Re: tpm_tis_spi gets initialized long after IMA

[Mimi Zohar <zohar@linux.vnet.ibm.com>]

On Fri, 2017-12-15 at 08:26 -0500, Mimi Zohar wrote:
> Hi Peter,
> 
> On Fri, 2017-09-29 at 22:14 +0200, Peter Huewe wrote:
> > Hi pau,
> > 
> > thanks for your answer,
> > SPI is enabled in DT and compiled in
> > TPM is enabled in DT via overlay and compiled in.
> > I have a working /dev/tpm0
> > 
> > However, the problem lays elsewhere - I added some debug prints to figure out what is going on:
> > It looks like this
> > 
> > 
> > [    0.027898] RPIFirmware: Calling rpi_firmware_get
> > [    0.027929] bcm2835-clk 3f101000.cprman: Probing FW
> > [    0.027949] bcm2835-clk 3f101000.cprman: FW not ready, defering probe                                                                                     
> > [    0.028385] bcm2835-mbox 3f00b880.mailbox: mailbox enabled
> > [    0.028847] uart-pl011 3f201000.serial: could not find pctldev for node /soc/gpio@7e200000/uart0_pins, deferring probe
> > [    0.061353] bcm2835-dma 3f007000.dma: DMA legacy API manager at bb80f000, dmachans=0x1
> > [    0.062828] SCSI subsystem initialized
> > [    0.062950] usbcore: registered new interface driver usbfs
> > [    0.063001] usbcore: registered new interface driver hub
> > [    0.063084] usbcore: registered new device driver usb
> > [    0.063362] raspberrypi-firmware soc:firmware: Calling rpi_firmware_probe
> > 
> > So the bcm2835-clk calls rpi_firmware_get, which returns with NULL since the pdev has not been set yet,
> > as the rpi_firmware_probe gets called only later :/
> > 
> > That defers the probing of the bcm2835-clk, so it it not available
> > for the bcm2835-spi which also gets defered, consequently
> > making the tpm not available until ima is done :/

Right, for rpi-4.14.y kernel, reverting commit acddd39 ("clk-bcm2835:
Read max core clock from firmware") allows the TPM to be initialized
prior to IMA, but is probably not the right solution.

Mimi

> 
> Sorry for the long delay!  At the end of last year we were able to
> boot the pi with IMA using the TPM.
> 
> On the rpi-4.8.y kernel with tip commit 061dccc ("BCM270X_DT: Add pi3-
> disable-wifi overlay"), I had to disable the full TPM selftest in
> order for the TPM to be initialized prior to IMA.
> 
> -       rc = tpm2_start_selftest(chip, true);
> +       rc = tpm2_start_selftest(chip, false);
> 
> I now have it working on the rpi-4.9.y kernel with tip commit e80a8a5
> ("Merge remote-tracking branch 'stable/linux-4.9.y' into rpi-4.9.y")
> as well.  In addition to disabling the full selftest, I had to revert
> commit b76c8d5 ("clk-bcm2835: Read max core clock from firmware") in
> order for the TPM to initialize prior to IMA.