[coreboot] TPM support for SeaBIOS -- looking for a tester on real hardware

Stefan Berger stefanb at linux.vnet.ibm.com
Sun Sep 11 19:38:43 CEST 2011

On 09/08/2011 03:45 PM, Sven Schnelle wrote:
> Hi Stefan,
> Stefan Berger<stefanb at linux.vnet.ibm.com>  writes:
>> On 09/08/2011 02:47 AM, Sven Schnelle wrote:
>>> Stefan Berger<stefanb at linux.vnet.ibm.com>   writes:
>>>>     Would anybody be interested in testing the TPM support I added to
>>>> SeaBIOS. I unfortunately don't have a motherboard myself where I could
>>>> try it. I have added the support to SeaBIOS for the TPM device model
>>>> in Qemu.  What you would need for trying it is a motherboard with a
>>>> TPM 1.2 on it. The SeaBIOS TPM support should recognize it, initialize
>>>> the TPM and allow the user to enter another SeaBIOS menu.
>>> I have coreboot + seabios running on Thinkpad X60s and T60p. IIRC both
>>> models have TPM onboard. I could give it a try, but i don't know if i
>>> have to add any code to coreboot for HW initialization. Actually i have
>>> no clue how TPM works, never played with it so far... :)
>> Could you pick up the patches from the SeaBIOS mailing list and try them?
>> The latest patches were posted in this thread:
>> http://www.seabios.org/pipermail/seabios/2011-August/002252.html
> I've applied your TPM/TCG patches to seabios. I've seen that
> CONFIG_TCGBIOS depends on !COREBOOT. Is there a specific reason for
> this?
I believe the reason for this is that SeaBIOS's ACPI table support is 
not compiled in if compiled for COREBOOT. At least some part of the TPM 
support does depend on the ACPI tables, i.e., for all the logging.

> tis_probe() failed to read the Device/Vendor ID from the MMIO space.
> Linux detects the TPM device and can read the register:
> [    0.549893] tpm_tis 00:0a: 1.2 TPM (device-id 0x3202, rev-id 5)
> After i added the following, seabios was able to read the DID_VID register:
> diff --git a/src/tpm_drivers.c b/src/tpm_drivers.c
> index e03c9bd..7103d54 100644
> --- a/src/tpm_drivers.c
> +++ b/src/tpm_drivers.c
> @@ -28,6 +28,8 @@ static u32 tpm_default_durations[3] = {
>   static u32 tis_probe(void)
>   {
>       u32 rc = 0;
> +
I suppose reading 'didvid' returned 0xFFFFFFFF before? I am surprised 
that these most basic registers are 'hidden' if the locality is not in 
use. This for sure isn't the case for registers of other localities 
where one can read at least the state if another locality is currently 
>       u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));
>       if ((didvid != 0)&&  (didvid != 0xffffffff))
> After that i was able to read the IDs. However, this made my Thinkpad
> take about 15s until seabios showed the SeaBIOS version line on the
> screen. SeaBIOS also didn't show the F11 message.
> I haven't tried to debug that further - fear that this will have to wait
> for the weekend. Just want to send you the results from the first
> (short) test.
Let me know how this went.
Maybe  enabling the debugging messages shows something useful. Try 
setting the DEBUG_tcg to 0 in src/config.h.

> Sven

More information about the coreboot mailing list