etienne-lms
commented
2 years ago Hello @kuldeepmarker-eaton,
TPM command requests are individually sent to fTPM TA using TA command SUBMIT_COMMAND (with a input memref for the command payload and an in/out memref for the output response payload). There is another TA command supported, that is EMULATE_PPI, specifically dedicated to PPI commands. I would recommend to look at the client integrated in either Linux kernel (drivers/char/tpm/tpm_ftpm_tee.c) or U-Boot (drivers/tpm/tpm2_ftpm_tee.c) to see examples. As for the content of TPM 2.0 command and response buffer, they are not OP-TEE specific. Refer to TPM Software Stack (TSS) specifications.
Regarding integration in a Linux based OS, fTPM TA interface is already integrated in the Linux kernel provided you enable CONFIG_TCG_FTPM_TEE (and have device driver being probed). Look at https://tpm2-software.github.io/ for information on TPM 2.0 support in standard software packages.
HI All,
I am making use of ST OpenSTlinux distro and also added firmware TPM as an TA. In order to validate ftpm TA I made use of optee-examples and did some modification to CA in order to establish a session with ftpm TA. I need to invoke command in ftpm TA but I am not able to understand the exact construct of arguments that I need to pass from CA to TA. I have gone through the TEE client API but couldn't figure out what is the proper way to invoke command in ftpm. Could anyone please help me out with the construct of command that can be passed in TEEC_InvokeCommand API to invoke command in ftpm.