linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* IMA fails to see TPM chip (rpi3, linaro optee)
@ 2019-02-18  9:36 Markku Savela
  2019-02-18 10:13 ` Markku Savela
  0 siblings, 1 reply; 14+ messages in thread
From: Markku Savela @ 2019-02-18  9:36 UTC (permalink / raw)
  To: linux-integrity

[-- Attachment #1: Type: text/plain, Size: 976 bytes --]

Hi,

I'm experimenting with optee (linaro) on rpi3 and trying to use TPM chip 
(Letstrust/Infineon) with IMA. I seem to run into issue mentioned in

  https://www.spinics.net/lists/linux-integrity/msg01018.html

e.g., spi is not intialized early enough

[    4.007959] ima: No TPM chip found, activating TPM-bypass! (rc=-19)
[    5.240738] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)

However, after boot, tpm works just fine, it's just IMA not picking it 
up. Has this issue been solved (but not yet present in linaro kernel):

Linux 4.14.56-v8 #3 SMP PREEMPT Wed Feb 13 14:40:29 EET 2019 aarch64 
GNU/Linux.

Seeking hints how to proceed? Would picking tpm/spi or some other driver 
source from some newer kernel and drop into linaro source? Any hope of 
that helping?

I'm booting with config.txt:

enable_uart=1
dtparam=spi=on
dtoverlay=spi-bcm2835
dtoverlay=tpm-slb9670
kernel_address=0x02000000
device_tree_address=0x01000000

... attached the dmesg output.

[-- Attachment #2: dmesg.txt --]
[-- Type: text/plain, Size: 16545 bytes --]

