Driver not loaded (qemu)

[vivinamartins16]

Hey all!

I'm building fTPM with OP-TEE on Qemu. Following the instructions, I got to build the solution but the driver didn't load. I got the following on my Normal World shell:

Starting tee-supplicant: OK
Starting network: OK
Starting network (udhcpc): OK
Starting tpm2-abrmd: device driver not loaded, skipping.

What am I missing? also, how can I interect with the TA? how can i invoke it from normal world or how can I access it?

p.s: I see no evidence of the TA being loaded in the secure world.

Thanks in advance!

[dmcilvaney]

Hi @vivinamartins16, I work mostly on the Windows side, so I won't be much help directly (I've only run the fTPM in QEMU from a user mode program, never with the Linux driver). I'll try and find someone with some better background to help out.

[vivinamartins16]

Thanks @dmcilvaney ! I'd be much appreciated! In case it helps, I also tried following the Linaro guide

https://github.com/jbech-linaro/manifest/tree/ftpm

But no sucess either. Everything builds without errors but the TPM doesn't seem to be loaded.

Thanks in advance!

[dmcilvaney]

Maybe have a read through here if you haven't yet: https://patchwork.kernel.org/comment/22741599/

[vivinamartins16]

Thanks @dmcilvaney ! I have already read through that but no success either! I still don't see the TAs being loaded, even tought I don't get any error message during build.

[dmcilvaney]

Ok, few thoughts (I have focused on the Windows/early firmware side so these may not be particularly valuable but I'll give it a shot)

1. Are you basing this entirely off Joakim's TPM work? If not, any instructions you can point me to?
2. I think that most Linux work was done based on ms-tpm-20-ref/Samples/… I can't promise that this repo works flawlessly with Linux yet (but it should be fine)
3. We moved to a new UUID for the TA a few months ago, but the Linux driver is using an old one. We just rolled it back in 6bb57db632c424f87cbaf7ec6f9c89be7682b3c0 so if you built from MSRSec, try updating to use the historic UUID.
4. Are you running the fTPM as an early TA, or user mode TA? I think most of the Linux driver discussion was based around an early TA.

[vivinamartins16]

First of all, thanks a lot for the time and effort to help me out :)

1. Yes. I followed 100% Joakim's setup. No further steps taken.
2. With Joakim's setup, I downloaded the optee_ta from ms-tpm-20-ref repo. I'll try to switch to the one in this repo and see what happens.
3. I checked the UUID, and matches the historic UUID. I'll keep that in mind when using the TA from this repo!
4. I was expecting it to behave as early TA.

-- other info:

• All binaries were compiled without errors:

  make[1]: Entering directory '/home/viviane/ftpm4/linux'
  INSTALL crypto/drbg.ko
  INSTALL crypto/echainiv.ko
  INSTALL crypto/hmac.ko
  INSTALL crypto/jitterentropy_rng.ko
  INSTALL crypto/sha256_generic.ko
  INSTALL drivers/char/tpm/tpm_ftpm_optee.ko
  INSTALL drivers/video/backlight/lcd.ko
  DEPMOD  4.14.67

• I'm able to run the fTPM script in normal world. This is my output:

  fTPM: before open context
  fTPM: after open context
  random: fast init done
  urandom_read: 2 callbacks suppressed
  random: getrandom: uninitialized urandom read (32 bytes read)
  randomBytes length 8
  07 f7 c7 1a 94 c7 9a e2 

• Then I quit qemu, and make run-only. And this is my list of TAs:

  # cd optee_armtz/
  # ls
  12345678-5b69-11e4-9dbb-101f74f00099.ta
  484d4143-2d53-4841-3120-4a6f636b6542.ta
  5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.ta
  5ce0c432-0ab0-40e5-a056-782ca0e6aba2.ta
  5dbac793-f574-4871-8ad3-04331ec17f24.ta
  614789f2-39c0-4ebf-b235-92b32ac107ed.ta
  731e279e-aafb-4575-a771-38caa6f0cca6.ta
  873bcd08-c2c3-11e6-a937-d0bf9c45c61c.ta
  8aaaf200-2450-11e4-abe2-0002a5d5c51b.ta
  a734eed9-d6a1-4244-aa50-7c99719e7b7b.ta
  b689f2a7-8adf-477a-9f99-32e90c0ad0a2.ta
  b6c53aba-9669-4668-a7f2-205629d00f86.ta
  c3f6e2c0-3548-11e1-b86c-0800200c9a66.ta
  cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.ta
  d17f73a0-36ef-11e1-984a-0002a5d5c51b.ta
  e13010e0-2ae1-11e5-896a-0002a5d5c51b.ta
  e626662e-c0e2-485c-b8c8-09fbce6edf3d.ta
  e6a33ed4-562b-463a-bb7e-ff5e15a493c8.ta
  f157cda0-550c-11e5-a6fa-0002a5d5c51b.ta
  f4e750bb-1437-4fbf-8785-8d3580c34994.ta
  ffd2bded-ab7d-4988-95ee-e4962fff7154.ta

None of which starts with bc5 or 53b.

Running grep, I get:

# grep -r "bc50d9" .
grep: ./run/dbus/system_bus_socket: No such device or address
./etc/profile.d/ftpm_alias.sh:alias setup_ftpm='mkdir -p /host && mount -t 9p -o trans=virtio host /host && cd /lib/optee_armtz && ln -sf /host/ms-tpm-20-ref/out/bc50d971-d4c9-42c4-82cb-123456789123.ta bc50d971-d4c9-42c4-82cb-123456789123.ta'

Which is the script I run previously, before make run-only. It seems to be making a symlink from the TA. I believe that this is whats going wrong. Is this "host" folder, the main one with optee or the one inside out-br? Maybe it should be inside out-br instead of the external folder?

I'll try switching repos, changing location of the ms-tpm-20-ref folder inside optee and see what I get.

Thanks once more!

[DMattoon]

On #4, this is something we plan to resolve. As of right now the TA has a hard requirement on the ability to light up storage on init. We understand that this is not the desired behavior and intend to provide the ability to defer (and not panic) when storage is not yet available on startup.

[dmcilvaney]

Ok, the lack of TA in the host folder is odd, but may be a red herring. An 'early TA' gets packaged as a part of the OP-TEE binary itself, and OP-TEE will unpackage it without requiring the rich OS to get involved.

That said, the mount 'should' work. When you launch QEMU you can give it a path to a directory on the host machine (-fsdev … path=/your/path/here/). Running the command mkdir -p /host && mount -t 9p -o trans=virtio host /host should create a /host folder inside QEMU, connect the "host" tag, and mount /your/path/here/ into that folder. This means anything you put in that folder on the host machine will be available inside QEMU. The ln command then makes the new TA binary you built available in the optee_armtz/ folder. OP-TEE knows how to read TAs out of there.

Piping out the secure console should give the absolute truth about calls to a TA. It looks like the fTPM might be loaded properly. You can crank the TA debug up with CFG_TEE_TA_LOG_LEVEL=4 and CFG_TA_DEBUG=y. It should be pretty obvious if the fTPM is running if you watch the secure console.

[vivinamartins16]

Thank you @dmcilvaney ! I managed to run Joakim's setup it with a few flags turned on and the link with the host folder on qemu that you suggested worked just fine! thank you :)