Menu
▾
▴
tboot-devel
|
From: Cihula, J. <jos...@in...> - 2008-12-01 22:30:04
|
> From: Seiji Munetoh [mailto:sei...@gm...] > Sent: Monday, December 01, 2008 2:24 PM > > On Mon, Dec 1, 2008 at 4:53 PM, Marcin Obara > <mar...@us...> wrote: > > 2008/12/1 Seiji Munetoh <sei...@gm...>: > >> 2008/11/28 Marcin Obara <mar...@us...>: > >>> Linux is not supported by iTPM on these mobile platforms. > >>> iTPM on these platforms will work only with Windows OS-es. > >> > >> So, do we need special driver to access the iTPM? > > > > It is not driver issue. It is platform design. > > iTPM on these (mobile) platforms was designed to work only with > > Windows OS-es. It is not possible to use any TPM Linux driver on these > > platforms. > > iTPM on other (desktop) platforms should work with standard Linux - > > tpm_tis driver. > > So we can't use tboot & xen also on these platforms:-( > > thanks, > Seiji (cross-posting to tboot-devel since this question concerns that project) tboot will work fine on these systems, since it accesses the TPM directly through its MMIO interface. You will just have to use a non-Linux environment and tools to provision the TXT LCP and tboot policy indices. Joe |
|
From: Seiji M. <sei...@gm...> - 2008-12-02 07:08:23
|
On Tue, Dec 2, 2008 at 7:29 AM, Cihula, Joseph <jos...@in...> wrote:
>> From: Seiji Munetoh [mailto:sei...@gm...]
>> Sent: Monday, December 01, 2008 2:24 PM
>>
>> On Mon, Dec 1, 2008 at 4:53 PM, Marcin Obara
>> <mar...@us...> wrote:
>> > 2008/12/1 Seiji Munetoh <sei...@gm...>:
>> >> 2008/11/28 Marcin Obara <mar...@us...>:
>> >>> Linux is not supported by iTPM on these mobile platforms.
>> >>> iTPM on these platforms will work only with Windows OS-es.
>> >>
>> >> So, do we need special driver to access the iTPM?
>> >
>> > It is not driver issue. It is platform design.
>> > iTPM on these (mobile) platforms was designed to work only with
>> > Windows OS-es. It is not possible to use any TPM Linux driver on these
>> > platforms.
>> > iTPM on other (desktop) platforms should work with standard Linux -
>> > tpm_tis driver.
>>
>> So we can't use tboot & xen also on these platforms:-(
>>
>> thanks,
>> Seiji
>
> (cross-posting to tboot-devel since this question concerns that project)
>
> tboot will work fine on these systems, since it accesses
> the TPM directly through its MMIO interface. You will just have
> to use a non-Linux environment and tools to provision the
> TXT LCP and tboot policy indices.
I think tpm_tis driver also uses MMIO.
I have take a look the detail. and It seems there are two problems.
- iTPM on GM45 does not supports PNP
- It return wrong TIS status???
Here is Quick-and-dirty fix:
1) modify status check of tpm_tis_send() function.
e.g.
- if ((status & TPM_STS_DATA_EXPECT) == 0) {
+ if ((status & TPM_STS_VALID) == 0) {
and rebuild the tpm_tis driver
2) Force device probe rather than using ACPI entry
/sbin/modprobe tpm_tis force=1
if it returns error, try again.
then you can access the iTPM on GM45 from Linux.
regards,
Seiji
|
|
From: Seiji M. <sei...@gm...> - 2008-12-02 09:49:40
|
On Tue, Dec 2, 2008 at 4:08 PM, Seiji Munetoh
> I think tpm_tis driver also uses MMIO.
> I have take a look the detail. and It seems there are two problems.
> - iTPM on GM45 does not supports PNP
It has the following entry in DSDT.
---
<snip>
Device (TPM)
{
Method (_HID, 0, NotSerialized)
{
TPHY (0x00)
If (LEqual (TPMV, 0x01))
<snip>
---
However, Linux PNP detects the device based on the EisaID.
Also. I have check the TCG ACPI Specification. it does not
required EisaID as the HID.
---
_HID
Named object that provides the interface's Plug and Play
identifier. This value may be TPM vendor specific. _HID is
a standard device configuration control method defined in
the ACPI Specification.
Required only for devices that do not have standard enumeration mechanism.
---
We can use the device by modprobe with force=1 option.