[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 4.14.56-v8 (msa@kone2) (gcc version 8.2.1 20180802 (GNU Toolchain for the A-profile Architecture 8.2-2018-08 (arm-rel-8.23))) #3 SMP PREEMPT Wed Feb 13 14:40:29 EET 2019
[    0.000000] Boot CPU: AArch64 Processor [410fd034]
[    0.000000] Machine model: Raspberry Pi 3 Model B Rev 1.2
[    0.000000] debug: ignoring loglevel setting.
[    0.000000] efi: Getting EFI parameters from FDT:
[    0.000000] efi: UEFI not found.
[    0.000000] cma: Reserved 8 MiB at 0x000000003a000000
[    0.000000] On node 0 totalpages: 241664
[    0.000000]   DMA zone: 3776 pages used for memmap
[    0.000000]   DMA zone: 0 pages reserved
[    0.000000]   DMA zone: 241664 pages, LIFO batch:31
[    0.000000] psci: probing for conduit method from DT.
[    0.000000] psci: PSCIv1.1 detected in firmware.
[    0.000000] psci: Using standard PSCI v0.2 function IDs
[    0.000000] psci: Trusted OS migration not required
[    0.000000] psci: SMC Calling Convention v1.1
[    0.000000] percpu: Embedded 22 pages/cpu @ffffffe13af78000 s50456 r8192 d31464 u90112
[    0.000000] pcpu-alloc: s50456 r8192 d31464 u90112 alloc=22*4096
[    0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 
[    0.000000] Detected VIPT I-cache on CPU0
[    0.000000] CPU features: enabling workaround for ARM erratum 845719
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 237888
[    0.000000] Kernel command line: console=tty0 console=ttyS0,115200 root=/dev/nfs rw rootfstype=nfs nfsroot=192.168.1.5:/srv/nfs/rpi3,udp,vers=3 ip=192.168.1.100 smsc95xx.macaddr=b8:27:eb:c3:4e:dc ignore_loglevel dma.dmachans=0x7f35 rootwait 8250.nr_uarts=1 elevator=deadline fsck.repair=yes bcm2708_fb.fbwidth=1920 bcm2708_fb.fbheight=1080 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.fiq_enable=0 dwc_otg.fiq_fsm_enable=0 dwc_otg.nak_holdoff=0
[    0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[    0.000000] Memory: 891540K/966656K available (7100K kernel code, 898K rwdata, 4136K rodata, 2752K init, 690K bss, 66924K reserved, 8192K cma-reserved)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     modules : 0xffffff8000000000 - 0xffffff8008000000   (   128 MB)
[    0.000000]     vmalloc : 0xffffff8008000000 - 0xffffffbebfff0000   (   250 GB)
[    0.000000]       .text : 0xffffff83fee80000 - 0xffffff83ff570000   (  7104 KB)
[    0.000000]     .rodata : 0xffffff83ff570000 - 0xffffff83ff980000   (  4160 KB)
[    0.000000]       .init : 0xffffff83ff980000 - 0xffffff83ffc30000   (  2752 KB)
[    0.000000]       .data : 0xffffff83ffc30000 - 0xffffff83ffd10a00   (   899 KB)
[    0.000000]        .bss : 0xffffff83ffd10a00 - 0xffffff83ffdbd5e8   (   691 KB)
[    0.000000]     fixed   : 0xffffffbefe7fb000 - 0xffffffbefec00000   (  4116 KB)
[    0.000000]     PCI I/O : 0xffffffbefee00000 - 0xffffffbeffe00000   (    16 MB)
[    0.000000]     vmemmap : 0xffffffbf00000000 - 0xffffffc000000000   (     4 GB maximum)
[    0.000000]               0xffffffbf84000000 - 0xffffffbf84ec0000   (    14 MB actual)
[    0.000000]     memory  : 0xffffffe100000000 - 0xffffffe13b000000   (   944 MB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] ftrace: allocating 25847 entries in 101 pages
[    0.000000] Preemptible hierarchical RCU implementation.
[    0.000000] 	Tasks RCU enabled.
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] arch_timer: cp15 timer(s) running at 19.20MHz (phys).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
[    0.000007] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 4398046511078ns
[    0.000229] Console: colour dummy device 80x25
[    0.001270] console [tty0] enabled
[    0.001313] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=19200)
[    0.001358] pid_max: default: 32768 minimum: 301
[    0.001511] Security Framework initialized
[    0.001745] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[    0.001791] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[    0.002835] Disabling memory control group subsystem
[    0.007075] ASID allocator initialised with 32768 entries
[    0.009073] Hierarchical SRCU implementation.
[    0.011324] EFI services will not be available.
