IMX6ULL Build Fail - TPM software support - libtss2-tcti-device

I just tried to rebuild the tdx-reference-minimal-image and i keep getting the following error

'Nothing RPROVIDES ‘libtss2-tcti-device’

Looking at the log for meta-toradex-demos recipe i see the following change

2023-12-18 : add tpm software support [kirkstone-6.x.y] by Joao Paulo Goncalves

This explains why i could build with no issue but now can not.

How do i install ‘libtss2-tcti-device’’ ?

Hello Adrian,

Firstly, please verify if your bblayers.conf has been updated with the version from within meta-toradex-distro (in buildconf/bblayers.conf). Ensure that the meta-tpm layer is included in your bblayers.conf; if it’s missing, simply copy it from meta-toradex-disto to your build/conf folder.

If the issue persists after the initial step, consider performing a fresh build. I recommend relocating your sstate cache folder outside the build directory and adjusting your local.conf accordingly. By doing this, you can delete your current build folder and rerun bitbake, utilizing your cached data. The issue likely arose due to the incorporation of TPM libraries into our BSP layers (found in the new meta-security layer for TPM support), and it’s probable that your bblayers.conf hasn’t been updated with the latest version.

João Paulo Goncalves

Hi @adrian !

In addition to @joao.tx’s answer:

From what I can see, libtss2-tcti-device (and other TPM-related stuff) is provided by the meta-tpm [1], which lives inside meta-security.

Currently, on kirskstone-6.x.y manifest, the TPM setup is done for machines of the Verdin family: currently verdin-imx8mp, verdin-imx8mm, and verdin-am62 [2, 3, 4].

So, currently, Colibri iMX6ULL is not contemplated.

You can see from e.g. verdin-imx8mp.conf that MACHINE_FEATURES contains tpm2 [2]. This is used by [5] to include the packagegroup-tpm2-tdx-cli, which is defined in [6].

You can try to do the same for Colibri iMX6ULL: enable the tpm2 in your MACHINE, perform the necessary changes in your device tree [overlay], and enable the kernel configs related to your TPM.

[1] : meta-tpm - meta-security - Security tools for Internet connected devices
[2] : verdin-imx8mp.conf « machine « conf - meta-toradex-nxp.git - Toradex BSP layer, recipes for NXP based modules
[3] : verdin-imx8mm.conf « machine « conf - meta-toradex-nxp.git - Toradex BSP layer, recipes for NXP based modules
[4] : verdin-am62.conf « machine « conf - meta-toradex-ti.git - Toradex BSP layer, recipes for TI based modules
[5] : « images « recipes-images - meta-toradex-demos.git - Toradex BSP layer, recipes for the demo images
[6] : « images « recipes-images - meta-toradex-demos.git - Toradex BSP layer, recipes for the demo images

Best regards,

Thanks Henrique for answering.

I have the same issue but with verdin-imx8mp. I created a custom image and distro and somehow it always asks for this tpm stuff. Even adding it to my image doesn’t help only deleting it out of packagegroup-tpm2-tdx-cli helps for me.

I just wanted to let you know, didn’t have time yet to debug this to the bottom. But it feels something is wrong on quarterly 6.5.0. If you have some debugging time on hand or know what’s wrong I’d really appreciate some help with this as it seems not limited to ULL

Best Regards,

Hi @philschenker !

Thanks for the additional information.

I just built Reference Minimal Image from 6.5.0-devel-20240125014620+build.0 for Verdin iMX8MP and it worked for me.

Would it be possible that the cache is making the build fail on your side?

Have you tried cleaning (e.g. -c cleanall) the TPM-related recipes? Or maybe wiping out the cache folders? :grimacing:

Best regards,

The problem arises when building another image than toradex reference ones. And the problem was related to packagegroup-tdx-cli which I included in my image. My solution is to just pick the packages one by one without the whole group and now it works.

Somehow it is related that packagegroup-tpm2-tdx-cli is in PACKAGES variable but not in RDEPENDS and the refence images then include packagegroup-tpm2-tdx-cli separately with packagegroup-tdx-cli also included. I believe this has to do as OE complains that there is no RPROVIDES (from the respective packages in meta-security). if it is being put into RDEPENDS.

Even if I tried the same on my image this didn’t work. I still do not 100% understand how it works for the reference images, and at that point that I found a solution for myself I cannot spend more time on this.

All this feels to me that it builds for Toradex reference images with a workaround (that I don’t understand), and since I’m not the only customer stumbling upon this behavior it would be nice to fix it so one doesn’t get trapped.

Best regards,

Hi @philschenker !

Thanks for the clues about the issue.

As I could not reproduce it, I would need to invest some time (e.g. creating my own image recipe, right?) to reproduce and then investigate the issue.

If you (or @adrian) could share with us a way of reproducing the issue, it would be really helpful :slight_smile:

Best regards,


I simply downloaded the image from your site and proceeded to build the kernel image.

I could not figure out how to install any library for the libtss2-tti-device

Is it that i had something selected in the ‘menu conifig’ configuration ?
(All i usually do is to remove the support for the touchpad, mouse, keyboard and soundcard)

Hi @adrian !

From your first message, I understood that you were using Yocto. But with this message, I am a bit confused…
Are you building the kernel manually (I mean, following the Build Linux Kernel from Source Code | Toradex Developer Center article) or using Yocto (Build a Reference Image with Yocto Project/OpenEmbedded | Toradex Developer Center)?

This is handled by the recipes as explained in the message above

Also, as said, I could not reproduce this issue. Could you please share the detailed steps you are performing, so I could follow each of them and try to reproduce the issue?

In parallel, could you please share which exact manifest version you are using?
Could you try using the manifest of the latest quarterly (currently version 6.5.0 - toradex-manifest.git - Repo manifest for Toradex Embedded Linux TorizonCore and BSP layer setup for Yocto Project/Openembedded), instead of using kirkstone-6.x.y?

Best regards,

I tried reproducing but I had to give up now, it took too long.

Best regards,

Hi all!

Since I could not reproduce the issue (after building from scratch and using the latest manifest), I won’t be trying with this anymore.

If someone hits this issue again and/or comes back with a way to reproduce it, please let us know and we can continue from there.

Thanks for the comprehension.

Best regards,