But it may have power management issue.
regards,
Seiji
|
|
From: Ross P. <Ros...@ci...> - 2008-12-02 13:44:24
|
Seiji,
Yeah, I saw the same thing when I was trying to get it to work. I forced
it to load and saw the status check fail in the debugger. I think I
tried working around issue at the time by ignoring the status but
something failed downstream and I couldn't use the iTPM even though the
driver loaded and ready. Did you actually try sending it work to do -
you may find it still doesn't work? Anyway it was a while ago so I don't
remember all the details.
Thanks
Ross
-----Original Message-----
From: Seiji Munetoh [mailto:sei...@gm...]
Sent: Tuesday, December 02, 2008 2:08 AM
To: Cihula, Joseph
Cc: tbo...@li...; tpmdd-devel; Marcin Obara
Subject: Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45
On Tue, Dec 2, 2008 at 7:29 AM, Cihula, Joseph <jos...@in...>
wrote:
>> From: Seiji Munetoh [mailto:sei...@gm...]
>> Sent: Monday, December 01, 2008 2:24 PM
>>
>> On Mon, Dec 1, 2008 at 4:53 PM, Marcin Obara
>> <mar...@us...> wrote:
>> > 2008/12/1 Seiji Munetoh <sei...@gm...>:
>> >> 2008/11/28 Marcin Obara <mar...@us...>:
>> >>> Linux is not supported by iTPM on these mobile platforms.
>> >>> iTPM on these platforms will work only with Windows OS-es.
>> >>
>> >> So, do we need special driver to access the iTPM?
>> >
>> > It is not driver issue. It is platform design.
>> > iTPM on these (mobile) platforms was designed to work only with
>> > Windows OS-es. It is not possible to use any TPM Linux driver on
these
>> > platforms.
>> > iTPM on other (desktop) platforms should work with standard Linux -
>> > tpm_tis driver.
>>
>> So we can't use tboot & xen also on these platforms:-(
>>
>> thanks,
>> Seiji
>
> (cross-posting to tboot-devel since this question concerns that
project)
>
> tboot will work fine on these systems, since it accesses
> the TPM directly through its MMIO interface. You will just have
> to use a non-Linux environment and tools to provision the
> TXT LCP and tboot policy indices.
I think tpm_tis driver also uses MMIO.
I have take a look the detail. and It seems there are two problems.
- iTPM on GM45 does not supports PNP
- It return wrong TIS status???
Here is Quick-and-dirty fix:
1) modify status check of tpm_tis_send() function.
e.g.
- if ((status & TPM_STS_DATA_EXPECT) == 0) {
+ if ((status & TPM_STS_VALID) == 0) {
and rebuild the tpm_tis driver
2) Force device probe rather than using ACPI entry
/sbin/modprobe tpm_tis force=1
if it returns error, try again.
then you can access the iTPM on GM45 from Linux.
regards,
Seiji
------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
tboot-devel mailing list
tbo...@li...
https://lists.sourceforge.net/lists/listinfo/tboot-devel
|
|
From: Seiji M. <sei...@gm...> - 2008-12-04 10:41:39
|
Hi Ross, On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson <Ros...@ci...> wrote: > Yeah, I saw the same thing when I was trying to get it to work. I forced > it to load and saw the status check fail in the debugger. I think I > tried working around issue at the time by ignoring the status but > something failed downstream and I couldn't use the iTPM even though the > driver loaded and ready. Did you actually try sending it work to do - > you may find it still doesn't work? Anyway it was a while ago so I don't > remember all the details. I can take the ownership of iTPM, but don't run testsuite. I have take a look the tpm_tis code a bit more. "default time out" values should be set before call request_locality() in tpm_tis_init function. This is the reason why first modprobe with force=1 is fail. regards, Seiji |
|
From: Jonathan M. M. <jon...@cm...> - 2008-12-05 13:45:07
|
Can anybody confirm that tboot did (not should :-) work on one of these systems, nevermind the Linux TPM driver? Thanks, -Jon Ross Philipson wrote: > > "default time out" values should be set before call request_locality() > > in tpm_tis_init function. > I saw that too and modified something to get the driver to load. Dang, > I should have written down what I was doing at the time. > > Ross > > > ------------------------------------------------------------------------ > *From:* Seiji Munetoh [mailto:sei...@gm...] > *Sent:* Thu 12/4/2008 5:41 AM > *To:* Ross Philipson > *Cc:* Cihula, Joseph; tbo...@li...; tpmdd-devel; > Marcin Obara > *Subject:* Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45 > > Hi Ross, > > On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson > <Ros...@ci...