[PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default

Jarkko Sakkinen jarkko at kernel.org
Wed May 22 14:11:11 UTC 2024


On Wed May 22, 2024 at 4:17 PM EEST, Vitor Soares wrote:
> > 1. What is the aarch64 platform you are using?
>
> I was testing this on the Toradex Verdin iMX8MM SoM.
>
> > 2. What kind of TPM you are using and how is it connect?
>
> TPM device is the ATTPM20P connect through the SPI at speed of 36 MHz.
> The bus is shared with a CAN controller (MCP251xFD), so both mues work together.
>
> The dts looks like:
> tpm1: tpm at 1 {
>         compatible = "atmel,attpm20p", "tcg,tpm_tis-spi";
>         interrupts-extended = <&gpio1 7 IRQ_TYPE_LEVEL_LOW>;
>         pinctrl-0 = <&pinctrl_can2_int>;
>         pinctrl-names = "default";
>         reg = <1>;
>         spi-max-frequency = <36000000>;
> };

Thank you, this exactly what I was looking for. Don't expect any
improvement to the situation before rc1 is out. It is better to
investigate the situation a bit first.

E.g. some people test with fTPM TEE so this was pretty essential
to know that it is a chip going through.

For tpm_crb we should actually disable HMAC at some point. It is
essentially a performance regression for it.

BR, Jarkko



More information about the Linux-security-module-archive mailing list