Re: TPM2 on AMD Rizen (fTPM)

From: Andrea Cocito <andrea_at_cocito.eu>
Date: Tue, 06 Feb 2024 15:25:37 UTC
Thanks for the reference,

Despite a long search I had not seen that thread; it’s a lot helpful as it can head me at the pertinent parts in the source.

I’ll try to take a look at the code.

A.

> On 6 Feb 2024, at 00:45, Johannes Totz <jo@bruelltuete.com> wrote:
> 
> On 04/02/2024 13:43, Andrea Cocito wrote:
>> Hello again,
>> First thing: apologies for my email client messing up with charset encoding, hope is fixed now.
>> Second, I add some detail/information.
>> The machine is a bare metal on Hetzner, I do not have many details, it’s an AMD Ryzen 9 3900 12-Core/24-Threads toy with some motherboard using American Megatrends firmware; unfortunately I have very limited access to the console (one hour upon request…).
>> As said the “fTPM” has been enabled in the firmare, and I also tried all the possible combinations of the settings in the firmware which could seem anyhow pertinent (SCM etc).
>> The kernel is a custom-built one, simply stripped down to include statically all used devices/modules and drop the rest, compiled with -march=native as all the userland; no problem in rebooting with the GENERIC kernel, but I cannot imagine how it could help.
>> Should any additional information be useful to give me some advice just ask, the machine is there to experiment.
>> Thanks for any advice,
>> A.
> 
> I have previously made an attempt but got nowhere: https://lists.freebsd.org/archives/freebsd-hackers/2023-June/002334.html
> 
> 
> cheers,
> 
> Johannes
> 
>>> On 3 Feb 2024, at 18:21, Andrea Cocito <andrea@cocito.eu> wrote:
>>> 
>>> Hi,
>>> 
>>> I’m trying to enable TPM support on a box in order to experiment a bit with it, but the driver does not seem to load and/or see the device.
>>> 
>>> In the firmware the “fTPM” option has been enabled, tried both with SCM enabled and disabled, basically I tried all the possible firmware options combinations with no success.
>>> 
>>> I have tpm_load=“YES” in /boot/loader.conf and also tried the hints suggested by the man page is /boot/device.hints
>>> 
>>> No way to have the tpm? device(s) appear, the best I achieved so far on dmesg in a verbose boot is:
>>> …
>>> Preloaded elf obj module "/boot/kernel.old/geom_mirror.ko" at 0xffffffff8196d8c0.
>>> Preloaded elf obj module "/boot/kernel.old/tpm.ko" at 0xffffffff8196dfb0.
>>> …
>>> tpm0 failed to probe at iomem 0xfffffffffed40000-0xfffffffffed44fff on isa0
>>> tpm1 failed to probe at iomem 0xfffffffffed40000-0xfffffffffed40fff on isa0
>>> …
>>> 
>>> I am all but an expert about TPM architecture (this is why I am willing to play with it), but as far as I understand AMD’s fTPM is a TPM2 built into the CPU, I have no idea on which bus it should be seen and how.
>>> 
>>> So my questions are:
>>> - Is AMD’s fTPM supported at all by the driver?
>>> - Am I missing something very obvious?
>>> 
>>> I have been digging around for information quite a bit, but there does not seem to be much information around. Hope I am hitting the correct list (accept my apologies if it is not).
>>> 
>>> Thanks in advance for any advice.