mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-06-05 02:20:30 +00:00
Code Issues Projects Releases Wiki Activity

trusted-firmware-a: continue if TPM device is missing

Browse Source 
All other firmware boot components also continue booting
if TPM is not found. It is up to subsequent SW components
to e.g. fail if rootfs can't be decrypted. Enables policies
like fall back to unencrypted rootfs if TPM device is
not found with qemu and swtpm.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Mikko Rapeli
2024-04-30 15:37:27 +03:00
committed by Jon Mason
parent 8399d913a9
commit 0923cc8a20
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm/recipes-bsp/trusted-firmware-a/files/0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch
+36
View File
@@ -0,0 +1,36 @@
From 1d1425bde8435d6e2b3e4f2b7bcb2eb293ef9601 Mon Sep 17 00:00:00 2001
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Date: Mon, 15 Jan 2024 09:26:56 +0000
Subject: [PATCH] qemu_measured_boot.c: ignore TPM error and continue with boot
If firmware is configured with TPM support but it's missing
on HW, e.g. swtpm not started and/or configured with qemu,
then continue booting. Missing TPM is not a fatal error.
Enables testing boot without TPM device to see that
missing TPM is detected further up the SW stack and correct
fallback actions are taken.
Upstream-Status: Pending
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
plat/qemu/qemu/qemu_measured_boot.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c
index 122bb23b14..731b081c47 100644
--- a/plat/qemu/qemu/qemu_measured_boot.c
+++ b/plat/qemu/qemu/qemu_measured_boot.c
@@ -79,7 +79,8 @@ void bl2_plat_mboot_finish(void)
* Note: In QEMU platform, OP-TEE uses nt_fw_config to get the
* secure Event Log buffer address.
*/
- panic();
+ ERROR("Ignoring TPM errors, continuing without\n");
+ return;
}
/* Copy Event Log to Non-secure memory */
--
2.34.1
meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
+5
View File
@@ -11,3 +11,8 @@ SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=ht
SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
# continue to boot also without TPM
SRC_URI += "\
file://0001-qemu_measured_boot.c-ignore-TPM-error-and-continue-w.patch \
"