How to use TPM in u-boot for secure boot?

ry6241

How can I use TPM in u-boot for secure boot ?
I am using a custom board with TI reference and ATMEL TPM.
U-boot supported ATMEL TPM and it provides some commands and driver.
I have successfully enabled TPM support in u-boot.
But I don't know how to proceed further. Can anybody help?
Has anybody used TPM in uboot ?
summers

Well I'm not expert on secure boot, but one of my machines, and odroid-c2 has it (in some form, it can be worked round).

When a machine with secure boot powers up, ROM in the CPU does the first few stages of secure boot. Everything here needs to be signed, so it is known that its not modified. Eventually uboot is called, and this also has to be signed. But this is where the signing usually stops, uboot will boot whatever it needs to and doesn't continue the signature process.

So for linux, its typically only uboot (or the first stage of uboot) than needs signing. If you are lucky, the signing tools are made available by the manufacturer. E.g. for the odroid-c2 hard kernel makes the tools available. So you can spin your own uboot if you need to ...

Not sure if this answers your question, but its as far as I go ...
