sruehl
commented
1 year ago @vicgal can you help with this?
Open sruehl opened 1 year ago
sruehl
commented
1 year ago @vicgal can you help with this?
alexgg
commented
1 year ago hey @sruehl I have opened a PR - once it's built we will do some basic checks.
I don't think we have automated tests for this device type - we will have to add it to the automation so it can be released as we no longer have manual test processes.
acostach
commented
1 year ago Hi @sruehl , do the /dev/tpm* nodes show up on your board with the reference Yocto Image from July 19, 2022 ? Note that you'll also have to flash the reference u-boot.
With that image on our iot-gate-imx8 unit there are no /dev/tpm nodes and the related device-tree nodes are disabled:
root@iot-gate-imx8:~# cat /sys/firmware/devicetree/base/soc@0/bus@30800000/spi@30830000/tpm@0/status
disabled
root@iot-gate-imx8:~# cat /sys/firmware/devicetree/base/soc@0/bus@30800000/spi@30840000/tpm@0/status
disabledand looking at https://github.com/compulab-yokneam/meta-bsp-imx8mm/blob/d0846f32e434bb280b16ab01f04b70163fe81180/recipes-kernel/linux/compulab/imx8mm/0062-iot-gate-imx8-add-support-for-the-IE-TPM-module.patch it seems that they are not enabled by u-boot because the TPM module is not detected. Perhaps it's offered as an add-on board? Our unit is 4GB RAM | 32GB eMMC| WiFi + BT | Modem | FARS2 | FBRS2 | FCDIO | TET
sruehl
commented
1 year ago Will check later... In the meantime: @vraevsky do you have any idea why it would not visible? On the product page for imx8 it says "TPM 2.0, implemented with Infineon SLB9670"
sruehl
commented
1 year ago Oh I noticed you need the FATPM feature code to be able to use it... Need to check with my device if that is present
sruehl
commented
1 year ago Ok my device says 4GB RAM | 32GB eMMC | WIFI+BT | Modem | FARS4 | FBCAN | TIC. So that would mean my device doesn't have the required feature for a TPM to be present :(.
That means only someone with FATPM could test that or someone on compulab. I opened a support Ticket with them to help out.
acostach
commented
1 year ago Thanks for the update @sruehl, please keep us posted on the testing progress. If you can get your hands on a unit with FATPM please do a local yocto build of the PR my colleague Alex raised and let us know if the enabled configs are sufficient or if we need to enable others for this particular device-type.
otlaitil
commented
2 months ago Hi, any update on this @acostach @sruehl ? I will be receiving https://shop-compulab.com/product/iot-gate-imx8plus-evaluation-kit/ shortly and can potentially do some testing.
Would this also enable secure boot and disk encryption for the device at some point?
acostach
commented
2 months ago I'll let @sruehl chip in if he got his hands on that specific hw configuration
sruehl
commented
2 months ago @acostach no, sadly I didn't get my hands on it
Copy&Paste from https://github.com/balena-os/balena-intel/issues/218
We would like to have TPM 2.0 support in Balena on the Compulab Imx8 platform.
Use Case
We're using TPM 2.0 modules to sign tokens on the edge to identify edge devices to our cloud tier. Using the TPM is more secure than storing certs on the device because the private key never leaves the TPM.
Solution
See https://github.com/balena-os/balena-intel/issues/218
Expected Interfaces
When TPM 2.0 support is present, we expect to see the following files: