Adding TPM2.0-SLB9670 Support in U-boot to verify Boot-Sequence of Avenger96 yocto

arjun.salariya · July 31, 2020, 12:42pm

Hi,

I have enabled Secure Boot feature on Avenger96 Board with > STM32MP157CAC processor.
I want enable Trusted boot support via TPM2.0 on U-boot.

I need some reference to regarding “adding TPM2.0 support on u-boot to verify the boot sequence”

Help will be appreciated.

Regards,
Arjun

darshak · August 10, 2020, 8:41am

Hi,

I have connected the tresor mezzanine on Avenger96 board. I want to access the SPI2 - Low expansion connector.

[Note: Tresor TPM2.0 is working fine in kernel]

Below are the u-boot changes:

diff --git a/arch/arm/dts/stm32mp157a-av96.dts b/arch/arm/dts/stm32mp157a-av96.dts
index 4e26181..fc1c480 100644
--- a/arch/arm/dts/stm32mp157a-av96.dts
+++ b/arch/arm/dts/stm32mp157a-av96.dts
@@ -26,3 +26,17 @@
 	pinctrl-1 = <&rcc_sleep_pins_a>;
 	status = "okay";
 };
+
+&spi2 {
+         pinctrl-names = "default", "sleep";
+         pinctrl-0 = <&spi2_pins_a>;
+         pinctrl-1 = <&spi2_sleep_pins_a>;
+         status = "okay";
+         /* cs-gpios = <&gpioi 0 GPIO_ACTIVE_LOW>; */
+
+         tpm_tis@0 {
+                 compatible = "tis,tpm2-spi";
+                 reg = <0>;
+                 spi-max-frequency = <10000000>;
+         };
+};

and

+++ b/arch/arm/dts/stm32mp157a-pinctrl.dtsi
@@ -1337,6 +1337,29 @@
 				};
 			};
 
+			spi2_pins_a: spi2-0 {
+                                pins1 {
+                                        pinmux = <STM32_PINMUX('B', 10, AF5)>, /* SPI2_SCK */
+                                                 <STM32_PINMUX('I', 3, AF5)>; /* SPI2_MOSI */
+                                        bias-disable;
+                                        drive-push-pull;
+                                        slew-rate = <1>;
+                                };
+
+                                pins2 {
+                                        pinmux = <STM32_PINMUX('I', 2, AF5)>; /* SPI2_MISO */
+                                        bias-disable;
+                                };
+                        };
+			
+			spi2_sleep_pins_a: spi2-sleep-0 {
+				pins {
+					pinmux = <STM32_PINMUX('B', 10, ANALOG)>, /* SPI2_SCK */
+						 <STM32_PINMUX('I', 2, ANALOG)>, /* SPI2_MISO */
+                         			 <STM32_PINMUX('I', 3, ANALOG)>; /* SPI2_MOSI */
+        			};
+			};
+

I am getting the error on uboot,

CPU: STM32MP157CAC Rev.?
Model: Arrow Electronics Avenger96 Board
Board: stm32mp1 in trusted mode (st,stm32mp157a-av96)
stm32_smc: Failed to exec in secure mode (err = -1)
DRAM: 1 GiB
Clocks:
MPU : 650 MHz
MCU : 208.878 MHz
AXI : 266.500 MHz
PER : 24 MHz
DDR : 533 MHz
MMC: STM32 SDMMC2: 0, STM32 SDMMC2: 1
Loading Environment from EXT4… OK
In: serial
Out: serial
Err: serial
stm32_smc: Failed to exec in secure mode (err = -1)
Net: eth0: ethernet@5800a000
Hit any key to stop autoboot: 0
STM32MP> tpm info
stm32mp1_clk_get_id: clk id 131 not found
Could not find TPM (ret=-22)
STM32MP> tpm2 info
stm32mp1_clk_get_id: clk id 131 not found
Could not find TPM (ret=-22)
STM32MP>

Thanks,
Darshak