i.MX8MP with TPM SLB9670

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AleCla97
Level 1
Level 1
First like received 5 replies posted 10 sign-ins

Hi, I have integrated the TPM 2.0 Iridium SLB 9670 together with the i.MX8MP processor to implement remote attestation using the IMA Linux kernel module. Sometimes I get strange this error "tpm tpm0: invalid TPM_STS.x 0xa8 " that I cannot find a solution online. As I understand it I should get 0xff in case there are transmission calls to tpm that are not protected by the tpm_try_get_ops command. Checking the Linux kernel however it is indeed called and in fact, the value is not 0xff but is variable. On a couple of other occasions, however, it has failed to even establish the initial connection ('2.0 TPM (device-id 0x1B, rev-id 22') and some debugging showed that the tpm spi driver was stuck in an infinite loop waiting for the TPM locality. The wiring is correct, in fact, if the tpm connects without errors, the tpm2tools commands work. The device tree is correct because I asked for confirmation on the NXP forum. I also tried replacing the tpm but got the same result. I currently I'm using Linux kernel 5.15.60 but I get the same error using the i.MX6UL board which has kernel 5.10.60. What caused this error?

The output of dmesg | grep -i tpm

[ 2.077539] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22)

[ 2.088911] tpm tpm0: A TPM error (256) occurred attempting the self test

[ 2.095719] tpm tpm0: starting up the TPM manually

[ 12.489312] tpm tpm0: tpm_try_transmit: send(): error -5

[ 38.235405] tpm tpm0: tpm_transmit: tpm_recv: error -52

[ 38.284794] tpm tpm0: invalid TPM_STS.x 0x85, dumping stack for forensics

[ 38.284861] tpm_tis_status+0xc8/0xe4

[ 38.284869] wait_for_tpm_stat+0x54/0x224

[ 38.284878] tpm_tis_send_data+0x220/0x28c

[ 38.284886] tpm_tis_send_main+0x34/0x110

[ 38.284893] tpm_tis_send+0x44/0x110

[ 38.284901] tpm_transmit+0xc8/0x340

[ 38.284908] tpm_transmit_cmd+0x30/0xc0

[ 38.284914] tpm2_pcr_extend+0x25c/0x300

[ 38.284921] tpm_pcr_extend+0xc4/0xd4

0 Likes
1 Solution
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

If it is going to take longer than expected, please create a new thread with the link to this case on Community. I will close this thread by EOD.

BR,

Sneha

View solution in original post

0 Likes
13 Replies
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

Sorry for the late response, could you provide the variable return values you receive. Also, did you run any additional command when the TPM connected without any errors?

0 Likes

 

Hi @Sneha_P ,
the return error values of the TPM_STS.x register are variables and here I put two different ones, 0x85 and 0xa8, but they change with each reboot.

When the TPM connects without errors I usually test it with the tpm2 tools by running a tpm2_pcrread or a tpm2_getrandom which work without problems. Today it connected without errors and I also tried running the createprimary command giving me this error "authorisation failure without DA implications". I tried running tpm2_clear and got this error "authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode" but if I check with tpm2_getcap properties-variable I get

root@imx8mp-var-dart:~# tpm2_getcap properties-variable
TPM2_PT_PERSISTENT:
ownerAuthSet: 1
endorsementAuthSet: 0
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
TPM2_PT_STARTUP_CLEAR:
phEnable: 1
shEnable: 1
ehEnable: 1
phEnableNV: 1
reserved1: 0
orderly: 1
TPM2_PT_HR_NV_INDEX: 0x2
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_HR_LOADED_AVAIL: 0x3
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_HR_ACTIVE_AVAIL: 0x40
TPM2_PT_HR_TRANSIENT_AVAIL: 0x4
TPM2_PT_HR_PERSISTENT: 0x0
TPM2_PT_HR_PERSISTENT_AVAIL: 0xF
TPM2_PT_NV_COUNTERS: 0x0
TPM2_PT_NV_COUNTERS_AVAIL: 0xD
TPM2_PT_ALGORITHM_SET: 0x0
TPM2_PT_LOADED_CURVES: 0x2
TPM2_PT_LOCKOUT_COUNTER: 0x0
TPM2_PT_MAX_AUTH_FAIL: 0x20
TPM2_PT_LOCKOUT_INTERVAL: 0x1C20
TPM2_PT_LOCKOUT_RECOVERY: 0x15180
TPM2_PT_NV_WRITE_RECOVERY: 0x0
TPM2_PT_AUDIT_COUNTER_0: 0x0
TPM2_PT_AUDIT_COUNTER_1: 0x0

