From nobody Sun Feb 4 13:43:03 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TSW1N08XBz59nhh for ; Sun, 4 Feb 2024 13:43:20 +0000 (UTC) (envelope-from andrea@cocito.eu) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TSW1M18mwz4WYj for ; Sun, 4 Feb 2024 13:43:18 +0000 (UTC) (envelope-from andrea@cocito.eu) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cocito-eu.20230601.gappssmtp.com header.s=20230601 header.b=kOtbCNPk; dmarc=none; spf=pass (mx1.freebsd.org: domain of andrea@cocito.eu designates 2a00:1450:4864:20::336 as permitted sender) smtp.mailfrom=andrea@cocito.eu Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-40fd446d4ceso6694515e9.2 for ; Sun, 04 Feb 2024 05:43:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cocito-eu.20230601.gappssmtp.com; s=20230601; t=1707054195; x=1707658995; darn=freebsd.org; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=/me2u4EpBighIKaR0GIMISRg9CX6NvmWp/w2Jd2Vs88=; b=kOtbCNPkm86BBW3Jh9TCPs4aC44newFQyUV3xheW1gyw+u10dO0sRfwip5jsCc1LnA 0PcoX7m0eaZTOknnNClGagkUhPSF4nIAYUEC6x+K+EhP40BaYgC8x2Lcn7kdmuMJWxUy Upk+tXqpu32OCnvZKyPETHwBVuI5xpKZQBvlr8o/O5mosEK8MRfKAo7hWkqj23rSV3iN fHArtdOL6wMYmnGvR4dE8uJPL4BA0yjp9DMXxFF2OC/yKYA606Jk3Wsa/IV1Io6yvDMQ cQjqP03lLo5V+BOc2zZMN0rM6RbahqP2KGV3bLB1OSflMMoLdln/1A+6ysJSG99abWQp S7Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707054195; x=1707658995; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/me2u4EpBighIKaR0GIMISRg9CX6NvmWp/w2Jd2Vs88=; b=OjX5MsQr0MF/jn9ThjAED7QcKs0eImoASjZnkvlT8z6/TWaaP1UKG0NMQAY84zf9Az xPuuhe19c6843bktqKx9zcRy5d3HqC3bM3FAimZnpXtwXNYvBjh+bSKbtBBSPaWVJsGY KrXx23UkH4ZhOklS+a8o4rT51iJdMz+ob272DSbq+ulWhfaQOQsZ0I1aE2vDEx/oD+gX s4ieGp2dOHvq5pncUkpjjA+unnMfCcCeXSaJuChClzQslmd1dwQqNlMS3S2sEyCNtCM6 ZI2/4L05b1XbKxG6KzTmVOanap6K3Xfxcdzn2D+K4JpmqPGoWkOywKrAg+V+6ZVZtiaU Pu0g== X-Gm-Message-State: AOJu0YwlcoKWmJoJ403qzqZCnCbJB0IP5i3WBBsT7tkc4ix+5ZTEVQSD HVtBDqTxEPdDCYAB+YHCk6+ppxIasEUELLEVzixOlX89ElImajcJt1W/QiJCobIxs9WAxB2BEdI D X-Google-Smtp-Source: AGHT+IFfAJ3aG2rlW3ufvjgx8TH65axuXJnNnwTVgnLdteaVNj9JceSSye2hu1zUIAKQVMvmeJ1g8g== X-Received: by 2002:a05:600c:3d9b:b0:40e:f5d0:8517 with SMTP id bi27-20020a05600c3d9b00b0040ef5d08517mr2738387wmb.33.1707054194672; Sun, 04 Feb 2024 05:43:14 -0800 (PST) Received: from smtpclient.apple ([185.8.198.100]) by smtp.gmail.com with ESMTPSA id fs11-20020a05600c3f8b00b0040fb783ad93sm5735193wmb.48.2024.02.04.05.43.13 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 04 Feb 2024 05:43:14 -0800 (PST) From: Andrea Cocito Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\)) Subject: Re: TPM2 on AMD Rizen (fTPM) Date: Sun, 4 Feb 2024 14:43:03 +0100 References: <51A26E14-9374-4B1A-9DA1-A9E2A2B4E2EA@cocito.eu> To: freebsd-hackers@freebsd.org In-Reply-To: <51A26E14-9374-4B1A-9DA1-A9E2A2B4E2EA@cocito.eu> Message-Id: <71AF606D-1685-43E5-9455-E1882EAECE96@cocito.eu> X-Mailer: Apple Mail (2.3774.300.61.1.2) X-Spamd-Bar: -- X-Spamd-Result: default: False [-3.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MV_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[cocito-eu.20230601.gappssmtp.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[cocito.eu]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::336:from]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[cocito-eu.20230601.gappssmtp.com:+] X-Rspamd-Queue-Id: 4TSW1M18mwz4WYj Hello again, First thing: apologies for my email client messing up with charset = encoding, hope is fixed now. Second, I add some detail/information. The machine is a bare metal on Hetzner, I do not have many details, = it=E2=80=99s an AMD Ryzen 9 3900 12-Core/24-Threads toy with some = motherboard using American Megatrends firmware; unfortunately I have = very limited access to the console (one hour upon request=E2=80=A6). As said the =E2=80=9CfTPM=E2=80=9D has been enabled in the firmare, and = I also tried all the possible combinations of the settings in the = firmware which could seem anyhow pertinent (SCM etc). The kernel is a custom-built one, simply stripped down to include = statically all used devices/modules and drop the rest, compiled with = -march=3Dnative as all the userland; no problem in rebooting with the = GENERIC kernel, but I cannot imagine how it could help. Should any additional information be useful to give me some advice just = ask, the machine is there to experiment. Thanks for any advice, A. > On 3 Feb 2024, at 18:21, Andrea Cocito wrote: >=20 > Hi, >=20 > I=E2=80=99m trying to enable TPM support on a box in order to = experiment a bit with it, but the driver does not seem to load and/or = see the device. >=20 > In the firmware the =E2=80=9CfTPM=E2=80=9D option has been enabled, = tried both with SCM enabled and disabled, basically I tried all the = possible firmware options combinations with no success. >=20 > I have tpm_load=3D=E2=80=9CYES=E2=80=9D in /boot/loader.conf and also = tried the hints suggested by the man page is /boot/device.hints >=20 > No way to have the tpm? device(s) appear, the best I achieved so far = on dmesg in a verbose boot is: > =E2=80=A6 > Preloaded elf obj module "/boot/kernel.old/geom_mirror.ko" at = 0xffffffff8196d8c0. > Preloaded elf obj module "/boot/kernel.old/tpm.ko" at = 0xffffffff8196dfb0. > =E2=80=A6 > tpm0 failed to probe at iomem 0xfffffffffed40000-0xfffffffffed44fff on = isa0 > tpm1 failed to probe at iomem 0xfffffffffed40000-0xfffffffffed40fff on = isa0 > =E2=80=A6 >=20 > I am all but an expert about TPM architecture (this is why I am = willing to play with it), but as far as I understand AMD=E2=80=99s fTPM = is a TPM2 built into the CPU, I have no idea on which bus it should be = seen and how. >=20 > So my questions are: > - Is AMD=E2=80=99s fTPM supported at all by the driver? > - Am I missing something very obvious? >=20 > I have been digging around for information quite a bit, but there does = not seem to be much information around. Hope I am hitting the correct = list (accept my apologies if it is not). >=20 > Thanks in advance for any advice.