Add kernel module(s) for TPM 2.0 #312
Comments
|
@vicgal can you help with this? |
When TPM support enabled the following devices are available: /dev/tpm0 /dev/tpmrm0 Fixes: #312 Changelog-entry: Add TPM kernel module support Signed-off-by: Alex Gonzalez <[email protected]>
|
hey @sruehl I have opened a PR - once it's built we will do some basic checks. I don't think we have automated tests for this device type - we will have to add it to the automation so it can be released as we no longer have manual test processes. |
When TPM support enabled the following devices are available: /dev/tpm0 /dev/tpmrm0 Fixes: #312 Changelog-entry: Add TPM kernel module support Signed-off-by: Alex Gonzalez <[email protected]>
|
Hi @sruehl , do the /dev/tpm* nodes show up on your board with the reference Yocto Image from July 19, 2022 ? Note that you'll also have to flash the reference u-boot. With that image on our iot-gate-imx8 unit there are no /dev/tpm nodes and the related device-tree nodes are disabled: and looking at https://github.com/compulab-yokneam/meta-bsp-imx8mm/blob/d0846f32e434bb280b16ab01f04b70163fe81180/recipes-kernel/linux/compulab/imx8mm/0062-iot-gate-imx8-add-support-for-the-IE-TPM-module.patch it seems that they are not enabled by u-boot because the TPM module is not detected. Perhaps it's offered as an add-on board? Our unit is 4GB RAM | 32GB eMMC| WiFi + BT | Modem | FARS2 | FBRS2 | FCDIO | TET |
|
Will check later... |
|
Oh I noticed you need the |
|
Ok my device says 4GB RAM | 32GB eMMC | WIFI+BT | Modem | FARS4 | FBCAN | TIC. So that would mean my device doesn't have the required feature for a TPM to be present :(. |
|
Thanks for the update @sruehl, please keep us posted on the testing progress. If you can get your hands on a unit with FATPM please do a local yocto build of the PR my colleague Alex raised and let us know if the enabled configs are sufficient or if we need to enable others for this particular device-type. |
When TPM support enabled the following devices are available: /dev/tpm0 /dev/tpmrm0 Fixes: #312 Changelog-entry: Add TPM kernel module support Signed-off-by: Alex Gonzalez <[email protected]>
When TPM support enabled the following devices are available: /dev/tpm0 /dev/tpmrm0 Fixes: #312 Changelog-entry: Add TPM kernel module support Signed-off-by: Alex Gonzalez <[email protected]>
When TPM support enabled the following devices are available: /dev/tpm0 /dev/tpmrm0 Fixes: #312 Changelog-entry: Add TPM kernel module support Signed-off-by: Alex Gonzalez <[email protected]>
|
Hi, any update on this @acostach @sruehl ? I will be receiving https://shop-compulab.com/product/iot-gate-imx8plus-evaluation-kit/ shortly and can potentially do some testing. Would this also enable secure boot and disk encryption for the device at some point? |
|
I'll let @sruehl chip in if he got his hands on that specific hw configuration |
|
@acostach no, sadly I didn't get my hands on it |
Copy&Paste from balena-os/balena-intel#218
We would like to have TPM 2.0 support in Balena on the Compulab Imx8 platform.
Use Case
We're using TPM 2.0 modules to sign tokens on the edge to identify edge devices to our cloud tier. Using the TPM is more secure than storing certs on the device because the private key never leaves the TPM.
Solution
See balena-os/balena-intel#218
Expected Interfaces
When TPM 2.0 support is present, we expect to see the following files:
The text was updated successfully, but these errors were encountered: