>>         <capability>: capability
>>>
>>>         <property>: property
>>>
>>>         <addr>: address to store <count> entries of 4 bytes
>>>
>>>         <count>: number of entries to retrieve dam_reset
>>> [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, reset the internal error counter.
>>>
>>>         <password>: optional password
>>>
>>> dam_parameters <max_tries> <recovery_time> <lockout_recovery>
>>> [<password>]
>>>
>>>         If the TPM is not in a LOCKOUT state, set the DAM parameters
>>>
>>>         <maxTries>: maximum number of failures before lockout,
>>>
>>>                     0 means always locking
>>>
>>>         <recoveryTime>: time before decrement of the error counter,
>>>
>>>                         0 means no lockout
>>>
>>>         <lockoutRecovery>: time of a lockout (before the next try),
>>>
>>>                            0 means a reboot is needed
>>>
>>>         <password>: optional password of the LOCKOUT hierarchy
>>> change_auth <hierarchy> <new_pw> [<old_pw>]
>>>
>>>         <hierarchy>: the hierarchy
>>>
>>>         <new_pw>: new password for <hierarchy>
>>>
>>>         <old_pw>: optional previous password of <hierarchy>
>>> pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]
>>>
>>>         Change the <key> to access PCR #<pcr>.
>>>
>>>         hierarchy and may be empty.
>>>
>>>         /!\WARNING: untested function, use at your own risks !
>>>
>>>         <pcr>: index of the PCR
>>>
>>>         <key>: secret to protect the access of PCR #<pcr>
>>>
>>>         <password>: optional password of the PLATFORM hierarchy
>>>
>>> Regards,
>>>
>>>        Stefan
>>>
>>>    > Thanks,
>>>
>>>    > Sandeep.
>>>
>>>    >
>>>
>>>    > -----Original Message-----
>>>
>>>    > From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    > Sent: Tuesday, May 9, 2023 10:01 PM
>>>
>>>    > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    > <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    > <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    > Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on Qemu
>>>
>>>    >
>>>
>>>    > "External email. Open with Caution"
>>>
>>>    >
>>>
>>>    >
>>>
>>>    > On 5/9/23 08:06, Sandeep Kumar wrote:
>>>
>>>    >>    TCS Confidential
>>>
>>>    >>
>>>
>>>    >> Hi Stefan,
>>>
>>>    >>
>>>
>>>    >> Thanks for the help.
>>>
>>>    >>
>>>
>>>    >> 'MACHINE_FEATURES:append = " tpm2" => this worked for me as well.  Could you please also point to the API's which can be used for communicating with swtpm? Any sample code which can be used for reading and writing data to and from the block device ?
>>>
>>>    >
>>>
>>>    > TPM 2 has character devices /dev/tpm0 and /dev/tpmrm0 that can for example be used with either one of the tss2 stacks:
>>>
>>>    >
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss
>>>
>>>    >
>>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils
>>> -
>>> 1
>>>
>>>    > 2-Makefile.am-expand-wildcards-in-prereqs.patch
>>>
>>>    >
>>> meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.
>>>
>>>    > 1.0.bb meta-security/meta-tpm/recipes-tpm2/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss
>>>
>>>    > meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.
>>>
>>>    > patch
>>> meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
>>>
>>>    >
>>>
>>>    > Intel: https://github.com/tpm2-software/tpm2-tss#overview
>>> <https://github.com/tpm2-software/tpm2-tss#overview>
>>>
>>>    > IBM: https://github.com/kgoldman/ibmtss
>>> <https://github.com/kgoldman/ibmtss>
>>>
>>>    >
>>>
>>>    >      Stefan
>>>
>>>    >
>>>
>>>    >>
>>>
>>>    >> Thanks,
>>>
>>>    >> Sandeep.