From what I understand, the tpm seems to be in Dictionary Attack lockout, but is not active from its properties. The command tpm2_dictionary-lockout --setup-parameters --max-tries=4294967295 --clear-lockout fails in the same way as clear- Could this be related to the random problems in the STS_x register that I sometimes get during the kernel boot phase? 

0 Likes
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

It does not seem like a DA lockout as TPM2_PT_LOCKOUT_COUNTER  is 0. Could you specify your TPM FW version and provide the result of "tpm2_getcap properties-fixed"

Thanks,

Sneha

0 Likes

hi @Sneha_P , 

I am not sure how to find the FW version but I know that the FW has never been updated.

To launch the requested command, I got the error invalid TPM_STS.x 0x85 when switching on  a few times before I could run the command and it even failed once to connect. In order to get him to reconnect, I swapped it with an equal TPM on the raspberry 4 and it worked again. Both TPMs give this exact output when running the getcap command

root@imx8mp-var-dart:~# tpm2_getcap properties-fixed
TPM2_PT_FAMILY_INDICATOR:
raw: 0x322E3000
value: "2.0"
TPM2_PT_LEVEL:
raw: 0
TPM2_PT_REVISION:
value: 1.38
TPM2_PT_DAY_OF_YEAR:
raw: 0x8
TPM2_PT_YEAR:
raw: 0x7E2
TPM2_PT_MANUFACTURER:
raw: 0x49465800
value: "IFX"
TPM2_PT_VENDOR_STRING_1:
raw: 0x534C4D39
value: "SLM9"
TPM2_PT_VENDOR_STRING_2:
raw: 0x36373000
value: "670"
TPM2_PT_VENDOR_STRING_3:
raw: 0x0
value: ""
TPM2_PT_VENDOR_STRING_4:
raw: 0x0
value: ""
TPM2_PT_VENDOR_TPM_TYPE:
raw: 0x0
TPM2_PT_FIRMWARE_VERSION_1:
raw: 0xD000B
TPM2_PT_FIRMWARE_VERSION_2:
raw: 0x11CB00
TPM2_PT_INPUT_BUFFER:
raw: 0x400
TPM2_PT_HR_TRANSIENT_MIN:
raw: 0x4
TPM2_PT_HR_PERSISTENT_MIN:
raw: 0x7
TPM2_PT_HR_LOADED_MIN:
raw: 0x3
TPM2_PT_ACTIVE_SESSIONS_MAX:
raw: 0x40
TPM2_PT_PCR_COUNT:
raw: 0x18
TPM2_PT_PCR_SELECT_MIN:
raw: 0x3
TPM2_PT_CONTEXT_GAP_MAX:
raw: 0xFFFFFFFF
TPM2_PT_NV_COUNTERS_MAX:
raw: 0x8
TPM2_PT_NV_INDEX_MAX:
raw: 0x800
TPM2_PT_MEMORY:
raw: 0x6
TPM2_PT_CLOCK_UPDATE:
raw: 0x4000
TPM2_PT_CONTEXT_HASH:
raw: 0xB
TPM2_PT_CONTEXT_SYM:
raw: 0x6
TPM2_PT_CONTEXT_SYM_SIZE:
raw: 0x80
TPM2_PT_ORDERLY_COUNT:
raw: 0xFF
TPM2_PT_MAX_COMMAND_SIZE:
raw: 0x58C
TPM2_PT_MAX_RESPONSE_SIZE:
raw: 0x58C
TPM2_PT_MAX_DIGEST:
raw: 0x20
TPM2_PT_MAX_OBJECT_CONTEXT:
raw: 0x38F
TPM2_PT_MAX_SESSION_CONTEXT:
raw: 0x1EE
TPM2_PT_PS_FAMILY_INDICATOR:
raw: 0x1
TPM2_PT_PS_LEVEL:
raw: 0x0
TPM2_PT_PS_REVISION:
raw: 0x103
TPM2_PT_PS_DAY_OF_YEAR:
raw: 0x0
TPM2_PT_PS_YEAR:
raw: 0x0
TPM2_PT_SPLIT_MAX:
raw: 0x80
TPM2_PT_TOTAL_COMMANDS:
raw: 0x61
TPM2_PT_LIBRARY_COMMANDS:
raw: 0x60
TPM2_PT_VENDOR_COMMANDS:
raw: 0x1
TPM2_PT_NV_BUFFER_MAX:
raw: 0x300
TPM2_PT_MODES:
raw: 0x1
value: TPMA_MODES_FIPS_140_2

