Re: [meta-arm] [PATCH 2/2] optee-ftpm: enumerate also without tee-supplicant

[Mikko Rapeli <mikko.rapeli@linaro.org>]

Hi,

On Mon, Apr 22, 2024 at 01:02:49AM -0700, Sumit Garg wrote:
> Hi Mikko,
> 
> On Wed, 17 Apr 2024 at 04:08, Mikko Rapeli via lists.yoctoproject.org
> <mikko.rapeli=linaro.org@lists.yoctoproject.org> wrote:
> >
> > Userspace like systemd boot manager would need to know
> > how to find TPM and fTPM devices for rootfs encryption.
> > Thus expose an fTPM TA enumeration also without tee-supplicant
> 
> fTPM TA due to secure storage requirements needs a tee-supplicant to
> be up and running for a successful kernel driver probe. So CI failure
> is expected as you see in the other thread.
> 
> So it's a chicken and egg situation for your rootfs encryption
> use-case. I suppose once the RPMB subsystem [1] makes its way into the
> mainline kernel then the dependency on tee-supplicant can be dropped.
> 
> [1] https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware.org/thread/6A62HMDQST2O3T2UGGN6UPXZKLKLUNM4/

Yes, optee and kernel RPMB support without tee-supplicant in userspace are
the reason why I'm testing changes like this. I actually have both the
optee and kernel changes applied in the setup I'm testing and am trying to
upstream some of the changes. It can be that this fTPM enumeration change
doesn't work without the optee and kernel RPMB changes. For testing
purposes the tf-a change is very nice to have so that qemu boot with
and without swtpm can be tested. I'll look into details of this fTPM enumeration
related error.

Cheers,

-Mikko