>>>
>>>    >>
>>>
>>>    >> -----Original Message-----
>>>
>>>    >> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >> Sent: Saturday, May 6, 2023 2:08 AM
>>>
>>>    >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >> <clg@kaod.org <mailto:clg@kaod.org>>; openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>; Ninad Palsule
>>>
>>>    >> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC
>>> on
>>>
>>>    >> Qemu
>>>
>>>    >>
>>>
>>>    >> "External email. Open with Caution"
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> On 5/5/23 13:36, Sandeep Kumar wrote:
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>>
>>>
>>>    >>> Hi Stefan,
>>>
>>>    >>>
>>>
>>>    >>> I have these options set in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed/tpm/tpm2.cfg
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_HW_RANDOM=y
>>>
>>>    >>> CONFIG_HW_RANDOM_TPM=y
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_SPI=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>> CONFIG_SECURITYFS=y
>>>
>>>    >>
>>>
>>>    >>
>>>
>>>    >> I added 'MACHINE_FEATURES:append = " tpm2"' and this works for me.
>>>
>>>    >>
>>>
>>>    >> As long as these symbols are built into the kernel it should work:
>>>
>>>    >>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms 8056318c
>>> t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> and in
>>>
>>>    >>>
>>> /home/tcs/work/san/openbmc/openbmc_april/openbmc/meta-aspeed/recipes
>>>
>>>    >>> - k ernel/linux/linux-aspeed.inc I have these,
>>>
>>>    >>>
>>>
>>>    >>> SRC_URI += " \
>>>
>>>    >>> file://defconfig <file://defconfig> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6dba
>>> e
>>> e
>>> a41067e54c65176c233ec7b2ab2decf1ddcd
>>> <file://rsa_oem_fitimage_key.key;sha256sum=eeb4ff2ebbfbd97b6254fe6db
>>> a
>>> e
>>> ea41067e54c65176c233ec7b2ab2decf1ddcd> \
>>>
>>>    >>>
>>> file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f32
>>> 1
>>> 4
>>> d471ac7b83ab7acef41c4425a34662e8372e
>>> <file://rsa_oem_fitimage_key.crt;sha256sum=45f5a55497cce8040999bf9f3
>>> 2
>>> 1
>>> 4d471ac7b83ab7acef41c4425a34662e8372e> \
>>>
>>>    >>> ${@bb.utils.contains('MACHINE_FEATURES
>>> <mailto:$%7b@bb.utils.contains('MACHINE_FEATURES>', 'tpm2',
>>> 'file://tpm/tpm2.scc file://tpm/tpm2.cfg <file://tpm/tpm2.cfg>', '',
>>> d)} \
>>>
>>>    >>> ${@bb.utils.contains_any('DISTRO_FEATURES
>>> <mailto:$%7b@bb.utils.contains_any('DISTRO_FEATURES>', \
>>>
>>>    >>>                    'obmc-static-norootfs obmc-ubi-fs', \
>>>
>>>    >>>                    'file://ubi/ubi.scc file://ubi/ubi.cfg
>>> <file://ubi/ubi.cfg>', '', d)} \
>>>
>>>    >>>               "
>>>
>>>    >>>
>>>
>>>    >>> Anything else needs to be done to enable TPM ?
>>>
>>>    >>
>>>
>>>    >> Apart from having to use the latest QEMU with the TPM TIS I2C support (from git repo) I don't know of anything else.
>>>
>>>    >>
>>>
>>>    >>       Stefan
>>>
>>>    >>
>>>
>>>    >>>
>>>
>>>    >>> Thanks,
>>>
>>>    >>> Sandeep.
>>>
>>>    >>>
>>>
>>>    >>> -----Original Message-----
>>>
>>>    >>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>> Sent: Friday, May 5, 2023 9:41 PM
>>>
>>>    >>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>> <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad
>>> Palsule
>>>
>>>    >>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>> Subject: Re: Integrating swtpm(as a software TPM) with
>>> OpenBMC on
>>>
>>>    >>> Qemu
>>>
>>>    >>>
>>>
>>>    >>> "External email. Open with Caution"
>>>
>>>    >>>
>>>
>>>    >>> I enable the following kernel build options for OpenBMC Linux kernel:
>>>
>>>    >>>
>>>
>>>    >>> CONFIG_TCG_TPM=y
>>>
>>>    >>> CONFIG_TCG_TIS_CORE=y
>>>
>>>    >>> CONFIG_TCG_TIS=y
>>>
>>>    >>> CONFIG_TCG_TIS_I2C=y
>>>
>>>    >>>
>>>
>>>    >>> With swtpm running in another terminal:
>>>
>>>    >>>
>>>
>>>    >>> while :; do swtpm socket --tpmstate dir=/tmp/mytpm1     --ctrl
>>> type=unixio,path=/tmp/mytpm1/swtpm-sock     --tpm2     --log level=20;
>>> done
>>>
>>>    >>>
>>>
>>>    >>> I start qemu built from qemu git master branch tip:
>>>
>>>    >>>
>>>
>>>    >>> /tmp/qemu-system-arm -machine ast2600-evb -nographic
>>> -no-reboot -net nic -net
>>> user,hostfwd=:127.0.0.1:5722-:22,hostfwd=:127.0.0.1:5743-:443,hostfw
>>> d
>>> =
>>> udp:127.0.0.1:5723-:623 -drive
>>> file=./tmp/deploy/images/evb-ast2600/obmc-phosphor-image-evb-ast2600.
>>> s
>>> tatic.mtd,format=raw,if=mtd -chardev
>>> socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock     -tpmdev
>>> emulator,id=tpm0,chardev=chrtpm     -device
>>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>> /sys/bus/i2c/devices/i2c-12/new_device
>>>
>>>    >>> [   63.771200] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1,
>>> rev-id 1)
>>>
>>>    >>> [   63.783927] tpm tpm0: A TPM error (256) occurred attempting
>>> the self test
>>>
>>>    >>> [   63.784256] tpm tpm0: starting up the TPM manually
>>>
>>>    >>> [   63.851474] i2c i2c-12: new_device: Instantiated device
>>> tpm_tis_i2c at 0x2e
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# uname -a
>>>
>>>    >>> Linux evb-ast2600
>>> 6.1.15-580639a-dirty-c56bfb7-00123-gc56bfb70ebfa
>>>
>>>    >>> #1 SMP Thu Apr  6 00:55:09 UTC 2023 armv7l GNU/Linux
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# grep tpm_tis_i2c /proc/kallsyms> 8056318c
>>> t
>>>
>>>    >>> tpm_tis_i2c_remove
>>>
>>>    >>> 805631b0 t tpm_tis_i2c_retry_transfer_until_ack
>>>
>>>    >>> 8056323c t tpm_tis_i2c_write_bytes
>>>
>>>    >>> 80563334 t tpm_tis_i2c_verify_crc
>>>
>>>    >>> 805633e0 t tpm_tis_i2c_read_bytes
>>>
>>>    >>> 80563604 t tpm_tis_i2c_probe
>>>
>>>    >>> 80d23964 t tpm_tis_i2c_driver_init
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/class/tpm /sys/class/tpm
>>>
>>>    >>> /sys/class/tpm/tpm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# ls -l /dev/tpm*
>>>
>>>    >>> crw-------    1 root     root       10, 224 May  5 16:03
>>> /dev/tpm0
>>>
>>>    >>> crw-------    1 root     root      252, 65536 May  5 16:03
>>> /dev/tpmrm0
>>>
>>>    >>>
>>>
>>>    >>> root@evb-ast2600:~# find /sys/ | grep pcr
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1
>>>
>>>    >>>
>>> /sys/devices/platform/ahb/ahb:apb/ahb:apb:bus@1e78a000/1e78a680.i2c-
>>>
>>>    >>> b
>>>
>>>    >>> u
>>>
>>>    >>> s/i2c-12/12-002e/tpm/tpm0/pcr-sha1/17
>>>
>>>    >>> [... lots more entries also for sha256, sha384, and sha512 ]
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>>
>>>
>>>    >>> It seems to work as expected
>>>
>>>    >>>
>>>
>>>    >>> On 5/5/23 11:08, Sandeep Kumar wrote:
>>>
>>>    >>>> TCS Confidential Hi Stefan, Please find below my answers inline.
>>>
>>>    >>>> Thanks, Sandeep. -----Original Message----- From: Stefan
>>> Berger
>>>
>>>    >>>> <stefanb@ linux. ibm. com> Sent: Friday, May 5, 2023 6: 56 PM To:
>>>
>>>    >>>> Sandeep Kumar <sandeep. pkumar@ tcs. com>; ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>> Please find below my answers inline.
