Re: tpm for AMD Ryzen

From: Johannes Totz <jo_at_bruelltuete.com>
Date: Wed, 28 Jun 2023 12:52:01 UTC
On 19/06/2023 19:57, Enji Cooper wrote:
> 
>> On Jun 19, 2023, at 11:09 AM, Johannes Totz <jo@bruelltuete.com> wrote:
>>
>> Hi everyone,
>>
>> I'm trying to get the (f)TPM that comes with AMD's Zen2 to work.
>> BIOS config screen says it's doing CRB mode.
>>
>> So I start poking in tpm_crb.c https://github.com/freebsd/freebsd-src/blob/main/sys/dev/tpm/tpm_crb.c
>>
>> Out of the box, it does not attach. The TPM2 ACPI table says its start method is 2 (aka ACPI). That's easy to hack around, just mess with the if-condition at https://github.com/freebsd/freebsd-src/blob/main/sys/dev/tpm/tpm_crb.c#L115
>>
>> With that adjusted, tpmcrb now probes successfully but does not attach.
>>
>> As far as I can tell the register values it tries to read from the ACPI-provided memory window are just bogus.
>>
>> That makes me suspect that the BIOS has misconfigured it. The TPM2 table has a different address than what's reported at runtime.
>> The table says 0xfd210510 is the (physical) address, but acpi says it's 0xbd13f000.
>>
>> Fiddling about with hint.tpmcrb.0.maddr and friends does not yield anything fruitful: anything I try to override with hints is just ignored.
>> Hacking in a
>> bus_set_resource(dev, SYS_RES_MEMORY, ... 0xfd210510 ...);
>> ends up giving me that override but still no dice re actual tpm functionality.
>>
>> Has anyone gotten the tpm to work on (consumer) Ryzen?
> 
> Hi Johannes,
> 	I just built a Ryzen machine too with an ASUS Motherboard. Could you please post the hack that you did to the if-else statement up on gist so I can take a look at it?

Just chop out the the tbl->StartMethod condition at 
https://github.com/freebsd/freebsd-src/blob/main/sys/dev/tpm/tpm_crb.c#L116. 
For probing and attach you don't need the start method (as far as I 
understand the spec).

You can check with 'acpidump -t | grep -A 5 TPM' what your start method is.

Mine is:
TPM2: Length=76, Revision=4, Checksum=183,
       OEMID=ALASKA, OEM Table ID=A M I, OEM Revision=0x1,
       Creator ID=AMI, Creator Revision=0x0
               ControlArea=fd210510
               StartMethod=2


> 	Also, if you can post "boot -v” and “pciconf -lv” output to separate gists, that would be super helpful :).

verbose boot is inconvenient.
Here's pciconf:

