How to Install TPM (Linux, Kernel 2.6.30)

This site has been moved to “requesttutorial.com

Below is the Method showing how to Install TPM 1.2 on Linux (Ubuntu 9.04) with kernel 2.6.30.

See Detail Below

To Install TPM On kernel 2.6.30

1.    Enable the TPM from BIOS

2.    Download the kernel from kernel.org (kernel 2.6.30 in my case), Extract it, enable TPM as module not as part of kernel, means M NOT as * (Didnt worked with *, dont know why), Patches should be Applied to the Kernel, Which are given as:

  • Create a file By name “01-either_dataexpect_or_valid.patch” in Kernel Source Directory and paste the following in to it.

commit cca56d7b550bac0a00d6322b225f4d0a8d3e6b88
Author: David Smith <dds@google.com>
Date:   Tue Apr 28 18:56:39 2009 +0900

Fix tpm_tis driver to support either DATA_EXPECT or VALID status when uploading command data.

The TCG spec says that a VALID status implies that a DATA_EXPECT
status. This occurs in the real world with the iTPM in Intel’s Mobile 4
platform which never sets DATA_EXPECT, but sets VALID when expecting more
data.

Signed-off-by: David Smith <dds@google.com>

diff –git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index aec1931..be112ef 100644
— a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -293,7 +293,8 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
wait_for_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c,
&chip->vendor.int_queue);
status = tpm_tis_status(chip);
–        if ((status & TPM_STS_DATA_EXPECT) == 0) {
+        if ((status & TPM_STS_DATA_EXPECT) == 0 &&
+                    (status & TPM_STS_VALID) == 0) {
rc = -EIO;
goto out_err;
}
@@ -306,7 +307,8 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len)
wait_for_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c,
&chip->vendor.int_queue);
status = tpm_tis_status(chip);
–    if ((status & TPM_STS_DATA_EXPECT) != 0) {
+    if ((status & TPM_STS_DATA_EXPECT) != 0 &&
+            (status & TPM_STS_VALID) == 1) {
rc = -EIO;
goto out_err;
}

  • Create a file By name “02-fix_acpipnp.patch” in Kernel Source Directory and paste the following in to it.

commit 7a553b4e7439ad0733da7da8663d32aa4865aa9e
Author: David Smith <dds@google.com>
Date:   Tue Apr 28 18:52:02 2009 +0900

Update ACPI PNP to support devices with EISA PNP CIDs but non-PNP HIDs
Signed-off-by: David Smith <dds@google.com>

diff –git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c
index 9496494..8bfddfb 100644
— a/drivers/pnp/pnpacpi/core.c
+++ b/drivers/pnp/pnpacpi/core.c
@@ -159,8 +159,8 @@ static int __init pnpacpi_add_device(struct acpi_device *device)
* driver should not be loaded.
*/
status = acpi_get_handle(device->handle, “_CRS”, &temp);

–    if (ACPI_FAILURE(status) || !ispnpidacpi(acpi_device_hid(device)) ||
–        is_exclusive_device(device) || (!device->status.present))
+    if (ACPI_FAILURE(status) || is_exclusive_device(device) ||
+            (!device->status.present))
return 0;dev = pnp_alloc_dev(&pnpacpi_protocol, num, acpi_device_hid(device));

  • Create a file By name “03-reorder_locality_to_after_timeouts.patch” in Kernel Source Directory and paste the following in to it.commit 2117a060d04b1063f26bae6450bdd21be400b799
    Author: David Smith <dds@google.com>
    Date:   Thu Jun 11 08:34:16 2009 +0900Reorder setting chip timeouts to before locality is requested.
    This stops a failure to load roughly half the time of the module.

    Signed-off-by: David Smith <dds@google.com>

    diff –git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
    index be112ef..eea5d4c 100644
    — a/drivers/char/tpm/tpm_tis.c
    +++ b/drivers/char/tpm/tpm_tis.c
    @@ -452,6 +452,12 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
    goto out_err;
    }

    +    /* Default timeouts */
    +    chip->vendor.timeout_a = msecs_to_jiffies(TIS_SHORT_

    TIMEOUT);
    +    chip->vendor.timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT);
    +    chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
    +    chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
    +
    if (request_locality(chip, 0) != 0) {
    rc = -ENODEV;
    goto out_err;
    @@ -459,12 +465,6 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,vendor = ioread32(chip->vendor.iobase + TPM_DID_VID(0));

    –    /* Default timeouts */
    –    chip->vendor.timeout_a = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
    –    chip->vendor.timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT);
    –    chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT);
    –    chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT);

    dev_info(dev,
    “1.2 TPM (device-id 0x%X, rev-id %d)\n”,
    vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));

3.    To Apply patch, use the patch command like
#patch -p <name_of_the_patch

4.    After Successful patching, Compile the kernel.

5.    You will need to install ACPI for the TPM to Work (I dont Know why). Use Synaptic manager for this purpose. Install what ever you get your hands on.

6.    Again Use synaptic manager to install trousers and TPM tools

Advertisements

2 thoughts on “How to Install TPM (Linux, Kernel 2.6.30)

  1. If you are using Newer kernels including 2.6.30 (but I didnt checked) use the following commands for TPM 1.2, No Need for above patches.

    #modprobe tpm_bios

    #modprobe tpm

    #modprobe tpm_tis force=1 interrupts=0

    #tcsd start

    use tpm_version to see if its working…

  2. Hi waqarafridi,

    It was a great blog. I would like to know more about compiling tpmdd-2.6.16 for my Dell Lattitude E6410 with a broadcom tpm chip(1.2) with RHEL 6 64 bit system.
    I have downloaded the tar from SourceForge. Could you please guide me further.

    Thanks,
    Sen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s