[    0.013139] smp: Bringing up secondary CPUs ...
[    1.065299] CPU1: failed to come online
[    1.065327] CPU1: failed in unknown state : 0x0
[    2.098311] CPU2: failed to come online
[    2.098339] CPU2: failed in unknown state : 0x0
[    3.131243] CPU3: failed to come online
[    3.131271] CPU3: failed in unknown state : 0x0
[    3.131337] smp: Brought up 1 node, 1 CPU
[    3.131361] SMP: Total of 1 processors activated.
[    3.131393] CPU features: detected feature: 32-bit EL0 Support
[    3.131421] CPU features: detected feature: Kernel page table isolation (KPTI)
[    3.133969] CPU: All CPU(s) started at EL2
[    3.134008] alternatives: patching kernel code
[    3.135012] devtmpfs: initialized
[    3.147738] random: get_random_u32 called from bucket_table_alloc+0x108/0x270 with crng_init=0
[    3.149318] Enabled cp15_barrier support
[    3.149352] Enabled setend support
[    3.149722] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[    3.149776] futex hash table entries: 1024 (order: 5, 131072 bytes)
[    3.150595] pinctrl core: initialized pinctrl subsystem
[    3.150812] DMI not present or invalid.
[    3.151182] NET: Registered protocol family 16
[    3.156102] cpuidle: using governor menu
[    3.156604] vdso: 2 pages (1 code @ ffffff83ff577000, 1 data @ ffffff83ffc34000)
[    3.156654] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[    3.158260] DMA: preallocated 256 KiB pool for atomic allocations
[    3.158400] Serial: AMBA PL011 UART driver
[    3.160935] bcm2835-mbox 3f00b880.mailbox: mailbox enabled
[    3.161603] uart-pl011 3f201000.serial: could not find pctldev for node /soc/gpio@7e200000/uart0_pins, deferring probe
[    3.199041] bcm2835-dma 3f007000.dma: DMA legacy API manager at ffffff800801d000, dmachans=0x1
[    3.200884] SCSI subsystem initialized
[    3.201156] usbcore: registered new interface driver usbfs
[    3.201246] usbcore: registered new interface driver hub
[    3.201438] usbcore: registered new device driver usb
[    3.201704] dmi: Firmware registration failed.
[    3.202657] raspberrypi-firmware soc:firmware: Attached to firmware from 2017-02-15 17:14
[    3.203705] raspberrypi-firmware soc:firmware: Get Throttled mailbox call failed
[    3.205245] clocksource: Switched to clocksource arch_sys_counter
[    3.303830] VFS: Disk quotas dquot_6.6.0
[    3.303959] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    3.304200] FS-Cache: Loaded
[    3.304466] CacheFiles: Loaded
[    3.314327] NET: Registered protocol family 2
[    3.315102] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[    3.315265] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[    3.315491] TCP: Hash tables configured (established 8192 bind 8192)
[    3.315733] UDP hash table entries: 512 (order: 2, 16384 bytes)
[    3.315802] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[    3.316105] NET: Registered protocol family 1
[    3.318835] RPC: Registered named UNIX socket transport module.
[    3.318865] RPC: Registered udp transport module.
[    3.318887] RPC: Registered tcp transport module.
[    3.318909] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    3.321740] hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
[    3.323758] workingset: timestamp_bits=46 max_order=18 bucket_order=0
[    3.334692] FS-Cache: Netfs 'nfs' registered for caching
[    3.336521] NFS: Registering the id_resolver key type
[    3.336581] Key type id_resolver registered
[    3.336605] Key type id_legacy registered
[    3.339825] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249)
[    3.341111] io scheduler noop registered
[    3.341140] io scheduler deadline registered (default)
[    3.341538] io scheduler cfq registered
[    3.341567] io scheduler mq-deadline registered
[    3.341593] io scheduler kyber registered
[    3.344793] BCM2708FB: allocated DMA memory fa050000
[    3.344852] BCM2708FB: allocated DMA channel 0 @ ffffff800801d000
[    3.389594] Console: switching to colour frame buffer device 240x67
[    3.411374] Serial: 8250/16550 driver, 1 ports, IRQ sharing enabled
[    3.413167] bcm2835-rng 3f104000.rng: hwrng registered
[    3.413528] vc-mem: phys_addr:0x00000000 mem_base=0x3ec00000 mem_size:0x40000000(1024 MiB)
