RuhanSA079
Posts: 9
Joined: Sun Nov 03, 2013 4:54 pm

tpm-slb9670 assistance on CM4

Tue Jul 12, 2022 3:05 pm

Good day.

I'm having some issues in getting a SLB9670 module connected to my custom CM4 board.
I have developed a CM4 board, but a client requested that I need to add a TPM2.0 module for their security software. Been busy getting the slb9670 development kit, with the goal of designing a custom TPM "daughterboard", if the TPM testing proves successful.

I do not have access to the first SPI bus on the custom board, but I do have access to SPI3. (GPIO 0 to GPIO 3)

I would like to change my tpm-slb9670 overlay from SPI0 to SPI3, but I have no idea on how to do it exactly. (Bit of a noob on this)
All my attempts have been futile so far, to the point where I have butchered the source code.

What do I change on the dts, for SPI3 to work with the TPM? (I will keep this file as a backup, and my buildserver can just replace that file if need be)
Here is the overlay for the tpm-slb9670:

Code: Select all

/*
 * Device Tree overlay for the Infineon SLB9670 Trusted Platform Module add-on
 * boards, which can be used as a secure key storage and hwrng.
 * available as "Iridium SLB9670" by Infineon and "LetsTrust TPM" by pi3g.
 */

/dts-v1/;
/plugin/;

/ {
        compatible = "brcm,bcm2835";

        fragment@0 {
                target = <&spi0>;
                __overlay__ {
                        status = "okay";
                };
        };

        fragment@1 {
                target = <&spidev1>;
                __overlay__ {
                        status = "disabled";
                };
        };

        fragment@2 {
                target = <&spi0>;
                __overlay__ {
                        /* needed to avoid dtc warning */
                        #address-cells = <1>;
                        #size-cells = <0>;
                        slb9670: slb9670@1 {
                                compatible = "infineon,slb9670";
                                reg = <1>;      /* CE1 */
                                #address-cells = <1>;
                                #size-cells = <0>;
                                spi-max-frequency = <32000000>;
                                status = "okay";
                        };

                };
        };
};
I have access to a Pi4, and a few CM4 modules to test with.
Your feedback is greatly appreciated.

Thanks

PhilE
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 4608
Joined: Mon Sep 29, 2014 1:07 pm
Location: Cambridge

Re: tpm-slb9670 assistance on CM4

Tue Jul 12, 2022 3:21 pm

You first need to enable SPI3 on GPIOs 0-3 (without spidev). One CS line (CS0) is enough:

Code: Select all

dtoverlay=spi3-1cs,cs0_spidev=off
Then you just need to change the target of the tpm overlay and the CS/CE line. We can simplify things slightly because we don't need to enable SPI3 or disable spidev - both have been done already. Something like this:

Code: Select all

/*
 * Device Tree overlay for the Infineon SLB9670 Trusted Platform Module add-on
 * boards, which can be used as a secure key storage and hwrng.
 * available as "Iridium SLB9670" by Infineon and "LetsTrust TPM" by pi3g.
 */

/dts-v1/;
/plugin/;

/ {
        compatible = "brcm,bcm2711";

        fragment@0 {
                target = <&spi3>;
                __overlay__ {
                        /* needed to avoid dtc warning */
                        #address-cells = <1>;
                        #size-cells = <0>;
                        slb9670: slb9670@0 {
                                compatible = "infineon,slb9670";
                                reg = <0>;      /* CE0 */
                                #address-cells = <1>;
                                #size-cells = <0>;
                                spi-max-frequency = <32000000>;
                                status = "okay";
                        };
                };
        };
};
Note that I changed the compatible string to indicate that it is only compatible with BCM2711 (not the older Pis).

RuhanSA079
Posts: 9
Joined: Sun Nov 03, 2013 4:54 pm

Re: tpm-slb9670 assistance on CM4

Wed Jul 13, 2022 11:00 am

PhilE wrote:
Tue Jul 12, 2022 3:21 pm
You first need to enable SPI3 on GPIOs 0-3 (without spidev). One CS line (CS0) is enough:

Code: Select all

dtoverlay=spi3-1cs,cs0_spidev=off
Then you just need to change the target of the tpm overlay and the CS/CE line. We can simplify things slightly because we don't need to enable SPI3 or disable spidev - both have been done already. Something like this:

Code: Select all

/*
 * Device Tree overlay for the Infineon SLB9670 Trusted Platform Module add-on
 * boards, which can be used as a secure key storage and hwrng.
 * available as "Iridium SLB9670" by Infineon and "LetsTrust TPM" by pi3g.
 */

/dts-v1/;
/plugin/;

/ {
        compatible = "brcm,bcm2711";

        fragment@0 {
                target = <&spi3>;
                __overlay__ {
                        /* needed to avoid dtc warning */
                        #address-cells = <1>;
                        #size-cells = <0>;
                        slb9670: slb9670@0 {
                                compatible = "infineon,slb9670";
                                reg = <0>;      /* CE0 */
                                #address-cells = <1>;
                                #size-cells = <0>;
                                spi-max-frequency = <32000000>;
                                status = "okay";
                        };
                };
        };
};
Note that I changed the compatible string to indicate that it is only compatible with BCM2711 (not the older Pis).
Thank you, the TPM probe now works, but it seems that the driver cannot communicate to the tpm chip or something?
EDIT:

Code: Select all

[    8.694338] tpm tpm0: tpm_try_transmit: send(): error -5
[    9.152185] tpm_tis_spi spi3.0: 1.2 TPM (device-id 0x1B, rev-id 22)
[    9.163848] tpm tpm0: tpm_try_transmit: send(): error -5
[    9.192564] tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
[    9.276627] tpm_tis_spi: probe of spi3.0 failed with error -5
root@cmdevel:/home/admin# sudo raspi-gpio-snap.raspi-gpio get
BANK0 (GPIO 0 to 27):
GPIO 0: level=1 func=OUTPUT pull=UP
GPIO 1: level=1 alt=3 func=SPI3_MISO pull=UP
GPIO 2: level=1 alt=3 func=SPI3_MOSI pull=UP
GPIO 3: level=0 alt=3 func=SPI3_SCLK pull=UP
This device runs on Ubuntu Core, I had to build a raspi-gpio snap in order to get the gpio states.