0 Likes
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

Could you send us following information for investigating this case further:
1. The physical wiring photo when you connect TPM to i.MX platform.
2. The SPI signals traces by Oscilloscope
3. Please share the kernel configuration to follow parameters: CONFIG_HW_RANDOM_TPM=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS_CORE=m CONFIG_TCG_TIS_SPI=m

Also, you mentioned that you tested with an RPi 4, does this mean TPM works normally on RPi and the encountered error message is when running TPM on i.MX platform?

 

0 Likes
lock attach
Attachments are accessible only for community members.

Hi @Sneha_P ,

I have attached photos of the cables and the configuration that I am using (obtained from zcat /proc/config.gz > config.txt). For better clarity I also write down the pins 

Iridium Board - DART-MX8MPLUS board (Board datasheet https://www.variscite.de/wp-content/uploads/2021/02/VAR-DT8MCustomBoard_Datasheet_V2.0.pdf)
MISO 21 - red cable - J16.8
MOSI 19 - orange cable - J16.6
CS 26 - yellow cable - J16.4
CLK 23 - Light brown cable - J16.2
GND 6 - black cable - J16.10
VDD 1 - green cable - J26.1 (3.3V)

2. The SPI signals traces by Oscilloscope


I don't have access to an oscilloscope at the moment but as soon as I do I will send you pictures. What signals should I capture? Because being a random problem, it is not easy to capture the exact moment when a communication fails. The device probe generally works while, at some variable point during kernel loading, one or more of the TPM's Pcr extends that IMA executes fail. 

3. Please share the kernel configuration to follow parameters: CONFIG_HW_RANDOM_TPM=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS_CORE=m CONFIG_TCG_TIS_SPI=m


I do not quite understand this point. If I configure the tpm driver as a module I can run modprobe and log it afterwards and possibly log the signals but I cannot catch the invalid STS error because, if the IMA driver loads before the tpm driver, it does not extend pcr.  But in any case, I can compile it as required 🙂

Also, you mentioned that you tested with an RPi 4, does this mean TPM works normally on RPi and the encountered error message is when running TPM on i.MX platform?


Exactly! We have RPi4s using the same tpm with IMA without any problems. The kernel is similar and I have not found any patches to be missing on the i.MX8 kernel. Is there by any chance some iridium board protection system that checks if it has not been mounted on an RPI?
For the sake of completeness, I add the changes made to have the tpm loaded before IMA, because without changes it is loaded after IMA and it is bypassed

Taken from RPI kernel (https://github.com/raspberrypi/linux/commit/015e0f3b52e55e04908d9ba36fb9dfd316101d5d)

--- a/drivers/char/tpm/tpm_tis_spi_main.c
+++ b/drivers/char/tpm/tpm_tis_spi_main.c

@@ -294,7 +294,8 @@ static struct spi_driver tpm_tis_spi_driver = {
.pm = &tpm_tis_pm,
.of_match_table = of_match_ptr(of_tis_spi_match),
.acpi_match_table = ACPI_PTR(acpi_tis_spi_match),
- .probe_type = PROBE_PREFER_ASYNCHRONOUS,
+ .probe_type = PROBE_FORCE_SYNCHRONOUS,
},

