I need some information about which model TPM can be used. somebody can help me?
Hi @fxtsupport ,
Welcome to the community! 
Which OS are you using?
Can you elaborate on your use-case? Where are you planing to use the TPM? On U-Boot level or kernel level?
Best Regards
Kevin
Hi @kevin.tx , sorry for delay.
I will use Yocto.
My device is a client that communicate with a server using crypto E2E.
I need to use the TPM to store the key pairs.
Which TPM module it is recommended? (I think to use IRIDIUM SLM 9670 TPM2.0)
https://www.infineon.com/cms/en/product/evaluation-boards/iridium-slm-9670-tpm2.0/
How integrate it with BSP?
Thanks
Can you give me something information how use tpm2 ?
Hello @fxtsupport ,
Here you have a post where the customer managed to do some tests with a similar module, maybe this helps:
Best regards,
Josep
Hello @fxtsupport ,
Do you have any updates on this topic?
Best regards,
Josep
I’m tryng.
My current setup is Iris + Infineon-Iridium_1-0_9670 but I have difficult on SPI to active correctly.
Hello @fxtsupport
Could you give us more details on that issue? (error messages, logs, etc…)
Best regards,
Josep
I reset all.
I need the correct sequence to apply for link tpm module SLI9670.
Can you help me?
I connect the module (see attached the PDF) like this:
| SIGNAL | SLI 9670 | iM6xULL Colibrì | IRIS X16 |
|---|---|---|---|
| PWR | 1 | - | 33 |
| GND | 6 | - | 36 |
| CS | 26 | 86 | 9 |
| MOSI | 19 | 92 | 11 |
| MISO | 21 | 90 | 10 |
| SCLK | 23 | 88 | 8 |
But I have problem to modify dtb.
Infineon-Iridium_1-0_9670_HD-AdditionalTechnicalInformation-v01_01-EN.pdf (763.3 KB)
Hi @fxtsupport !
Could you please share what and how you tried?
We can try to help you from your starting point.
Best regards,
I have activated on kernel the INFINEON and SPI module; see attached devconfig.
But when started the dmesg write:
…
5.788643] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
[ 6.038975] systemd-journald[113]: Received client request to flush runtime journal.
[ 8.546683] caam-snvs 20cc000.caam-snvs: violation handlers armed - init state
[ 8.849837] spi_imx 2008000.spi: probed
[ 8.891945] imx-sdma 20ec000.sdma: loaded firmware 3.5
[ 10.817597] crng init done
[ 10.822038] random: 3 urandom warning(s) missed due to ratelimiting
[ 12.613366] CAN device driver interface
[ 13.667597] mcp251x spi0.0: MCP251x didn’t enter in conf mode after reset
[ 13.676304] mcp251x spi0.0: Probe failed, err=16
[ 13.769242] mcp251x: probe of spi0.0 failed with error -16
[ 13.964807] Bluetooth: Core ver 2.22
[ 13.990458] NET: Registered protocol family 31
…
Under /sys/bus/spi/drivers i found:
at25 mcp251x spidev st33zp24-spi tpm_tis_spi
How I must change the device tree?
defconfig (133.0 KB)
I modify my dtb using the patch attached.
Can you help me to investigate what’s happens?
0001-configurazione-device-tpm.patch (1.7 KB)
imx6ull-colibri-eval-v3.dtsi (3.3 KB)
see on attached
tdx_info.txt (2.7 KB)
Hello @fxtsupport ,
Maybe these topics from the NXP community might help you. They are not for iMX6ULL specifically but can give some ideas where the problem could be. https://community.nxp.com/t5/i-MX-Processors/Interface-TPM-2-0-SLB9670-with-IMX8M-processor/m-p/1430035
https://community.nxp.com/t5/i-MX-Processors/i-MX8MP-SPI-connection-with-TPM-SLB9670/m-p/1612460
TPM SLB9670 with IMX6-UL - NXP Community
this is also the overlay for Raspberry linux/tpm-slb9670-overlay.dts at rpi-6.1.y · raspberrypi/linux · GitHub
The “official” board for this TPM supported by Infineon
/*
* Device Tree overlay for the Infineon SLB9670 Trusted Platform Module add-on
* boards, which can be used as a secure key storage and hwrng.
* available as "Iridium SLB9670" by Infineon and "LetsTrust TPM" by pi3g.
*/
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2835";
fragment@0 {
target = [&spi0];
__overlay__ {
status = "okay";
};
};
fragment@1 {
target = [&spidev1];
__overlay__ {
status = "disabled";
};
};
fragment@2 {
target = [&spi0];
__overlay__ {
/* needed to avoid dtc warning */
#address-cells = [1];
#size-cells = [0];
slb9670: slb9670@1 {
compatible = "infineon,slb9670";
reg = [1]; /* CE1 */
#address-cells = [1];
#size-cells = [0];
spi-max-frequency = [32000000];
status = "okay";
};
};
};
};
I have used the oscilloscope and the CS is not asserted.
Do you have any ideas?
On attached my dtsi and dtb decompilated
imx6ull-colibri-eval-v3.dtsi (3.5 KB)
imx6ull-colibri-eval-v3.dtb.txt (64.1 KB)
hi @fxtsupport ,
since you use the TPM on &ecspi1 together with mcp2515, I think you should use the following snippet for the TPM instead:
tpm0: slb9670@1 {
compatible = "infineon,slb9670";
reg = <1>;
spi-max-frequency = <10000000>;
status = "okay";
};
You can see the example given in the SPI binding document here:
spi-controller.yaml - Documentation/devicetree/bindings/spi/spi-controller.yaml - Linux source code (v6.3.6) - Bootlin
Let’s know if it works.
The mcp2515 was disabled (status = “disabled”;).
Seem that driver slb9670 is not managing the chip-select.
you are right, it is disabled. Looking closer, I see that:
- you seem to use the imx6ull-colibri-eval-v3.dtsi for Colibri Eval Board as the base for your dts instead of imx6ull-colibri-emmc-iris-v2.dts. Any reason for that?
- looking at your tdx-info output, it seems that your device tree is not loaded at all. Can you check?
-
I am using eval-v3 because the can0 node were configure correctly, so I started from a working base. In fact, with the can0 node enabled on the oscilloscope, I see the CS managed. After this test I have added the tpm0 node and disable can0 but seem the driver not managing the CS.
-
Monday in the control laboratory.
P.S. my git of kernel is 5.4.193+gitAUTOINC!!!