How to enable TPM

Autonomous Machines IGX Orin Support Forum IGX Developer Kit
1

Hi,

Our IGX dev kit version is QS2, and there should be hardware interfaces available to support TPM. However, in the OS, we cannot detect the TPM module. Therefore, we attempted to extract your kernel config using “zcat /proc/config.gz > filename.config” and found that some TPM-related configurations were not enabled, such as “CONFIG_TCG_TPM=y” and “CONFIG_TCG_TIS_SPI=y.”

We would like to confirm with Nvidia how to enable TPM on the QS2 hardware without kernel / DTS sources. What would be the most suitable approach in this situation?

3

Hi,
Please share the information for reference:

$ cat /etc/nv_tegra_release

4

#R35 (release), REVISION:4.0 , GCID: 33352811, BOARD: t186ref, EABI: aarch64, DATE: Mon May 22 18:18:27 UTC 2023

5

Hi,
For enabling TPM, you need to add kernel config and modify device tree. To rebuild/replace kernel image and dtb. For now the system image is prebuilt. We will check with our teams for the release plan of enabling kernel customization.

For example, if the TPM is connected to SPI1, the steps will be like:

  1. modify the pins in cfg file
pinmux.0x0243d040 = 0x00000444; # spi1_sck_pz3: rsvd1, pull-down, tristate-enable, input-enable, lpdr-disable
pinmux.0x0243d020 = 0x00000444; # spi1_miso_pz4: rsvd1, pull-down, tristate-enable, input-enable, lpdr-disable
pinmux.0x0243d058 = 0x00000444; # spi1_mosi_pz5: rsvd1, pull-down, tristate-enable, input-enable, lpdr-disable
pinmux.0x0243d010 = 0x00000008; # spi1_cs0_pz6: rsvd1, pull-up, tristate-enable, input-enable, lpdr-disable
pinmux.0x0243d050 = 0x00000448; # spi1_cs1_pz7: rsvd1, pull-up, tristate-enable, input-enable, lpdr-disable
  1. modify device tree
	spi@3210000 {
		status = "okay";
		cs-gpios = <&tegra_main_gpio TEGRA194_MAIN_GPIO(Z, 6) GPIO_ACTIVE_LOW>;
		sbl9670@0 {
			compatible = "infineon,slb9670";
			reset-gpios = <&tegra_main_gpio TEGRA194_MAIN_GPIO(A, 2) GPIO_ACTIVE_LOW>;
			reg = <0x0>;
			spi-max-frequency = <32000000>;
			controller-data {
				nvidia,variable-length-transfer;
				nvidia,rx-clk-tap-delay = <0x31>;
			};
		};
	};
  1. enable kernel config
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS_SPI=y
  1. Rebuild kernel image and dtb
1 Like
8

Hi DaneLLL,

Understood. I’d like to confirm, so the only option for us right now is to wait for Nvidia next release? If that’s the case, could you please inquire about the expected release timeframe ?

Thanks