This change was made to try to fix the problem but I saw no difference, also because in the device tree I do not put dma

--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c

-static bool use_dma = true;
+static bool use_dma = false;

This change allows IMA to wait for the tpm driver

--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -1057,4 +1057,4 @@ static int __init init_ima(void)
return error;
}

-late_initcall(init_ima); /* Start IMA after the TPM is available */
+late_initcall_sync(init_ima); /* Start IMA after the TPM is available */

My device tree

&ecspi1 {
    pinctrl-names = "default";
    pinctrl-0 = <&pinctrl_ecspi1>, <&pinctrl_spi1_ss0>;
    cs-gpios = <&gpio5 9 GPIO_ACTIVE_LOW>;
    status = "okay";

    tpm0: slb9670@0 {
      compatible = "infineon,slb9670";
      reg = <0>;
      spi-max-frequency = <32000000>;
      status = "okay";
    };
};

pinctrl_ecspi1: ecspi1grp {
    fsl,pins = <
      MX8MP_IOMUXC_ECSPI1_SCLK__ECSPI1_SCLK 0x1916
      MX8MP_IOMUXC_ECSPI1_MOSI__ECSPI1_MOSI 0x116
      MX8MP_IOMUXC_ECSPI1_MISO__ECSPI1_MISO 0x116
    >;
};

pinctrl_spi1_ss0: spi1_ss0 {
    fsl,pins = <
      MX8MP_IOMUXC_ECSPI1_SS0__GPIO5_IO09 0x116

   >;
};

0 Likes
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

LSB of TPM_STS.x should be "Reads always return 0". Please refer to Table 52 - Status Register of TCG PC Client Platform TPM Profile (PTP) Specification Family “2.0” Level 00 Revision 01.03 v22 May 22, 2017

The SPI communication looks unstable in i.MX platform, please check the following items:

  • Probe the SPI traces in two locations for comparison, the one closed to the TPM side, and another compares to the traces which is closed to the i.MX host chip side.
  • Could you specify the SPI frequency setting on this platform? Also, could you provide the device tree data, this could also identify the SPI frequency from this file.
0 Likes

 

Hi @Sneha_P ,

Next week I should be able to access an oscilloscope and send the signals. In the meantime I will answer the frequency question. The device tree I made is the one in the previous posts, while the factory one, which mine includes, is this one:

ecspi1: spi@30820000 {
#address-cells = <1>;
#size-cells = <0>;
compatible = "fsl,imx8mp-ecspi", "fsl,imx51-ecspi";
reg = <0x30820000 0x10000>;
interrupts = <GIC_SPI 31 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clk IMX8MP_CLK_ECSPI1_ROOT>,
<&clk IMX8MP_CLK_ECSPI1_ROOT>;
clock-names = "ipg", "per";
assigned-clock-rates = <80000000>;
assigned-clocks = <&clk IMX8MP_CLK_ECSPI1>;
assigned-clock-parents = <&clk IMX8MP_SYS_PLL1_800M>;
dmas = <&sdma1 0 7 1>, <&sdma1 1 7 2>;
dma-names = "rx", "tx";
status = "disabled";
};

In my device tree, I put spi-max-frequency = <320000> so I think it uses 32Mhz. I can try lowering the frequency, do you have any recommended frequencies ?

0 Likes
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

Can you try with lower SPI frequencies e.g. 15MHz or 10MHz.

0 Likes

Hi @Sneha_P ,

we tried to use the oscilloscope but it was not suitable so I have to wait for a better one.
I have tried various lower frequencies but there are still sporadic transmission errors and our suspicion is falling on the cables being too long so our plan is to reduce them. As soon as we succeed I will update you.

Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

Please let me know if you were able to resolve the issue. 

0 Likes

Hi @Sneha_P ,

our colleague who handles these things is currently busy so he will be able to get it to me probably next week or the week after. After I test it I will let you know

0 Likes
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @AleCla97 ,

If it is going to take longer than expected, please create a new thread with the link to this case on Community. I will close this thread by EOD.

BR,

Sneha

0 Likes