++more
-----Original Message-----
From: Yeoreum Yun <[email protected]>
Sent: Thursday, December 11, 2025 6:14 PM
To: [email protected]
Cc: Kubacki, Michael <[email protected]>; [email protected];
[email protected]; Li, Yi1 <[email protected]>
Subject: [RFC] CryptoPkg: introduce TpmLib for software-based TPM
Hi all,
Recently, I posted TpmLib[0], a wrapper library for the TCG TPM 2.0 Reference
Library[1], intended for use with the software-based TPM driver in
StandaloneMm[2].
This enables the following use cases:
- End-to-end measured boot
- Integration with certain kernel subsystems (e.g., IMA)
- Support for the fTPM feature in the Arm CCA software stack
Overviews
==============
Below diagram explains briefly how TpmLib will be used:
UEFI (Normal world) | Secure World
-------------------------------------------------------------------
+-----------------+ | +-----------+ +----------+
| Tcg2Pei/Tcg2Dxe| | | FtpmDxe |<---->| TpmLib |
+-----------------+ | +-----------+ +----------+
| | |
| | ----------
| | |
| | |
| | +------------------+
| | | StandaloneMmCpu |
| | +------------------+
| | |
| | |
| | |
+----------------------+ | +----------------------------+
| Tpm2InstanceFfaLib |<---------->| StandaloneMmCoreEntryPoint |
+----------------------+ . | (Misc Service) |
. +----------------------------+
.
Communicate via CRB over FF-A [3]
When UEFI issues a TPM command through Tpm2InstanceFfaLib, in accordance with
the TPM Service Command Response Buffer Interface over FF-A specification[3],
the request is received by FtpmDxe[2], a driver running in StandaloneMm[2].
FtpmDxe then invokes TpmLib[0], a wrapper around the TPM 2.0 Reference
Library[1], to process the TPM command correctly.
and when linux boots, the FtpmDxe[2] will communicate with tpm_crb_ffa
driver[4]:
UEFI (Normal world) | Secure World
-------------------------------------------------------------------
|
+----------------------+ | +-----------+ +----------+
| TPM infra-structure | | | FtpmDxe |<---->| TpmLib |
+----------------------+ | +-----------+ +----------+
| | |
| | ----------
| | |
| | |
| | +------------------+
| | | StandaloneMmCpu |
| | +------------------+
| | |
| | |
| | |
+----------------------+ | +----------------------------+
| tpm_crb_ffa driver |<---------->| StandaloneMmCoreEntryPoint |
+----------------------+ . | (Misc Service) |
. +----------------------------+
.
Communicate via CRB over FF-A [3]
The tpm_crb_ffa_driver[4] also issues TPM command requests in accordance with
the TPM Service Command Response Buffer Interface over FF-A specification[3].
Following the same flow described above, FtpmDxe[2] receives the TPM request
and dispatches it to TpmLib[0], which processes the command using the TCG TPM
2.0 Reference Library[1].
How TpmLib works
================
The core of TpmLib[0] is TCG TPM 2.0 Library[1] and it consists of:
+----------------+
| TCG TPM LIB |
+----------------+
|
|
-------------------------------------
| |
+----------------------------+ +-------------------------+
| Crypto / BigInt Library | | Platform Layer |
| (openssl or worfssl) | | (TPMCmd/Platform/src) |
+----------------------------+ +-------------------------+
Current implementation uses openssl for crypto and bigint for TCG TPM
library[1].
Platfrom Layer (generating Endorsement Platform Seed, NV storage for TPM and
etc) is implemented via PlatformTpmLib[2] which is platform specific library as
its name.
When TCG TPM library calls platform specific functions (_plat_XXX), the bridge
layer of TpmLib (TpmPlatformFunctions.c) is called, and it dispatches to
correspondant function in PlatformTpmLib[2].
+----------------------+
| Driver |
| (FtpmDxe - StMM) |
+----------------------+
|
+---------------+ +---------------+ crypto/BigInt
+-------------+
| TpmLib | ------------------> | TCG TPM Lib |
-----------------------> | Openssl |
+---------------+ +---------------+ |
+-------------+
|
|
|
|
+--------------------------------+
+-----------------------------+
| PlatformTpmLib | <---------------- | Platform
Layer |
| (via TpmPlatformFunctions.c | | (via
TpmPlatformFunctions.c)|
+--------------------------------+
+-----------------------------+
Open to discuss
===============
Since TCG TPM 2.0 Reference Library[1]:
- Depend on openssl library using openssl header directly.
- Use standard header files (e.x) stdio.h, stdlib.h and etc.
- Use stadard functions (e.x) memcpy, memset, malloc and etc.
TpmLib is located in CryptoPkg to use openssl and CrtWrapper defined in
CryptoPkg.
However, this makes TpmLib locate in improper place (It might be good to locate
at SecurityPkg).
Futhermore, if new submodule requires the CrtWrapper or implmented tightly with
openssl, There's no other choice to locate it into CryptoPkg in current edk2
structure.
If TpmLib is still fine to locate CryptoPkg, I'll keep this in there.
However, It could be a *bad example* for a submodule to be added in the future
which tighly coupled with openssl though it's not related to "CryptoPkg".
To solve this, I think it would be good:
- Make the CrtWrapper as a independent Library.
so that it could be used to submodule build.
- Make the openssl as independent package with
its header file (openssl/xxx) can be used to submodule build.
But, I'm not sure this would be good.
Also, I wonder how to settle TpmLib properly.
If it's still fine to locate in CryptoPkg, it doesn't matter But, some
additional works're required I'm not sure I should wait for them to be finished
and rebase it or at first move the TpmLib to "edk2-platform" and move it to
edk2 after finish some additional works.
Thank you for reading through this lengthy email.
I welcome any feedback or suggestions you may have.
References
===============
[0] https://github.com/tianocore/edk2/pull/11851
[1] https://github.com/TrustedComputingGroup/TPM
[2] https://github.com/tianocore/edk2-platforms/pull/919
[3] https://developer.arm.com/documentation/den0138/latest/
[4] https://elixir.bootlin.com/linux/v6.18/source/drivers/char/tpm/tpm_crb_ffa.c
--
Sincerely,
Yeoreum Yun
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#121719): https://edk2.groups.io/g/devel/message/121719
Mute This Topic: https://groups.io/mt/116726929/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
