I’m working with Yocto “Dunfell” and Mender on Raspberry Pi 3B+ and 4 in 64 bits.
Everything works fine and I would like to take into account the onboarded TPM (Infineon SLB9670).
I saw in the project uboot-mender that they were some flags to activate the TPM management.
As I haven’t found any information on how integrating this thru a recipe, so I decided to ask the community.
Many thanks in advance for your previous help,
Hi @Fabrice this has not yet been fully implemented. I did some work a while ago with UEFI SecureBoot on X86 but never completed it.
The git repo you linked to is our fork of UBoot with just a few local patches so it will have whatever TPM support upstream UBoot has but we have not done anything more with it than that.
What do you intend to use the TPM for?
In regards to Yocto, there are some bits and pieces for TPM support in this layer:
Many thanks for your feedbacks. My problem is that, for Raspberry, the file tpm-sl9670.dtbo must be present in /boot/overlays (I guess in /uboot/overlays) and the file config.txt must have the following additional lines:
I managed to update the this file. But even after copying the .dtbo file at the correct location, the TPM is not detected (it should appear as /dev/tpm0 and /dev/tpmrm0.
I will follow Mirzak’s advice and have a look at meta-secure-core.
I will let you know if it solves the problem.
Once again many thanks for this important clue,
Have a nice day,