Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2226105/?format=api
{ "id": 2226105, "url": "http://patchwork.ozlabs.org/api/patches/2226105/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260422091949.1684616-1-s-tripathi1@ti.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260422091949.1684616-1-s-tripathi1@ti.com>", "list_archive_url": null, "date": "2026-04-22T09:19:49", "name": "doc: board: ti: k3: Add fTPM support documentation", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "f6f060c33b1f8a30f2c8391e949a7ae685652ba4", "submitter": { "id": 92686, "url": "http://patchwork.ozlabs.org/api/people/92686/?format=api", "name": "Shiva Tripathi", "email": "s-tripathi1@ti.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260422091949.1684616-1-s-tripathi1@ti.com/mbox/", "series": [ { "id": 500952, "url": "http://patchwork.ozlabs.org/api/series/500952/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=500952", "date": "2026-04-22T09:19:49", "name": "doc: board: ti: k3: Add fTPM support documentation", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500952/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2226105/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2226105/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.a=rsa-sha256\n header.s=selector1 header.b=HTpJUAGt;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=ti.com header.i=@ti.com header.b=\"HTpJUAGt\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=ti.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=s-tripathi1@ti.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0tx90jMTz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 19:20:29 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 1B4518352B;\n\tWed, 22 Apr 2026 11:20:19 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 6C0A383E76; Wed, 22 Apr 2026 11:20:17 +0200 (CEST)", "from PH7PR06CU001.outbound.protection.outlook.com\n (mail-westus3azlp170100009.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c107::9])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 36AB3801A9\n for <u-boot@lists.denx.de>; Wed, 22 Apr 2026 11:20:14 +0200 (CEST)", "from SJ0PR03CA0256.namprd03.prod.outlook.com (2603:10b6:a03:3a0::21)\n by CY8PR10MB6564.namprd10.prod.outlook.com (2603:10b6:930:58::14)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.20; Wed, 22 Apr\n 2026 09:20:11 +0000", "from SJ5PEPF00000203.namprd05.prod.outlook.com\n (2603:10b6:a03:3a0:cafe::81) by SJ0PR03CA0256.outlook.office365.com\n (2603:10b6:a03:3a0::21) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9791.48 via Frontend Transport; Wed,\n 22 Apr 2026 09:20:11 +0000", "from lewvzet200.ext.ti.com (198.47.23.194) by\n SJ5PEPF00000203.mail.protection.outlook.com (10.167.244.36) with Microsoft\n SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n 15.20.9846.18 via Frontend Transport; Wed, 22 Apr 2026 09:20:10 +0000", "from DLEE205.ent.ti.com (157.170.170.85) by lewvzet200.ext.ti.com\n (10.4.14.103) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Wed, 22 Apr\n 2026 04:20:09 -0500", "from DLEE215.ent.ti.com (157.170.170.118) by DLEE205.ent.ti.com\n (157.170.170.85) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Wed, 22 Apr\n 2026 04:20:09 -0500", "from lelvem-mr06.itg.ti.com (10.180.75.8) by DLEE215.ent.ti.com\n (157.170.170.118) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend\n