Ftpm2

common.mk

@@ -37,7 +37,9 @@ OPTEE_CLIENT_PATH		?= $(ROOT)/optee_client
 OPTEE_TEST_PATH			?= $(ROOT)/optee_test
 OPTEE_EXAMPLES_PATH		?= $(ROOT)/optee_examples
 OPTEE_RUST_PATH			?= $(ROOT)/optee_rust
+OPTEE_FTPM_PATH			?= $(ROOT)/optee_ftpm
 BUILDROOT_TARGET_ROOT		?= $(ROOT)/out-br/target
+MS_TPM_20_REF_PATH		?= $(ROOT)/ms-tpm-20-ref
 
 # default high verbosity. slow uarts shall specify lower if prefered
 CFG_TEE_CORE_LOG_LEVEL		?= 3
@@ -271,6 +273,10 @@ ifeq ($(XEN_BOOT),y)
 DEFCONFIG_XEN=--br-defconfig build/br-ext/configs/xen.conf
 endif
 
+ifeq ($(MEASURED_BOOT_FTPM),y)
+DEFCONFIG_TSS ?= --br-defconfig build/br-ext/configs/tss
+endif
+
 BR2_PER_PACKAGE_DIRECTORIES ?= y
 BR2_PACKAGE_LIBOPENSSL ?= y
 BR2_PACKAGE_MMC_UTILS ?= y
@@ -516,13 +522,8 @@ OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_USER_TA_TARGETS=ta_arm32
 endif
 ifeq ($(COMPILE_S_USER),64)
 OPTEE_OS_TA_DEV_KIT_DIR	?= $(OPTEE_OS_PATH)/out/arm/export-ta_arm64
-ifeq ($(MEASURED_BOOT_FTPM),y)
-# The fTPM TA can only be built for 32-bit so enable the 32-bit libraries as well
-OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_USER_TA_TARGETS="ta_arm64 ta_arm32"
-else
 OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_USER_TA_TARGETS=ta_arm64
 endif
-endif
 
 ifeq ($(COMPILE_S_KERNEL),64)
 OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_ARM64_core=y
@@ -556,6 +557,7 @@ endif
 
 CFG_IN_TREE_EARLY_TAS ?= trusted_keys/f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
 
+
 OPTEE_OS_COMMON_FLAGS ?= \
 	$(OPTEE_OS_COMMON_EXTRA_FLAGS) \
 	PLATFORM=$(OPTEE_OS_PLATFORM) \
@@ -566,6 +568,10 @@ OPTEE_OS_COMMON_FLAGS ?= \
 	DEBUG=$(DEBUG) \
 	CFG_IN_TREE_EARLY_TAS="$(CFG_IN_TREE_EARLY_TAS)"
 
+ifeq ($(MEASURED_BOOT_FTPM),y)
+OPTEE_OS_COMMON_EXTRA_FLAGS += EARLY_TA_PATHS=$(OPTEE_FTPM_PATH)/out/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf
+optee-os-common: ftpm
+endif
 .PHONY: optee-os-common
 optee-os-common:
 	$(MAKE) -C $(OPTEE_OS_PATH) $(OPTEE_OS_COMMON_FLAGS)
@@ -582,26 +588,22 @@ optee-os-devkit:
 # fTPM Rules
 ################################################################################
 
-# The fTPM implementation is based on ARM32 architecture whereas the rest of the
-# system is built to run on 64-bit mode (COMPILE_S_USER = 64). Therefore set
-# TA_DEV_KIT_DIR manually to the arm32 OPTEE toolkit rather than relying on
-# OPTEE_OS_TA_DEV_KIT_DIR variable.
 FTPM_FLAGS ?= 						\
-	TA_CPU=cortex-a9				\
-	TA_CROSS_COMPILE=$(AARCH32_CROSS_COMPILE)	\
-	TA_DEV_KIT_DIR=$(OPTEE_OS_PATH)/out/arm/export-ta_arm32 \
-	CFG_TA_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_TA_MEASURED_BOOT=y
+	CROSS_COMPILE=$(CROSS_COMPILE_S_USER)	\
+	TA_DEV_KIT_DIR=$(OPTEE_OS_TA_DEV_KIT_DIR) \
+	CFG_MS_TPM_20_REF=$(MS_TPM_20_REF_PATH) \
+	O=out
 
 .PHONY: ftpm
 ftpm:
 ifeq ($(MEASURED_BOOT_FTPM),y)
 ftpm: optee-os-devkit
-	$(FTPM_FLAGS) $(MAKE) -C $(FTPM_PATH)
+	$(FTPM_FLAGS) $(MAKE) -C $(OPTEE_FTPM_PATH)
 endif
 
 .PHONY: ftpm-clean
 ftpm-clean:
 ifeq ($(MEASURED_BOOT_FTPM),y)
 ftpm-clean:
-	-$(FTPM_FLAGS) $(MAKE) -C $(FTPM_PATH) clean
+	-$(FTPM_FLAGS) $(MAKE) -C $(OPTEE_FTPM_PATH)
 endif

kconfigs/qemu.conf

@@ -13,3 +13,5 @@ CONFIG_KEYS=y
 CONFIG_TRUSTED_KEYS=y
 CONFIG_ENCRYPTED_KEYS=y
 CONFIG_ARM_FFA_TRANSPORT=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_FTPM_TEE=y

qemu_v8.mk

@@ -35,6 +35,9 @@ ifeq ($(shell uname -m),x86_64)
 RUST_ENABLE ?= y
 endif
 
+# Enable fTPM
+MEASURED_BOOT_FTPM ?= y
+
 include common.mk
 
 DEBUG ?= 1
@@ -58,6 +61,7 @@ PAUTH ?= n
 # Option to configure Memory Tagging Extension
 MEMTAG ?= n
 
+
 ################################################################################
 # Paths to git projects and various binaries
 ################################################################################