PhilE
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 4608
Joined: Mon Sep 29, 2014 1:07 pm
Location: Cambridge

Re: tpm-slb9670 assistance on CM4

Wed Jul 13, 2022 2:18 pm

I think the driver is complaining that the TPM_STS_DATA_EXPECT bit is not set when it is trying to send data, but I wouldn't like to guess why. You could try reducing the clock speed to 10kHz (spi-max-frequency = <10000000>;) or lower.

RuhanSA079
Posts: 9
Joined: Sun Nov 03, 2013 4:54 pm

Re: tpm-slb9670 assistance on CM4

Thu Jul 14, 2022 9:50 pm

PhilE wrote:
Wed Jul 13, 2022 2:18 pm
I think the driver is complaining that the TPM_STS_DATA_EXPECT bit is not set when it is trying to send data, but I wouldn't like to guess why. You could try reducing the clock speed to 10kHz (spi-max-frequency = <10000000>;) or lower.
Clocking even lower does not help. I changed the CE pin, as I noticed SPI3 CE1 is broken out as well on my CM4 board, so no need for CE0.

I tried reflecting this dtb change on a Pi4, got this:

Code: Select all

pi@raspberrypi:~ $ dmesg | grep tpm
[    6.079929] tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics
[    6.080101]  tpm_tis_status+0xcc/0xf0 [tpm_tis_core]
[    6.080114]  wait_for_tpm_stat+0x60/0x248 [tpm_tis_core]
[    6.080126]  tpm_tis_send_data+0xe8/0x2a0 [tpm_tis_core]
[    6.080138]  tpm_tis_send_main+0x44/0x120 [tpm_tis_core]
[    6.080149]  tpm_tis_send+0x4c/0xe0 [tpm_tis_core]
[    6.080177]  tpm_transmit+0xd4/0x378 [tpm]
[    6.080198]  tpm_transmit_cmd+0x38/0xc8 [tpm]
[    6.080217]  tpm2_probe+0x118/0x1c0 [tpm]
[    6.080229]  tpm_tis_core_init+0x220/0x580 [tpm_tis_core]
[    6.080246]  tpm_tis_spi_init+0x5c/0x78 [tpm_tis_spi]
[    6.080259]  tpm_tis_spi_probe+0x80/0x9c [tpm_tis_spi]
[    6.080271]  tpm_tis_spi_driver_probe+0x4c/0x68 [tpm_tis_spi]
[    6.835393] tpm tpm0: tpm_try_transmit: send(): error -62
[    6.844644] tpm_tis_spi spi3.1: 1.2 TPM (device-id 0x1B, rev-id 255)
[    7.733608] tpm tpm0: tpm_try_transmit: send(): error -62
[    7.733623] tpm tpm0: A TPM error (-62) occurred attempting to determine the timeouts
[    7.752777] tpm_tis_spi: probe of spi3.1 failed with error -62
On the CM4:

Code: Select all

[    8.868786] tpm tpm0: tpm_try_transmit: send(): error -5
[    9.216357] tpm_tis_spi spi3.1: 1.2 TPM (device-id 0x1B, rev-id 22)
[    9.248216] tpm tpm0: tpm_try_transmit: send(): error -5
[    9.253606] tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
[    9.342855] tpm_tis_spi: probe of spi3.1 failed with error -5
Something in the SPI stack not working correctly?
I even clocked so low as: (spi-max-frequency = <10000>;) no change.

PhilE
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 4608
Joined: Mon Sep 29, 2014 1:07 pm
Location: Cambridge

Re: tpm-slb9670 assistance on CM4

Fri Jul 15, 2022 8:07 am

It seems to work better on the CM4 than on the Pi 4 - at least the rev-id looks plausible, and it doesn't complain about an invalid TMP_STS.

RuhanSA079
Posts: 9
Joined: Sun Nov 03, 2013 4:54 pm

Re: tpm-slb9670 assistance on CM4

Fri Jul 29, 2022 8:07 am

Is there anything else I can do to diagnose the problem?
Only thing I can think of, is to hook up a logic analyzer and try to determine if the pins are toggled correctly or something?
Is the SPI drivers the same for both SPI1 and SPI3, right?
Apart from the device tree assignment.
The TPM module works on SPI1, with my Pi4, not sure why it does not work with SPI3.

RuhanSA079
Posts: 9
Joined: Sun Nov 03, 2013 4:54 pm

Re: tpm-slb9670 assistance on CM4

Wed Aug 03, 2022 9:36 am

Hello, I made a new thread under here: viewtopic.php?p=2025999
As it feels like that while the device-tree is working, communication not so good, therefore, making a new thread, relevant to the topic.

BR

Return to “Device Tree”