hostb0@pci0:0:0:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1480 subvendor=0x1022 subdevice=0x1480
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse Root Complex'
     class      = bridge
     subclass   = HOST-PCI
hostb1@pci0:0:1:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
pcib1@pci0:0:1:1:       class=0x060400 rev=0x00 hdr=0x01 vendor=0x1022 
device=0x1483 subvendor=0x1022 subdevice=0x1234
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse GPP Bridge'
     class      = bridge
     subclass   = PCI-PCI
hostb2@pci0:0:2:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
hostb3@pci0:0:3:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
hostb4@pci0:0:4:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
hostb5@pci0:0:5:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
hostb6@pci0:0:7:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
pcib11@pci0:0:7:1:      class=0x060400 rev=0x00 hdr=0x01 vendor=0x1022 
device=0x1484 subvendor=0x1022 subdevice=0x1484
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse Internal PCIe GPP Bridge 0 to bus[E:B]'
     class      = bridge
     subclass   = PCI-PCI
hostb7@pci0:0:8:0:      class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1482 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Host Bridge'
     class      = bridge
     subclass   = HOST-PCI
pcib12@pci0:0:8:1:      class=0x060400 rev=0x00 hdr=0x01 vendor=0x1022 
device=0x1484 subvendor=0x1022 subdevice=0x1484
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse Internal PCIe GPP Bridge 0 to bus[E:B]'
     class      = bridge
     subclass   = PCI-PCI
intsmb0@pci0:0:20:0:    class=0x0c0500 rev=0x61 hdr=0x00 vendor=0x1022 
device=0x790b subvendor=0x1565 subdevice=0x370b
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'FCH SMBus Controller'
     class      = serial bus
     subclass   = SMBus
isab0@pci0:0:20:3:      class=0x060100 rev=0x51 hdr=0x00 vendor=0x1022 
device=0x790e subvendor=0x1565 subdevice=0x370b
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'FCH LPC Bridge'
     class      = bridge
     subclass   = PCI-ISA
hostb8@pci0:0:24:0:     class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1440 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 0'
     class      = bridge
     subclass   = HOST-PCI
hostb9@pci0:0:24:1:     class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1441 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 1'
     class      = bridge
     subclass   = HOST-PCI
hostb10@pci0:0:24:2:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1442 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 2'
     class      = bridge
     subclass   = HOST-PCI
hostb11@pci0:0:24:3:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1443 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 3'
     class      = bridge
     subclass   = HOST-PCI
hostb12@pci0:0:24:4:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1444 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 4'
     class      = bridge
     subclass   = HOST-PCI
hostb13@pci0:0:24:5:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1445 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 5'
     class      = bridge
     subclass   = HOST-PCI
hostb14@pci0:0:24:6:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1446 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 6'
     class      = bridge
     subclass   = HOST-PCI
hostb15@pci0:0:24:7:    class=0x060000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1447 subvendor=0x0000 subdevice=0x0000
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse/Vermeer Data Fabric: Device 18h; Function 7'
     class      = bridge
     subclass   = HOST-PCI
none0@pci0:1:0:0:       class=0x0c0330 rev=0x01 hdr=0x00 vendor=0x1022 
device=0x43d0 subvendor=0x1b21 subdevice=0x1142
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     class      = serial bus
     subclass   = USB
ahci0@pci0:1:0:1:       class=0x010601 rev=0x01 hdr=0x00 vendor=0x1022 
device=0x43c8 subvendor=0x1b21 subdevice=0x1062
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset SATA Controller'
     class      = mass storage
     subclass   = SATA
pcib2@pci0:1:0:2:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c6 subvendor=0x1b21 subdevice=0x0201
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Bridge'
     class      = bridge
     subclass   = PCI-PCI
pcib3@pci0:2:0:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib4@pci0:2:1:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib5@pci0:2:2:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib6@pci0:2:3:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib7@pci0:2:4:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib8@pci0:2:5:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib9@pci0:2:6:0:       class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
pcib10@pci0:2:7:0:      class=0x060400 rev=0x01 hdr=0x01 vendor=0x1022 
device=0x43c7 subvendor=0x1b21 subdevice=0x3306
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = '400 Series Chipset PCIe Port'
     class      = bridge
     subclass   = PCI-PCI
re0@pci0:4:0:0: class=0x020000 rev=0x15 hdr=0x00 vendor=0x10ec 
device=0x8168 subvendor=0x1565 subdevice=0x2312
     vendor     = 'Realtek Semiconductor Co., Ltd.'
     device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet 
Controller'
     class      = network
     subclass   = ethernet
none1@pci0:11:0:0:      class=0x130000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x148a subvendor=0x1022 subdevice=0x148a
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse PCIe Dummy Function'
     class      = non-essential instrumentation
none2@pci0:12:0:0:      class=0x130000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1485 subvendor=0x1022 subdevice=0x1485
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse Reserved SPP'
     class      = non-essential instrumentation
none3@pci0:12:0:1:      class=0x108000 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1486 subvendor=0x1022 subdevice=0x1486
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse Cryptographic Coprocessor PSPCPP'
     class      = encrypt/decrypt
none4@pci0:12:0:3:      class=0x0c0330 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x149c subvendor=0x1565 subdevice=0x370b
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Matisse USB 3.0 Host Controller'
     class      = serial bus
     subclass   = USB
none5@pci0:12:0:4:      class=0x040300 rev=0x00 hdr=0x00 vendor=0x1022 
device=0x1487 subvendor=0x1565 subdevice=0x824c
     vendor     = 'Advanced Micro Devices, Inc. [AMD]'
     device     = 'Starship/Matisse HD Audio Controller'
     class      = multimedia
     subclass   = HDA


> Cheers!
> -Enji