Torizoncore Builder with new kernel 6.6.xx

Hi,

I am currently trying to integrate my TPM 2.0 Infineon SLB9673 (I2C) inside my TorizonOS environment.

I used torizoncore builder to update my SoM OS to Tezi 7.0.0 (was Tezi 6.4.0 before) to have my kernel version >= 6.x.x

uname --kernel-release
6.6.23-7.0.0-g558ba3740880

I tried to modify my overlay to make it compatible with my TPM :

&i2c3 {
	status = "okay";
	tpm@2e {
		compatible = "infineon,slb9673", "tcg,tpm-tis-i2c";
		reg = <0x2e>; 
		status = "okay";
		};
	};

I can see and read some register with I2C but the repo : /dev/tpm0 isn’t created at boot.

I made some research inside the linux source and i found that the branch that I’m using inside “tcbdir” is :

toradex_5.15-2.2.x-imx

This is the branch that is mentionned in your tutorial (see screenshot)

I think that I would have to now use the branch : toradex_6.6-2.1.x-imx ? I am using the verdin imx8m-mini SoM.

Because I miss this file inside : /linux/drivers/char/tpm/ from the version 5.15-2.2:
tpm_tis_i2c.c

this file is present in the version 6.6-2.1 repo

I don’t know if this is the reason why my TPM doesn’t work.

I don’t understand why these sources in version 5.x.x would change anything since I have unpacked version 7.0.0 of the torizon image (downloaded locally) which contains version 6.x.x of the Linux kernel?

The kernel is already compiled in your 7.0.0 image with the current linux sources and therefore its ‘new’ drivers, so I’m a bit confused.

Thank you :slight_smile:

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


Hello,

Thank you for reaching out with your question about integrating the TPM 2.0 Infineon SLB9673 with TorizonOS on your Verdin iMX8M Mini SoM. You’ve taken the right steps by updating to TorizonCore 7.0.0 and modifying your device tree overlay. However, the absence of the /dev/tpm0 device file at boot indicates that the necessary driver, tpm_tis_i2c.c, might be missing from your current kernel branch.

Your current branch, toradex_5.15-2.2.x-imx, does not seem to include this driver file, which is crucial for the TPM to function properly. Switching to the toradex_6.6-2.1.x-imx branch could indeed provide the required driver support for your TPM device.

Here are the steps you can follow to address this:

  1. Switch Kernel Branch: Change to the toradex_6.6-2.1.x-imx branch, which is more likely to include the tpm_tis_i2c.c driver.

  2. Rebuild the Kernel: After switching branches, rebuild the kernel to ensure that all necessary drivers, including the TPM driver, are compiled and included.

  3. Verify Kernel Configuration: Ensure that TPM support is enabled in your kernel configuration. You can check this by running make menuconfig and navigating to Device Drivers → Character devices → TPM Hardware Support.

  4. Test the TPM: Once the new kernel is built and deployed, check if the /dev/tpm0 device file is created at boot. You can use tools like tpm2-tools to interact with the TPM and verify its functionality.

By following these steps, you should be able to resolve the issue and successfully integrate your TPM with TorizonOS.

Best regards,
Toradex AI Assistant

Please, also check if these links can help you solve your problem:

Usage of Trusted Platform Module (TPM) with verdin imx8m-mini.

Greetings @autolab,

I don’t understand why these sources in version 5.x.x would change anything since I have unpacked version 7.0.0 of the torizon image (downloaded locally) which contains version 6.x.x of the Linux kernel?

Your intuition is correct, that said you should probably still use the correct Linux version just in case.

As for why /dev/tpm0 isn’t present. Some ideas for you to check. Could you check the the kernel configuration running on this device at /proc/config.gz. I believe for the SLB9673 the relevant kernel configuration is CONFIG_TCG_TIS_I2C. Check to make sure this configuration is at least enabled as a kernel module.

Then you can check if this kernel module is actually being loaded or not. I believe the name of the module would be tpm_tis_i2c. Finally if the kernel module is loaded, check whether the TPM or I2C driver are giving any errors/warnings in dmesg.

Best Regards,
Jeremias

Hi, thank you for the answer

I put in attachment file the return of “zcat /proc/config.gz”
can you see if i miss something in the kernel configuration ?

zcat_proc_config.txt (239.6 KB)

dmesg | grep tpm :
nothing

I can see that my TPM module are automaticaly up but still no /dev/tpm* is created.

lsmod | tpm :
tpm_tis_i2c            16384  0
crc_ccitt              12288  1 tpm_tis_i2c
tpm_tis_core           28672  1 tpm_tis_i2c
tpm                    81920  2 tpm_tis_i2c,tpm_tis_core

I also listed all the modules even the one not charged:

sudo journalctl | grep -i tpm
Nov 21 09:16:20 verdin-imx8mm-xxx systemd[1]: systemd 255.4^ running in system mode (+PAM -AUDIT -SELINUX -APPARMOR +IMA -SMACK +SECCOMP -GCRYPT -GNUTLS -OPENSSL +ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC +KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2 -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)

after some research i founded that “-TPM2” means that TPM support isn’t enabled inside the kernel ?

I know that i can’t rebuild the kernel with torizoncore builder

Do you have any advice about what to try next ?

Thank you

Well it looks like all the software and drivers are present for this TPM. From here I would look to make sure the actual hardware part of things is correct and coherent.

The fact you got nothing from dmesg | grep tpm is a bit telling. This means the driver found nothing to do or work on, otherwise there should have been some kind of log output from the driver.

Looking at your original overlay you’re adding this TPM to the node i2c3 or Verdin interface I2C_4. Have you confirmed the hardware connection is good and correct?

On your device can you check ls -l /dev/verdin-i2c4 and see what i2c bus this points to. Once you have this can you run i2cdetect -y <number of i2c bus> (i.e i2cdetect -y 3). This should show all the i2c devices detected on that particular bus. If your overlay is correct then we should detect this TPM device at the address of “2e”. I’m also assuming this is the correct address for this device.

after some research i founded that “-TPM2” means that TPM support isn’t enabled inside the kernel ?

I’m pretty sure this just means systemd is lacking it’s TPM support, not the kernel as a whole. You can see there is also a “-OPENSSL”, but Torizon OS has openssl support so that wouldn’t make sense if this was for the whole kernel/image.

Best Regards,
Jeremias

1 Like

Thank you a lot for the answer !

I think I made a misstake with the name of the i2c* interface inside my overlay.

I am using the :

I2C_1_SDA & I2C_1_SCL (pins 12 & 14)

which are :

I2C4_SDA & I2C4_SCL

in imx 8mm ball name

so I need to adapt my overlay to i2c4 or i2c1 ?

&i2c1 {
	status = "okay";
	clock-frequency = <100000>;
	#address-cells = <1>;
	#size-cells = <0>;
	slb9673: tpm@2e{
		compatible = "infineon,slb9673";
		reg = <0x2e>; 
		status = "okay";
	};
};

I can see the adress of my TPM (2e) and i can even read some register, so I think my hardware is ok !

so after some tests, It’s the i2c4 :

Again thank you a lot for your help !!!

Have a nice day

Good to see you were able to get your TPM device working. Glad to have been of assistance.

Best Regards,
Jeremias