How to use TPM in u-boot for secure boot?

This forum is for supported devices using an ARMv7 Texas Instruments (TI) SoC.

How to use TPM in u-boot for secure boot?

Postby ry6241 » Thu May 14, 2020 8:59 am

How can I use TPM in u-boot for secure boot ?
I am using a custom board with TI reference and ATMEL TPM.
U-boot supported ATMEL TPM and it provides some commands and driver.
I have successfully enabled TPM support in u-boot.
But I don't know how to proceed further. Can anybody help?
Has anybody used TPM in uboot ?
Posts: 2
Joined: Thu May 14, 2020 8:46 am

Re: How to use TPM in u-boot for secure boot?

Postby summers » Thu May 14, 2020 10:34 am

Well I'm not expert on secure boot, but one of my machines, and odroid-c2 has it (in some form, it can be worked round).

When a machine with secure boot powers up, ROM in the CPU does the first few stages of secure boot. Everything here needs to be signed, so it is known that its not modified. Eventually uboot is called, and this also has to be signed. But this is where the signing usually stops, uboot will boot whatever it needs to and doesn't continue the signature process.

So for linux, its typically only uboot (or the first stage of uboot) than needs signing. If you are lucky, the signing tools are made available by the manufacturer. E.g. for the odroid-c2 hard kernel makes the tools available. So you can spin your own uboot if you need to ...

Not sure if this answers your question, but its as far as I go ...
Posts: 926
Joined: Sat Sep 06, 2014 12:56 pm

Return to Texas Instruments (TI)

Who is online

Users browsing this forum: No registered users and 2 guests