Which Khadas SBC do you use?
VIM3
Which system do you use? Android, Ubuntu, OOWOW or others?
Debian 12
Which version of system do you use? Khadas official images, self built images, or others?
self built image
Please describe your issue below:
How to use TPM module on VIM3: Quick start guide 
The following TPM modules were tested with VIM3:
-
TPM-SPI for ASUS, mcu: Nuvoton NPCT750A
-
GC-TPM2.0 for Gigabyte, mcu: Infineon SLB9670
Both TPM modules have SPI interface.
The TPM module is connected to an external 40-pin GPIO header VIM3:
I connected TPM module Reset pin to VIM3 VCC3.3v through a 10Π resistor.
Presets:
- Config and rebuild Linux kernel - kernel-config:
make kernel-config
release SPI1 β spidev:
Device Drivers ---> [*] SPI support ---> <M> User mode SPI device driver support
enable TPM:
Device Drivers ---> Character devices ---> <M> TPM Hardware Support --->
<M> TPM Interface Specification 1.2 Interface / TPM 2.0 FIFO Interface
<M> TPM Interface Specification 1.3 Interface / TPM 2.0 FIFO Interface - (SPI)
After this, we rebuild the kernel:
make kernel-deb
After this, from the fenix directory build/images/debs/1.5.2/VIM3 from the deb package linux-image-amlogic-mainline_1.5.2_arm64.deb from boot directory we take the files:
- config-6.2.0
- System.map-6.2.0
- vmlinuz-6.2.0
and copy them to /boot/ on the SD card. Moreover, we copy file vmlinuz-6.2.0 twice: under the name vmlinuz-6.2.0 and under the name zImage. From the deb package linux-image-amlogic-mainline_1.5.2_arm64.deb from lib/modules/6.2.0/kernel/drivers/char directory we copy the directory tpm to /rootfs/lib/modules/6.2.0/kernel/drivers/char on the SD card.
- Device tree:
There are two options: 2.1 - add a record directly to the device tree or 2.2 - make an overlay, which will add the necessary functionality on top of the device tree. See the second option below.
2.1
2.1.1
- Get /boot/dtb.img (from SD card)
- decompile dtb (explanation here)
- add to dts somewhere near:
spi@15000 {
compatible = "amlogic,meson-g12a-spicc";
this entry:
tpm_tis_spi:@0 {
status = "okay";
compatible = "infineon,slb9670", "tcg,tpm_tis_spi";
reg = <0>;
spi-max-frequency = <43000000>;
};
and reassemble dtb.
2.1.2
In /boot/env.txt (on the SD card), add spi1 to overlays and remove uart3 and pwm_f (explanation here).
2.2
2.2.1
We add an overlay for the device tree with the following content to the kernel (arch/arm64/boot/dts/amlogic/overlays/kvim3/tpm.dts):
/dts-v1/;
/plugin/;
/ {
fragment@0 {
target = <&spicc1>;
__overlay__ {
spidev@0 {
status = "disabled";
};
};
};
fragment@1 {
target = <&spicc1>;
__overlay__ {
status = "okay";
tpm_tis_spi:tpm@0 {
status = "okay";
compatible = "infineon,slb9670", "tcg,tpm_tis_spi";
reg = <0>;
spi-max-frequency = <43000000>;
};
};
};
};
Here we disable the spidev device controlled by the spicc1 controller and enable a device of type tpm_tis_spi instead. Also donβt forget to add our overlay to the list of files for build (arch/arm64/boot/dts/amlogic/overlays/kvim3/Makefile).
2.2.2
We build the modules and dtb and upload them to the device (SD card). The file with overlay for tpm should be placed in the /boot/dtb/amlogic/overlays/kvim3/ directory on the SD card. In the /boot/env.txt file, add tpm to the overlay=β¦ tpm list. Check after reboot. 2.2.3
Also, donβt forget to add spi1 to /boot/env.txt in overlays and remove uart3 and pwm_f (explanation here).
To check TPM module, in addition to dmesg | grep -i tpm and the presence of device files /dev/tpm0, you can use some tests.
More details about tests, as well as how to enable TPM in u-boot and how to use TPM module in Debian, you can read in my github - https://github.com/miksadikov/kvim3TPM