你好
我们正在尝试使用 FRWY-LS1046A 板启用对 Infineon SLB9670 TPM 2.0 模块的支持。
我们修改了spi的设备树:
&dspi {
status = "okay";
tpm0: slb9670@0 {
#address-cells = <1>;
#size-cells = <1>;
compa
tible = "infineon,slb9670";
reg = <0>;
spi-max-frequency = <1000000>;
};
};
并启用 kenel 选项:
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS_SPI=y
CONFIG_TCG_INFINEON=y
CONFIG_SECURITYFS=y
当前 TPM 由内核找到,并且 /dev/tpm0 设备已创建:
$> dmesg | grep tpm
[ 2.477519] tpm_tis_spi spi0.0: 2.0 TPM (device-id 0x9B, rev-id 22)
[ 2.488946] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 2.496570] tpm tpm0: starting up the TPM manually
$> ls -la /dev/tpm*
crw------- 1 root root 10, 224 Jul 21 19:00 /dev/tpm0
crw------- 1 root root 253, 65536 Jul 21 19:00 /dev/tpmrm0
但是当我尝试使用 tpm2-tools 时问题出现了,我每次都收到这个错误:
rmt:error(2.0): command code not supported
例如。:
$> tpm2_create -C primary.ctx -L pcr.policy -i seal.dat -u seal.pub -r seal.priv -c seal.ctx -Q
WARNING:esys:src/tss2-esys/api/Esys_CreateLoaded.c:355:Esys_CreateLoaded_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreateLoaded.c:129:Esys_CreateLoaded() Esys Finish ErrorCode (0x000b0143)
ERROR: Esys_CreateLoaded(0xB0143) - rmt:error(2.0): command code not supported
ERROR: Unable to run tpm2_create
或者:
$> tpm2_encryptdecrypt -c key.ctx -o secret.enc secret.dat
WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:322:Esys_EncryptDecrypt2_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:107:Esys_EncryptDecrypt2() Esys Finish ErrorCode (0x000b0143)
WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:328:Esys_EncryptDecrypt_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:110:Esys_EncryptDecrypt() Esys Finish ErrorCode (0x000b0143)
ERROR: Esys_EncryptDecrypt(0xB0143) - rmt:error(2.0): command code not supported
ERROR: Unable to run tpm2_encryptdecrypt
怎么了?这是与系统/库或内核相关的问题吗?