>>>
>>>    >>>>
>>>
>>>    >>>> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>> -----Original Message-----
>>>
>>>    >>>> From: Stefan Berger <stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>
>>>
>>>    >>>> Sent: Friday, May 5, 2023 6:56 PM
>>>
>>>    >>>> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>; Cédric Le Goater
>>>
>>>    >>>> <clg@kaod.org <mailto:clg@kaod.org>>;
>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>; Ninad
>>> Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>; Joel
>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au>>; Andrew Jeffery
>>>
>>>    >>>> <andrew@aj.id.au <mailto:andrew@aj.id.au>>
>>>
>>>    >>>> Subject: Re: Integrating swtpm(as a software TPM) with
>>> OpenBMC on
>>>
>>>    >>>> Qemu
>>>
>>>    >>>>
>>>
>>>    >>>> "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>> On 5/5/23 01:40, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Hi Stefan,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ans:
>>>
>>>    >>>>
>>>
>>>    >>>>     >          I am using the Kernel version coming with the latest openBMC without any changes.
>>>
>>>    >>>>
>>>
>>>    >>>>     >          Kernel version used : Linux evb-ast2600
>>> 6.1.15-580639a #1
>>>
>>>    >>>> SMP
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Stefan:  What is the output of this?  find /sys/class/tpm
>>> |
>>>
>>>    >>>> grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     > Ams:     find: /sys/class/tpm: No such file or directory.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Could you please point to the right version of kernel which has all these changes ?
>>>
>>>    >>>>
>>>
>>>    >>>> I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
>>>
>>>    >>>>
>>>
>>>    >>>> Does this show any files?
>>>
>>>    >>>>
>>>
>>>    >>>> find /sys | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep: It doesn't show any files. *
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
>>>
>>>    >>>>
>>>
>>>    >>>> *Sandeep:  I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo.
>>>
>>>    >>>> Output as below, *
>>>
>>>    >>>>
>>>
>>>    >>>> **
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# find /sys | grep pcr*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# ls /dev/tpm**
>>>
>>>    >>>>
>>>
>>>    >>>> *ls: /dev/tpm*: No such file or directory*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~# dmesg | grep -i tpm*
>>>
>>>    >>>>
>>>
>>>    >>>> *[    6.290898] systemd[1]: systemd 253.1^ running in system
>>> mode
>>>
>>>    >>>> (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT
>>>
>>>    >>>> -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2
>>> -IDN
>>>
>>>    >>>> -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY
>>> -P11KIT
>>>
>>>    >>>> -QRENCODE -TPM2
>>>
>>>    >>>> -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP
>>>
>>>    >>>> -SYSVINIT
>>>
>>>    >>>> default-hierarchy=unified)*
>>>
>>>    >>>>
>>>
>>>    >>>> *[  273.273089] i2c i2c-12: new_device: Instantiated device
>>>
>>>    >>>> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>         Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     > From: Stefan Berger <stefanb@linux.ibm.com
>>>
>>>    >>>> <mailto:stefanb@linux.ibm.com
>>> <mailto:stefanb@linux.ibm.com>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Sent: Thursday, May 4, 2023 7:30 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     > To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>; Cédric Le Goater
>>>
>>>    >>>>
>>>
>>>    >>>>     > <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>> Ninad
>>>
>>>    >>>> Palsule
>>>
>>>    >>>>
>>>
>>>    >>>>     > <ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>; Joel
>>>
>>>    >>>> Stanley <jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>; Andrew Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     > <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     > Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on Qemu
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > On 5/4/23 05:12, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential Hi C, I was able to build and run the
>>>
>>>    >>>> image(for
>>>
>>>    >>>>
>>>
>>>    >>>>     >> evb-ast2600) with swtpm. Few issues observed, If I run
>>> with
>>>
>>>    >>>> the
>>>
>>>    >>>>
>>>
>>>    >>>>     >> flash. img provided in your github link(https: //github.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ZjQcmQRYFpfptBannerEnd
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> I was able to build and run the image(for evb-ast2600) with swtpm.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Few issues observed,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images <https://github.com/legoater/qemu-aspeed-boot/tree/master/images%20%3chttps:/github.com/legoater/qemu-aspeed-boot/tree/master/images>>>) everything works as expected, i.e I get the below output.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id
>>> 0x1,
>>>
>>>    >>>> rev-id
>>>
>>>    >>>>
>>>
>>>    >>>>     >> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated
>>>
>>>    >>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>   2. If I run it with the locally built image, I get this
>>> error,
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > Is the kernel configured in the same way? Are you using the same kernel version?