> wrote: > > Yeah, I saw the same thing when I was trying to get it to work. I forced > > it to load and saw the status check fail in the debugger. I think I > > tried working around issue at the time by ignoring the status but > > something failed downstream and I couldn't use the iTPM even though the > > driver loaded and ready. Did you actually try sending it work to do - > > you may find it still doesn't work? Anyway it was a while ago so I don't > > remember all the details. > > I can take the ownership of iTPM, but don't run testsuite. > > I have take a look the tpm_tis code a bit more. > "default time out" values should be set before call request_locality() > in tpm_tis_init function. > This is the reason why first modprobe with force=1 is fail. > > regards, > Seiji > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ------------------------------------------------------------------------ > > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > |
|
From: Ross P. <Ros...@ci...> - 2008-12-04 12:36:39
|
> "default time out" values should be set before call request_locality() > in tpm_tis_init function. I saw that too and modified something to get the driver to load. Dang, I should have written down what I was doing at the time. Ross ________________________________ From: Seiji Munetoh [mailto:sei...@gm...] Sent: Thu 12/4/2008 5:41 AM To: Ross Philipson Cc: Cihula, Joseph; tbo...@li...; tpmdd-devel; Marcin Obara Subject: Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45 Hi Ross, On Tue, Dec 2, 2008 at 10:44 PM, Ross Philipson <Ros...@ci...> wrote: > Yeah, I saw the same thing when I was trying to get it to work. I forced > it to load and saw the status check fail in the debugger. I think I > tried working around issue at the time by ignoring the status but > something failed downstream and I couldn't use the iTPM even though the > driver loaded and ready. Did you actually try sending it work to do - > you may find it still doesn't work? Anyway it was a while ago so I don't > remember all the details. I can take the ownership of iTPM, but don't run testsuite. I have take a look the tpm_tis code a bit more. "default time out" values should be set before call request_locality() in tpm_tis_init function. This is the reason why first modprobe with force=1 is fail. regards, Seiji |
|
From: Ross P. <Ros...@ci...> - 2008-12-02 13:31:14
|
I wanted to ask since there is something that doesn't quite make sense here. The Linux tpm_tis driver clearly uses MMIO to access the TPM registers so it should work as does any other OS code. Also if the Windows OS can access the iTPM then Linux should arguably also be able to. So I guess it must be some difference in the iTPM interface that makes the standard tpm_tis (presumably 1.2 compliant) driver just not work. Is that accurate? > > It is not possible to use any TPM Linux driver on these platforms. I don't understand why that would be the case. There may be none that currently are able to but they should be able to be modified to access it (just as Windows drivers access it). Thanks Ross -----Original Message----- From: Cihula, Joseph [mailto:jos...@in...] Sent: Monday, December 01, 2008 5:30 PM To: Seiji Munetoh; Marcin Obara Cc: tbo...@li...; tpmdd-devel Subject: Re: [tboot-devel] [tpmdd-devel] TPM driver problem on GM45 > From: Seiji Munetoh [mailto:sei...@gm...] > Sent: Monday, December 01, 2008 2:24 PM > > On Mon, Dec 1, 2008 at 4:53 PM, Marcin Obara > <mar...@us...> wrote: > > 2008/12/1 Seiji Munetoh <sei...@gm...>: > >> 2008/11/28 Marcin Obara <mar...@us...>: > >>> Linux is not supported by iTPM on these mobile platforms. > >>> iTPM on these platforms will work only with Windows OS-es. > >> > >> So, do we need special driver to access the iTPM? > > > > It is not driver issue. It is platform design. > > iTPM on these (mobile) platforms was designed to work only with > > Windows OS-es. It is not possible to use any TPM Linux driver on these > > platforms. > > iTPM on other (desktop) platforms should work with standard Linux - > > tpm_tis driver. > > So we can't use tboot & xen also on these platforms:-( > > thanks, > Seiji (cross-posting to tboot-devel since this question concerns that project) tboot will work fine on these systems, since it accesses the TPM directly through its MMIO interface. You will just have to use a non-Linux environment and tools to provision the TXT LCP and tboot policy indices. Joe ------------------------------------------------------------------------ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ tboot-devel mailing list tbo...@li... https://lists.sourceforge.net/lists/listinfo/tboot-devel |
Thanks for helping keep SourceForge clean.
X