[    3.414517] gpiomem-bcm2835 3f200000.gpiomem: Initialised: Registers at 0x3f200000
[    3.414842] cacheinfo: Unable to detect cache hierarchy for CPU 0
[    3.427738] brd: module loaded
[    3.439741] loop: module loaded
[    3.439849] Loading iSCSI transport class v2.0-870.
[    3.441983] spi-bcm2835 3f204000.spi: could not get clk: -517
[    3.442577] libphy: Fixed MDIO Bus: probed
[    3.442792] usbcore: registered new interface driver lan78xx
[    3.442974] usbcore: registered new interface driver smsc95xx
[    3.443107] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[    3.443548] dwc_otg 3f980000.usb: base=0x08280000
[    3.644900] Core Release: 2.80a
[    3.644985] Setting default values for core params
[    3.645110] Finished setting default values for core params
[    3.845511] Using Buffer DMA mode
[    3.845592] Periodic Transfer Interrupt Enhancement - disabled
[    3.845710] Multiprocessor Interrupt Enhancement - disabled
[    3.845824] OTG VER PARAM: 0, OTG VER FLAG: 0
[    3.845926] Dedicated Tx FIFOs mode
[    3.846294] dwc_otg: Microframe scheduler enabled
[    3.846511] dwc_otg 3f980000.usb: DWC OTG Controller
[    3.846647] dwc_otg 3f980000.usb: new USB bus registered, assigned bus number 1
[    3.846828] dwc_otg 3f980000.usb: irq 41, io mem 0x00000000
[    3.846988] Init: Port Power? op_state=1
[    3.847076] Init: Power Port (0)
[    3.847424] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    3.847566] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    3.847716] usb usb1: Product: DWC OTG Controller
[    3.847820] usb usb1: Manufacturer: Linux 4.14.56-v8 dwc_otg_hcd
[    3.847944] usb usb1: SerialNumber: 3f980000.usb
[    3.848775] hub 1-0:1.0: USB hub found
[    3.848907] hub 1-0:1.0: 1 port detected
[    3.849677] dwc_otg: FIQ disabled
[    3.849760] dwc_otg: NAK holdoff disabled
[    3.854312] dwc_otg: FIQ split-transaction FSM disabled
[    3.858934] Module dwc_common_port init
[    3.865118] usbcore: registered new interface driver usb-storage
[    3.869734] IR NEC protocol handler initialized
[    3.874277] IR RC5(x/sz) protocol handler initialized
[    3.878869] IR RC6 protocol handler initialized
[    3.883480] IR JVC protocol handler initialized
[    3.887945] IR Sony protocol handler initialized
[    3.892500] IR SANYO protocol handler initialized
[    3.897000] IR Sharp protocol handler initialized
[    3.901367] IR MCE Keyboard/mouse protocol handler initialized
[    3.905706] IR XMP protocol handler initialized
[    3.911017] bcm2835-wdt 3f100000.watchdog: Broadcom BCM2835 watchdog timer
[    3.915817] bcm2835-cpufreq: min=600000 max=1200000
[    3.920632] sdhci: Secure Digital Host Controller Interface driver
[    3.925120] sdhci: Copyright(c) Pierre Ossman
[    3.929951] mmc-bcm2835 3f300000.mmc: could not get clk, deferring probe
[    3.934771] sdhost-bcm2835 3f202000.mmc: could not get clk, deferring probe
[    3.939374] Error: Driver 'sdhost-bcm2835' is already registered, aborting...
[    3.943983] sdhci-pltfm: SDHCI platform and OF driver helper
[    3.955900] ledtrig-cpu: registered to indicate activity on CPUs
[    3.960784] hidraw: raw HID events driver (C) Jiri Kosina
[    3.965645] usbcore: registered new interface driver usbhid
[    3.970282] usbhid: USB HID core driver
[    3.974956] optee: probing for conduit method from DT.
[    3.983648] optee: initialized driver
[    3.988535] Initializing XFRM netlink socket
[    3.993143] NET: Registered protocol family 17
[    3.997787] Key type dns_resolver registered
[    4.003427] registered taskstats version 1
[    4.007959] ima: No TPM chip found, activating TPM-bypass! (rc=-19)
[    4.012534] ima: Allocated hash algorithm: sha1
[    4.025488] uart-pl011 3f201000.serial: cts_event_workaround enabled
[    4.030295] 3f201000.serial: ttyAMA0 at MMIO 0x3f201000 (irq = 72, base_baud = 0) is a PL011 rev2
[    4.036748] console [ttyS0] disabled
[    4.041456] 3f215040.serial: ttyS0 at MMIO 0x0 (irq = 151, base_baud = 31250000) is a 16550
[    5.213338] console [ttyS0] enabled
[    5.224692] Indeed it is in host mode hprt0 = 00021501
[    5.240738] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