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> /sys/bus/i2c/devices/i2c-12/new_device*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *[  174.063597] i2c i2c-12: new_device: Instantiated
>>> device
>>>
>>>    >>>>
>>>
>>>    >>>>     >> tpm_tis_i2c at 0x2e*
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > What is the output of this?
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     > find /sys/class/tpm | grep pcr
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >     Stefan
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~# cat
>>> /sys/class/tpm/tpm0/pcr-sha256/0*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No
>>> such
>>>
>>>    >>>> file or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> directory*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *root@evb-ast2600:~#*
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please do let me know about what has been done to write
>>> the
>>>
>>>    >>>> values
>>>
>>>    >>>>
>>>
>>>    >>>>     >> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _____________________________________________
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *From:* Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Sent:* Thursday, April 20, 2023 5:45 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *To:* Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Ninad Palsule <ninad@linux.ibm.com
>>>
>>>    >>>> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com>>>;
>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>> <mailto:jms@jms.id.au <mailto:jms@jms.id.au>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Andrew Jeffery <andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *Subject:* RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, How to build this image =>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don  t get this image built.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Please advise if we have to build openbmc stack in a
>>>
>>>    >>>> different way
>>>
>>>    >>>>
>>>
>>>    >>>>     >> than the standard procedure. We follow the below steps for build, 1. .
>>>
>>>    >>>>
>>>
>>>    >>>>     >> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Sandeep Kumar
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 3:00 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Cédric Le Goater <_clg@kaod.org_ <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org
>>> <mailto:_clg@kaod.org_%20%3cmailto:clg@kaod.org>>>>;
>>>
>>>    >>>>
>>>
>>>    >>>>     >> _openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>
>>>
>>>    >>>> <mailto:_openbmc@lists.ozlabs.org_
>>> <mailto:_openbmc@lists.ozlabs.org_>>
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>;
>>>
>>>    >>>> Ninad
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Palsule <_ninad@linux.ibm.com_
>>> <mailto:ninad@linux.ibm.com
>>>
>>>    >>>>
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com
>>> <mailto:_ninad@linux.ibm.com_%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Stanley <_jms@jms.id.au_ <mailto:jms@jms.id.au
>>>
>>>    >>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au
>>> <mailto:_jms@jms.id.au_%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <_andrew@aj.id.au_ <mailto:andrew@aj.id.au
>>>
>>>    >>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au
>>> <mailto:_andrew@aj.id.au_%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: RE: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu Hi C, Got it working. Looks like slirp is no longer
>>>
>>>    >>>> supported on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> ubnutu 18.04. have upgraded to a newer version  and is working now.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Thanks,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sandeep.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> -----Original Message-----
>>>
>>>    >>>>
>>>
>>>    >>>>     >> From: Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org
>>>
>>>    >>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org
>>> <mailto:clg@kaod.org%20%3cmailto:clg@kaod.org>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Sent: Wednesday, April 19, 2023 2:26 PM
>>>
>>>    >>>>
>>>
>>>    >>>>     >> To: Sandeep Kumar <sandeep.pkumar@tcs.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:sandeep.pkumar@tcs.com
>>>
>>>    >>>> <mailto:sandeep.pkumar@tcs.com
>>> <mailto:sandeep.pkumar@tcs.com>>>>;
>>>
>>>    >>>> openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>
>>> <mailto:openbmc@lists.ozlabs.org <mailto:openbmc@lists.ozlabs.org>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:openbmc@lists.ozlabs.org
>>>
>>>    >>>> <mailto:openbmc@lists.ozlabs.org
>>> <mailto:openbmc@lists.ozlabs.org>>>; Ninad Palsule
>>>
