OPTIGA™ TPM Forum Discussions
I created a AES Key and make it persistent handles-persistent(0x81010020)
but I can't use the handle value, even It dosen't work tpm2_evictcont -c 0x81010020
I think.. slb9672 chip(my chip) can't find the handle value which linked context file..
(mysymmetrickey.ctx is WORK!)
The problem only occurs on one chip and not on the other.
It didn't happen at first and it does happen at some point
Esys_TR_GetTpmHandle() is work, but only tpm2_tools command not work..
tpm2_clear command erase the handles, but the problem occur continuously..
# tpm2_getcap handles-persistent
- 0x81010020
# tpm2_evictcontrol -c 0x81010020
ERROR: Invalid serialized ESYS_TR size, got: 0
ERROR:esys:/usr/src/debug/tpm2-tss/3.2.0-r0/src/tss2-esys/esys_tr.c:356:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:The ESYS_TR resource object is bad
ERROR: Unable to run tpm2_evictcontrol
# tpm2_encryptdecrypt -c 0x81010020 -o mysecret.enc mysecret
WARN: Using a weak IV, try specifying an IV
ERROR: Invalid serialized ESYS_TR size, got: 0
ERROR: Invalid object key authorization
ERROR: Unable to run tpm2_encryptdecrypt
Show Less
Hello,
I would like to confirm an issue I have with the SLB9670. My research led me to this thread (https://community.infineon.com/t5/OPTIGA-TPM/IMX8MM-SLB9670-TPM2-Self-test-error/td-p/454162), which seems to suggest everything is normal, but it links to the RPI3. I want to make sure the same applies to the RPI4.
During bootup, I see the following Kernel messages:
[ 9.194573] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
[ 9.197032] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 9.197057] tpm tpm0: starting up the TPM manually
This is slightly annoying, but I can see tpm0
and tpmrm0
in the device section:
user@cm4:~/eltt2 $ ls /dev/tpm*
/dev/tpm0 /dev/tpmrm0
sudo tpm2_gettestresult
status: success
0x00000000: 0xCE 0xFB 0xBB 0x85 0xF2 0x29 0x63 0x1F 0x6A 0xC4 0xDD 0x18 0xC6 0x15 0x25 0x94
0x00000010: 0x48 0x06 0x78 0x92
Finally, sudo tpm2_selftest -f returns 0
Is it safe to assume that my TPM is working correctly despite those messages? It seems like it, but I would appreciate some confirmation.
Thank you!
Show LessHello,
We are currently working on tpm2.0 for SLB9673 with AM5748 soc
We would like to know if there exists a secure boot method that uses the TPM2 commands to verify the kernel integrity at the u-boot stage. Specifically that utilises the TPM2 functionalities to ensure the authenticity and integrity of the kernel image during the boot process.
Also, any resources, documents, or references that provide detailed information on this topic would be helpful.
Thanks and Regards,
Mythreyi
Hi team,
we are using the slb9673 tpm2 chip for hardware security in our embedded project which as AM5748 soc,
We need to implement secure boot for the same, can you please give us a detailed procedure and software requirements to implement secure boot.
regards,
Yashwanth T L
Show LessHello,
Does Infineon have any TPM 2.0 chips in their portfolio that is targeting FIPS 140-3 certification?
The were none back in July 2022 according to the following thread, but wondering if plans have changed in the past ~2 years: Solved: TPM Module FIPS 140-3 Compliant - Infineon Developer Community
Thanks,
John
Hi,
I get this error when trying to interface SLB9670 with BeagleBone Balck over SPI1, bus with CS1:
tpm_tis_spi: probe of spi1.1 failed with error -110
This is my overlay:
/dts-v1/;
/plugin/;
/ {
compatible = "ti,beaglebone","ti,am335x-boneblack", "ti,beaglebone-black";
part-number = "BB-SPI1-SLB9670";
version = "00A0";
fragment@0 {
target = <&am33xx_pinmux>;
__overlay__ {
pinmux_spi1_pins: pinmux_spi1_pins {
pinctrl-single,pins = <
0x190 0x33 /* spi1_sclk,MODE3 */
0x194 0x33 /* spi1_d0, MODE3 */
0x198 0x33 /* spi1_d1, MODE3 */
0x164 0x32 /* spi1_cs1, MODE2 */
>;
};
};
};
fragment@1 {
target = <&spi1>;
__overlay__ {
pinctrl-0 = <&pinmux_spi1_pins>;
status = "okay";
};
};
fragment@2 {
target = <&spi1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
slb9670: slb9670@1 {
compatible = "infineon,slb9670";
reg = <1>;
#address-cells = <1>;
#size-cells = <0>;
spi-max-frequency = <32000000>;
};
};
};
};
Reset has pull-up.
This is what I have included and compiled in my kernel image:
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=y
I can see that tis-spi driver for tpm2.0 is loaded under /sys/bus/spi/drivers (I compiled it with kernel).
There is also SPI1.1 device visible under /sys/bus/spi/devices
In short, SPI1 is working because I use it for ENC28J60 ethernet PHY with CS0.
For SLB9670 I use P9_42 pin in mode 2 as CS1, but without any luck to establish connection with SLB.
Can somone tell me more about error -110 and how to fix it amd get things working.
Thanks
Show Less
Hi,
can i get the IBIS model of SLB9673XU20FW2610XTMA1 for signal integrity
thanks
Hi,
We were trying to run tpm commands to create Attestation key using Google-attestation opensource package on freebsd. However, it fails with the error: warning code 0x2 : out of memory for object contexts
Can you please help us with following:
1) Is Optiga tpm2 supported on FreeBSD
i) If not, are there any other software pkgs that can be used.
2) Do you have an SDK to interact with the TPM2 device. Please share the relevant documentation.
Regards
Shashi
Show Less