Date: Sun, 04 Feb 2024 16:13:33 +0100 From: Daniel Engberg <daniel.engberg.lists@pyret.net> To: Andrea Cocito <andrea@cocito.eu> Cc: freebsd-hackers@freebsd.org Subject: Re: TPM2 on AMD Rizen (fTPM) Message-ID: <d6c8cba2c9348e9fc226f83ef5662094@mail.infomaniak.com> In-Reply-To: <71AF606D-1685-43E5-9455-E1882EAECE96@cocito.eu> References: <51A26E14-9374-4B1A-9DA1-A9E2A2B4E2EA@cocito.eu> <71AF606D-1685-43E5-9455-E1882EAECE96@cocito.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--_=_swift_1707059613_aa21c9bd060e13e37561d897574558a8_=_ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Given the commit history I don't think it's supported yet. ht= tps://cgit.freebsd.org/src/log/sys/dev/tpm Best regards, Daniel= On 2024-02-04T14:43:03.000+01:00, Andrea Cocito <andrea@cocito.eu> = wrote: >=C2=A0Hello=C2=A0again, >=C2=A0 >=C2=A0First=C2=A0thing:= =C2=A0apologies=C2=A0for=C2=A0my=C2=A0email=C2=A0client=C2=A0messing=C2= =A0up=C2=A0with=C2=A0charset=C2=A0encoding,=C2=A0hope=C2=A0is=C2=A0fixed= =C2=A0now. >=C2=A0 >=C2=A0Second,=C2=A0I=C2=A0add=C2=A0some=C2=A0detail= /information. >=C2=A0 >=C2=A0The=C2=A0machine=C2=A0is=C2=A0a=C2=A0bare= =C2=A0metal=C2=A0on=C2=A0Hetzner,=C2=A0I=C2=A0do=C2=A0not=C2=A0have=C2= =A0many=C2=A0details,=C2=A0it=E2=80=99s=C2=A0an=C2=A0AMD=C2=A0Ryzen=C2= =A09=C2=A03900=C2=A012-Core/24-Threads=C2=A0toy=C2=A0with=C2=A0some=C2= =A0motherboard=C2=A0using=C2=A0American=C2=A0Megatrends=C2=A0firmware;= =C2=A0unfortunately=C2=A0I=C2=A0have=C2=A0very=C2=A0limited=C2=A0access= =C2=A0to=C2=A0the=C2=A0console=C2=A0(one=C2=A0hour=C2=A0upon=C2=A0request= =E2=80=A6). >=C2=A0 >=C2=A0As=C2=A0said=C2=A0the=C2=A0=E2=80=9CfTPM= =E2=80=9D=C2=A0has=C2=A0been=C2=A0enabled=C2=A0in=C2=A0the=C2=A0firmare,= =C2=A0and=C2=A0I=C2=A0also=C2=A0tried=C2=A0all=C2=A0the=C2=A0possible=C2= =A0combinations=C2=A0of=C2=A0the=C2=A0settings=C2=A0in=C2=A0the=C2=A0firmwa= re=C2=A0which=C2=A0could=C2=A0seem=C2=A0anyhow=C2=A0pertinent=C2=A0(SCM= =C2=A0etc). >=C2=A0 >=C2=A0The=C2=A0kernel=C2=A0is=C2=A0a=C2=A0custom-b= uilt=C2=A0one,=C2=A0simply=C2=A0stripped=C2=A0down=C2=A0to=C2=A0include= =C2=A0statically=C2=A0all=C2=A0used=C2=A0devices/modules=C2=A0and=C2=A0drop= =C2=A0the=C2=A0rest,=C2=A0compiled=C2=A0with=C2=A0-march=3Dnative=C2=A0as= =C2=A0all=C2=A0the=C2=A0userland;=C2=A0no=C2=A0problem=C2=A0in=C2=A0rebooti= ng=C2=A0with=C2=A0the=C2=A0GENERIC=C2=A0kernel,=C2=A0but=C2=A0I=C2=A0cannot= =C2=A0imagine=C2=A0how=C2=A0it=C2=A0could=C2=A0help. >=C2=A0 >=C2=A0Sho= uld=C2=A0any=C2=A0additional=C2=A0information=C2=A0be=C2=A0useful=C2=A0to= =C2=A0give=C2=A0me=C2=A0some=C2=A0advice=C2=A0just=C2=A0ask,=C2=A0the=C2= =A0machine=C2=A0is=C2=A0there=C2=A0to=C2=A0experiment. >=C2=A0 >=C2= =A0Thanks=C2=A0for=C2=A0any=C2=A0advice, >=C2=A0 >=C2=A0A. >=C2=A0 = >>=C2=A0=C2=A0On=C2=A03=C2=A0Feb=C2=A02024,=C2=A0at=C2=A018:21,=C2=A0Andrea= =C2=A0Cocito=C2=A0<andrea@cocito.eu>=C2=A0wrote: >>=C2=A0=C2=A0 >>= =C2=A0=C2=A0=C2=A0Hi, >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0I=E2=80=99m= =C2=A0trying=C2=A0to=C2=A0enable=C2=A0TPM=C2=A0support=C2=A0on=C2=A0a=C2= =A0box=C2=A0in=C2=A0order=C2=A0to >>=C2=A0=C2=A0experiment=C2=A0a=C2= =A0bit=C2=A0with=C2=A0it,=C2=A0but=C2=A0the=C2=A0driver=C2=A0does=C2=A0not= =C2=A0seem=C2=A0to=C2=A0load >>=C2=A0=C2=A0and/or=C2=A0see=C2=A0the=C2= =A0device. >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0In=C2=A0the=C2=A0firmware= =C2=A0the=C2=A0=E2=80=9CfTPM=E2=80=9D=C2=A0option=C2=A0has=C2=A0been=C2= =A0enabled,=C2=A0tried >>=C2=A0=C2=A0both=C2=A0with=C2=A0SCM=C2=A0enabled= =C2=A0and=C2=A0disabled,=C2=A0basically=C2=A0I=C2=A0tried=C2=A0all=C2=A0the= >>=C2=A0=C2=A0possible=C2=A0firmware=C2=A0options=C2=A0combinations= =C2=A0with=C2=A0no=C2=A0success. >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0I= =C2=A0have=C2=A0tpm_load=3D=E2=80=9CYES=E2=80=9D=C2=A0in=C2=A0/boot/loader.= conf=C2=A0and=C2=A0also=C2=A0tried=C2=A0the >>=C2=A0=C2=A0hints=C2=A0sugg= ested=C2=A0by=C2=A0the=C2=A0man=C2=A0page=C2=A0is=C2=A0/boot/device.hints= >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0No=C2=A0way=C2=A0to=C2=A0have=C2= =A0the=C2=A0tpm?=C2=A0device(s)=C2=A0appear,=C2=A0the=C2=A0best=C2=A0I= =C2=A0achieved=C2=A0so >>=C2=A0=C2=A0far=C2=A0on=C2=A0dmesg=C2=A0in=C2= =A0a=C2=A0verbose=C2=A0boot=C2=A0is: >>=C2=A0=C2=A0 >>=C2=A0=C2=A0= =C2=A0=E2=80=A6 >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0Preloaded=C2=A0elf= =C2=A0obj=C2=A0module=C2=A0"/boot/kernel.old/geom_mirror.ko"=C2=A0at >>= =C2=A0=C2=A00xffffffff8196d8c0. >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0Prel= oaded=C2=A0elf=C2=A0obj=C2=A0module=C2=A0"/boot/kernel.old/tpm.ko"=C2=A0at= >>=C2=A0=C2=A00xffffffff8196dfb0. >>=C2=A0=C2=A0 >>=C2=A0=C2=A0= =C2=A0=E2=80=A6 >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0tpm0=C2=A0failed= =C2=A0to=C2=A0probe=C2=A0at=C2=A0iomem >>=C2=A0=C2=A00xfffffffffed40000-0= xfffffffffed44fff=C2=A0on=C2=A0isa0 >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2= =A0tpm1=C2=A0failed=C2=A0to=C2=A0probe=C2=A0at=C2=A0iomem >>=C2=A0=C2= =A00xfffffffffed40000-0xfffffffffed40fff=C2=A0on=C2=A0isa0 >>=C2=A0=C2= =A0 >>=C2=A0=C2=A0=C2=A0=E2=80=A6 >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2= =A0I=C2=A0am=C2=A0all=C2=A0but=C2=A0an=C2=A0expert=C2=A0about=C2=A0TPM= =C2=A0architecture=C2=A0(this=C2=A0is=C2=A0why=C2=A0I=C2=A0am >>=C2=A0= =C2=A0willing=C2=A0to=C2=A0play=C2=A0with=C2=A0it),=C2=A0but=C2=A0as=C2= =A0far=C2=A0as=C2=A0I=C2=A0understand=C2=A0AMD=E2=80=99s=C2=A0fTPM >>= =C2=A0=C2=A0is=C2=A0a=C2=A0TPM2=C2=A0built=C2=A0into=C2=A0the=C2=A0CPU,= =C2=A0I=C2=A0have=C2=A0no=C2=A0idea=C2=A0on=C2=A0which=C2=A0bus=C2=A0it >= >=C2=A0=C2=A0should=C2=A0be=C2=A0seen=C2=A0and=C2=A0how. >>=C2=A0=C2= =A0 >>=C2=A0=C2=A0=C2=A0So=C2=A0my=C2=A0questions=C2=A0are: >>=C2=A0= =C2=A0 >>=C2=A0=C2=A0=C2=A0-=C2=A0Is=C2=A0AMD=E2=80=99s=C2=A0fTPM=C2= =A0supported=C2=A0at=C2=A0all=C2=A0by=C2=A0the=C2=A0driver? >>=C2=A0= =C2=A0 >>=C2=A0=C2=A0=C2=A0-=C2=A0Am=C2=A0I=C2=A0missing=C2=A0something= =C2=A0very=C2=A0obvious? >>=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0I=C2=A0have= =C2=A0been=C2=A0digging=C2=A0around=C2=A0for=C2=A0information=C2=A0quite= =C2=A0a=C2=A0bit,=C2=A0but=C2=A0there >>=C2=A0=C2=A0does=C2=A0not=C2= =A0seem=C2=A0to=C2=A0be=C2=A0much=C2=A0information=C2=A0around.=C2=A0Hope= =C2=A0I=C2=A0am=C2=A0hitting=C2=A0the >>=C2=A0=C2=A0correct=C2=A0list= =C2=A0(accept=C2=A0my=C2=A0apologies=C2=A0if=C2=A0it=C2=A0is=C2=A0not). >= >=C2=A0=C2=A0 >>=C2=A0=C2=A0=C2=A0Thanks=C2=A0in=C2=A0advance=C2=A0for= =C2=A0any=C2=A0advice. --_=_swift_1707059613_aa21c9bd060e13e37561d897574558a8_=_ Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <div>Hi,<br></div><div><br></div><div>Given the commit history I don't thin= k it's supported yet.<br></div><div><a href=3D"https://cgit.freebsd.org/src= /log/sys/dev/tpm" target=3D"_blank" rel=3D"noopener noreferrer" data-ik=3D"= ik-secure">https://cgit.freebsd.org/src/log/sys/dev/tpm</a><br></div><div><= br></div><div>Best regards,<br></div><div>Daniel<br></div><div ><div><br></= div></div><div><br></div><div class=3D"ik_mail_quote answerContentMessage">= <div>On 2024-02-04T14:43:03.000+01:00, Andrea Cocito <andrea@cocito.eu&g= t; wrote:<br></div><blockquote class=3D"ws-ng-quote"><pre style=3D"white-sp= ace: normal;"><div>Hello again,<br></div><div><br></div><div>First thing: a= pologies for my email client messing up with charset encoding, hope is fixe= d now.<br></div><div><br></div><div>Second, I add some detail/information.<= br></div><div><br></div><div>The machine is a bare metal on Hetzner, I do n= ot have many details, it=E2=80=99s an AMD Ryzen 9 3900 12-Core/24-Threads t= oy with some motherboard using American Megatrends firmware; unfortunately = I have very limited access to the console (one hour upon request=E2=80= =A6).<br></div><div><br></div><div>As said the =E2=80=9CfTPM=E2=80=9D has b= een enabled in the firmare, and I also tried all the possible combinations = of the settings in the firmware which could seem anyhow pertinent (SCM etc)= .<br></div><div><br></div><div>The kernel is a custom-built one, simply str= ipped down to include statically all used devices/modules and drop the rest= , compiled with -march=3Dnative as all the userland; no problem in rebootin= g with the GENERIC kernel, but I cannot imagine how it could help.<br></div= ><div><br></div><div>Should any additional information be useful to give me= some advice just ask, the machine is there to experiment.<br></div><div><b= r></div><div>Thanks for any advice,<br></div><div><br></div><div>A.<br></di= v><div><br></div><div><br></div><blockquote class=3D"ws-ng-quote"><div> On= 3 Feb 2024, at 18:21, Andrea Cocito <<a class=3D"defaultMailLink" href= =3D"mailto:andrea@cocito.eu">andrea@cocito.eu</a>> wrote:<br></div><div>= <br></div><div> Hi,<br></div><div> <br></div><div> I=E2=80=99m trying to e= nable TPM support on a box in order to experiment a bit with it, but the dr= iver does not seem to load and/or see the device.<br></div><div> <br></div>= <div> In the firmware the =E2=80=9CfTPM=E2=80=9D option has been enabled, t= ried both with SCM enabled and disabled, basically I tried all the possible= firmware options combinations with no success.<br></div><div> <br></div><d= iv> I have tpm_load=3D=E2=80=9CYES=E2=80=9D in /boot/loader.conf and also t= ried the hints suggested by the man page is /boot/device.hints<br></div><di= v> <br></div><div> No way to have the tpm? device(s) appear, the best I ach= ieved so far on dmesg in a verbose boot is:<br></div><div> =E2=80=A6<br></d= iv><div> Preloaded elf obj module "/boot/kernel.old/geom_mirror.ko" at 0xff= ffffff8196d8c0.<br></div><div> Preloaded elf obj module "/boot/kernel.old/t= pm.ko" at 0xffffffff8196dfb0.<br></div><div> =E2=80=A6<br></div><div> tpm0 = failed to probe at iomem 0xfffffffffed40000-0xfffffffffed44fff on isa0<br><= /div><div> tpm1 failed to probe at iomem 0xfffffffffed40000-0xfffffffffed40= fff on isa0<br></div><div> =E2=80=A6<br></div><div> <br></div><div> I am al= l but an expert about TPM architecture (this is why I am willing to play wi= th it), but as far as I understand AMD=E2=80=99s fTPM is a TPM2 built into = the CPU, I have no idea on which bus it should be seen and how.<br></div><d= iv> <br></div><div> So my questions are:<br></div><div> - Is AMD=E2=80= =99s fTPM supported at all by the driver?<br></div><div> - Am I missing som= ething very obvious?<br></div><div> <br></div><div> I have been digging aro= und for information quite a bit, but there does not seem to be much informa= tion around. Hope I am hitting the correct list (accept my apologies if it = is not).<br></div><div> <br></div><div> Thanks in advance for any advice.<b= r></div></blockquote></pre></blockquote></div><div><br></div> --_=_swift_1707059613_aa21c9bd060e13e37561d897574558a8_=_--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d6c8cba2c9348e9fc226f83ef5662094>