>>>    >>>> <ninad@linux.ibm.com
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:ninad@linux.ibm.com <mailto:ninad@linux.ibm.com
>>> <mailto:ninad@linux.ibm.com%20%3cmailto:ninad@linux.ibm.com>>>>;
>>>
>>>    >>>> Joel Stanley <jms@jms.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:jms@jms.id.au <mailto:jms@jms.id.au
>>> <mailto:jms@jms.id.au%20%3cmailto:jms@jms.id.au>>>>; Andrew
>>>
>>>    >>>> Jeffery <andrew@aj.id.au
>>>
>>>    >>>>
>>>
>>>    >>>>     >> <mailto:andrew@aj.id.au <mailto:andrew@aj.id.au
>>> <mailto:andrew@aj.id.au%20%3cmailto:andrew@aj.id.au>>>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Subject: Re: Integrating swtpm(as a software TPM) with
>>>
>>>    >>>> OpenBMC on
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Qemu "External email. Open with Caution"
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Hello Sandeep
>>>
>>>    >>>>
>>>
>>>    >>>>     >> On 4/18/23 09:45, Sandeep Kumar wrote:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Hi C,
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> Built the qemu from your branch. Few issues, *$
>>>
>>>    >>>> ./qemu-system-arm -m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 256 -M romulus-bmc -nographic -drive
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd
>>>
>>>    >>>> -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> nic -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *qemu-system-arm: -net
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostf
>>>
>>>    >>>> w
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> d
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> =
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 1
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 2
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> network backend 'user' is not compiled into this binary*
>>> I
>>>
>>>    >>>> didn’t
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> enable the slirp package I guess. So enabled it while
>>>
>>>    >>>> running
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> configure, *$ ../configure --enable-slirp*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *........*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *../meson.build:681:2: ERROR: Dependency "slirp" not
>>> found,
>>>
>>>    >>>> tried
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> pkgconfig* *A full log can be found at
>>>
>>>    >>>>
>>>
>>>    >>>>     >>>
>>>
>>>    >>>>
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs
>>>
>>>    >>>> /
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> m
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> e
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> son-log.txt*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *NOTICE: You are using Python 3.6 which is EOL. Starting
>>>
>>>    >>>> with
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> v0.62.0, Meson will require Python 3.7 or newer*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> *ERROR: meson setup failed*
>>>
>>>    >>>>
>>>
>>>    >>>>     >>> I have already installed slirp locally, but still getting the above error.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Did you install the libslirp-dev or libslirp-devel package ?
>>>
>>>    >>>>
>>>
>>>    >>>>     >> C.
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >> =====-----=====-----=====
>>>
>>>    >>>>
>>>
>>>    >>>>     >> Notice: The information contained in this e-mail message
>>>
>>>    >>>> and/or
>>>
>>>    >>>>
>>>
>>>    >>>>     >> attachments to it may contain confidential or privileged information.
>>>
>>>    >>>>
>>>
>>>    >>>>     >> If you are not the intended recipient, any dissemination,
>>>
>>>    >>>> use,
>>>
>>>    >>>>
>>>
>>>    >>>>     >> review, distribution, printing or copying of the
>>> information
>>>
>>>    >>>>
>>>
>>>    >>>>     >> contained in this e-mail message and/or attachments to it
>>>
>>>    >>>> are
>>>
>>>    >>>>
>>>
>>>    >>>>     >> strictly prohibited. If you have received this
>>> communication
>>>
>>>    >>>> in
>>>
>>>    >>>>
>>>
>>>    >>>>     >> error, please notify us by reply e-mail or telephone and
>>>
>>>    >>>> immediately
>>>
>>>    >>>>
>>>
>>>    >>>>     >> and permanently delete the message and any attachments.
>>>
>>>    >>>> Thank you
>>>
>>>    >>>>
>>>
>>>    >>>>     >>
>>>
>>>    >>>>
>>>
>>>    >>>>     >
>>>
>>>    >>>>
>>>
>>>    >>>>     >   TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>>
>>>
>>>    >>>> TCS Confidential
>>>
>>>    >>>>
>>>
>>>    >>>
>>>
>>>    >>>     TCS Confidential
>>>
>>>    >>
>>>
>>>    >>    TCS Confidential
>>>
>>>    >
>>>
>>>    >   TCS Confidential
>>>
>>>
>>> TCS Confidential
>>>
>>
>>    TCS Confidential
>
>   TCS Confidential

 TCS Confidential