Hello everyone,
my goal is (ideally) to access the TPM from inside a Trusted Application.
Background / what I tried
My first attempt was to use a discrete TPM, but this ended up being a dead end due to missing drivers on Jetson. That’s why I would now like to work with the fTPM (which is available in the OP-TEE samples).
As I understand it, the Microsoft fTPM only works when certain fuses are burned. In one of my earlier forum posts, I was told that there is an “fTPM simulation feature after r36.4 release version”. I followed the related documentation (which also mentions Keylime), and was able to use swtpm successfully. With tpm2_pcrread I could see PCR registers changing while the simulation was running.
However, this is of course just the software TPM (swtpm), not the Microsoft fTPM TA. As far as I understand, the MS fTPM is a separate TA inside OP-TEE, which should be accessed via the fTPM helper / fTPM driver (CA ↔ TA ↔ fTPM TA).
Current state
-
I built and installed
nvftpm-helper-app. -
The corresponding TA file for the fTPM helper is placed in the TA directory.
-
Running
sudo nvftpm-helper-app --helpworks fine. -
But running
sudo nvftpm-helper-app -g(query ECID) or-i(query provisioning mode) fails with:ca_query_prov_mode: TEEC_InvokeCommand failed 0xffff0008 origin 0x4 Invalid provision mode!
When I check the supplicant:
$ sudo systemctl restart tee-supplicant
Failed to restart tee-supplicant.service: Unit tee-supplicant.service not found.
$ sudo tee-supplicant
ERR [5749] TEES:main:942: failed to find an OP-TEE supplicant device
I also don’t see any /dev/tee* device nodes.
And importantly: if I try to run nvftpm-helper-app inside the swtpm simulation environment from the Keylime guide, it also fails with the same error.
My questions
- Is it required to have
/dev/tee*device nodes available in order to use the Microsoft fTPM TA? - From what I understand, this looks like a provisioning problem. In the earlier simulation setup (with
swtpm) this was solved by starting a process in user space. But since in this case I want to work with multiple TAs inside OP-TEE, I assume I cannot just “start” the actual Microsoft fTPM TA in the same way, correct? Is this really something fundamentally different, or couldswtpmalready serve my use case?