[    5.321486] mmc-bcm2835 3f300000.mmc: mmc_debug:0 mmc_debug2:0
[    5.332293] mmc-bcm2835 3f300000.mmc: DMA channel allocated
[    5.368298] sdhost: log_buf @ ffffff80080bd000 (fa044000)
[    5.398273] mmc1: queuing unknown CIS tuple 0x80 (2 bytes)
[    5.411451] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
[    5.423275] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
[    5.433552] usb 1-1: new high-speed USB device number 2 using dwc_otg
[    5.433709] mmc0: sdhost-bcm2835 loaded - DMA enabled (>1)
[    5.435556] of_cfs_init
[    5.435665] of_cfs_init: OK
[    5.435874] Indeed it is in host mode hprt0 = 00001101
[    5.535748] mmc1: queuing unknown CIS tuple 0x80 (7 bytes)
[    5.616321] mmc0: host does not support reading read-only switch, assuming write-enable
[    5.631216] mmc0: new high speed SDHC card at address 0001
[    5.642014] bounce: isa pool size: 16 pages
[    5.651306] mmcblk0: mmc0:0001 EB1QT 29.8 GiB
[    5.662334]  mmcblk0: p1 p2
[    5.669932] random: fast init done
[    5.681600] usb 1-1: New USB device found, idVendor=0424, idProduct=9514
[    5.693254] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    5.705995] hub 1-1:1.0: USB hub found
[    5.714756] hub 1-1:1.0: 5 ports detected
[    5.762390] mmc1: new high speed SDIO card at address 0001
[    6.010274] usb 1-1.1: new high-speed USB device number 3 using dwc_otg
[    6.109698] usb 1-1.1: New USB device found, idVendor=0424, idProduct=ec00
[    6.121503] usb 1-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    6.136598] smsc95xx v1.0.6
[    6.190655] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-3f980000.usb-1.1, smsc95xx USB 2.0 Ethernet, b8:27:eb:c3:4e:dc
[    6.506964] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
[    7.552523] random: crng init done
[    8.090192] smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xC1E1
[    8.114275] IP-Config: Guessing netmask 255.255.255.0
[    8.124560] IP-Config: Complete:
[    8.133084]      device=eth0, hwaddr=b8:27:eb:c3:4e:dc, ipaddr=192.168.1.100, mask=255.255.255.0, gw=255.255.255.255
[    8.149199]      host=192.168.1.100, domain=, nis-domain=(none)
[    8.160506]      bootserver=255.255.255.255, rootserver=192.168.1.5, rootpath=
[    9.223898] VFS: Mounted root (nfs filesystem) on device 0:16.
[    9.236189] devtmpfs: mounted
[    9.250405] Freeing unused kernel memory: 2752K
[   10.612055] systemd[1]: System time before build time, advancing clock.
[   11.327120] NET: Registered protocol family 10
[   11.340597] Segment Routing with IPv6
[   11.377635] ip_tables: (C) 2000-2006 Netfilter Core Team
[   14.835459] systemd-journald[89]: Received request to flush runtime journal from PID 1
[   17.114963] vchiq: module is from the staging directory, the quality is unknown, you have been warned.
[   18.187428] vchiq: vchiq_init_state: slot_zero = ffffff8008772000, is_master = 0
[   21.101112] brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43430-sdio.bin for chip 0x00a9a6(43430) rev 0x000001
[   21.122880] usbcore: registered new interface driver brcmfmac
[   21.154470] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.bin failed with error -2
[   22.186565] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50
[   23.212844] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50

^ permalink raw reply	[flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-03-07 17:15 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-18  9:36 IMA fails to see TPM chip (rpi3, linaro optee) Markku Savela
2019-02-18 10:13 ` Markku Savela
2019-02-20  8:14   ` Markku Savela
2019-02-21  9:08     ` Markku Savela
2019-02-21 12:49       ` Mimi Zohar
2019-02-21 13:17         ` Markku Savela
2019-02-21 13:23           ` Markku Savela
2019-02-26  8:12             ` Markku Savela
2019-02-26 12:14               ` Mimi Zohar
2019-02-26 12:38                 ` Ard Biesheuvel
2019-02-26 14:04                   ` Mimi Zohar
2019-02-26 18:09                     ` Jarkko Sakkinen
2019-02-26 19:05                       ` Mimi Zohar
2019-03-07 17:15                 ` James Bottomley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).