Transport; Wed, 22 Apr 2026 04:20:09 -0500", "from HP-Z2-Tower-G9.dhcp.ti.com (hp-z2-tower-g9.dhcp.ti.com\n [10.24.68.200])\n by lelvem-mr06.itg.ti.com (8.18.1/8.18.1) with ESMTP id 63M9K6Pt1924121;\n Wed, 22 Apr 2026 04:20:07 -0500" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,T_SPF_PERMERROR,WEIRD_QUOTING\n autolearn=ham autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=KLG9fN37jf8aXQYAibne/NIfCbftpKop4gGVRNQmsMpOIs5LQLdiCxhIiRtBtr/3ANPqlBaYuQyCD9mvmJ9yWIsLoYv76aZ5oNO5OW1AkvjuxcpiBk88+wUlGfR8ZWgxc7JKdpmejnZulDtjv8gIBqdzpsqb3Vwsf4fvn4Is+ioljC9z2jR0+8aC8FPnkt5SSAvMYllZClh5dIPvw5iwXV3LZBKkXcSaXBvocYvfmPSAcCwvVco0XKWtwvLJU+HCpZET6cwwSGULP7y+TXkuKvFPf/2my9A89kzb1hD6RsWduA8cJP3CoX1bM1oQLOio6flBK2MeM2J759vXWrO5iQ==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=vBX6q+CYX2pWBS5Y7h6HM7NFPJzwK9Xbuzci4GFCRI8=;\n b=kzqyHuJCzbzh0uSZYU0PRIHDrKlmDOyycLqfY8Ajzb/lKwkuZdH0+D9WsDYvkAsLpgM8NRFZ8w1/UtJdTuTZ/Ywp2PoqC7ZvReWhZhW9mGH10ccFcj5wd/0f/UX47GVtT0tz+iUcFOX4ryyCIsNSVwN4GHWBZ60EQhbLSVM6C+8Yy2Z+K8Pfu9oEBdOAGyitebeQ+tG8N08yNLH/WYAxQ3K6ToFZmPecl8dIUgUBmZMPECuoH7Z0BVRrckXm1Yw+yTf1TTK9vX437jPf6mwRGThI7BJ6MyfCJjGOAmElZk/5xeEoDTz8e2wekK3Sdu4G+McWvIH29fG/ZXrgENF3fw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 198.47.23.194) smtp.rcpttodomain=lists.denx.de smtp.mailfrom=ti.com;\n dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=ti.com;\n dkim=none (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=vBX6q+CYX2pWBS5Y7h6HM7NFPJzwK9Xbuzci4GFCRI8=;\n b=HTpJUAGtRxjySOxaN86n1n2yb19xw3lvIS0LRPb2And4fTo58uSMPjD9H06vp/kBVpllTIr5h+++07KhTRx8ULUPL8RYMsjRx5gZ6lxNMNvVHUUNX0hjs/kI3+ncm3iqvyeB4exJ0p/5nkRG1LV92/ZmAj6VNg2RccdXaT2Sz2w=", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 198.47.23.194)\n smtp.mailfrom=ti.com; dkim=none (message not signed) header.d=none;\n dmarc=pass\n action=none header.from=ti.com;", "Received-SPF": "Pass (protection.outlook.com: domain of ti.com designates\n 198.47.23.194 as permitted sender) receiver=protection.outlook.com;\n client-ip=198.47.23.194; helo=lewvzet200.ext.ti.com; pr=C", "From": "Shiva Tripathi <s-tripathi1@ti.com>", "To": "<trini@konsulko.com>, <vigneshr@ti.com>, <bb@ti.com>", "CC": "<u-boot@lists.denx.de>, <vishalm@ti.com>, <k-malarvizhi@ti.com>,\n <kamlesh@ti.com>, <s-tripathi1@ti.com>", "Subject": "[PATCH] doc: board: ti: k3: Add fTPM support documentation", "Date": "Wed, 22 Apr 2026 14:49:49 +0530", "Message-ID": "<20260422091949.1684616-1-s-tripathi1@ti.com>", "X-Mailer": "git-send-email 2.34.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-C2ProcessedOrg": "333ef613-75bf-4e12-a4b1-8e3623f5dcea", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "SJ5PEPF00000203:EE_|CY8PR10MB6564:EE_", "X-MS-Office365-Filtering-Correlation-Id": "c58aff7e-2e27-417c-3a55-08dea0505a96", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|376014|1800799024|82310400026|36860700016|56012099003|18002099003;", "X-Microsoft-Antispam-Message-Info": "\n 76WFLKtGgP+cCbCoNZd1Xg4PoCCpPHdid98mSaQdyn0CGo3Qlho6vnnNmh0bXs6DloPydVYaLbH1uDO6JbGC3lBtB6fVYWaJ/PGa6UKSINPU3VSFvU7Qg3BnShDngtloAW35RrCZZAdMoCUMuFD5k0R3lrITEWAYutxnpF9X4xjlEvC1Pj12Z66ZKLOggycg/HoeTYRPrZepzCGtOTYSNx2vMmsEgIAStWvXiqkWCv0//6whjCOkQ7inOQsE20QbBO2AoJyaW5KZ6avAS5z85pICZ0AbF9JQXQYjndM+GAqXqenYrSI669LLa+60D1uazy9k2UCvwy2V74HAIIIpA8H/CHNT7v2AT2YY309DuyGgsVOc1QZkntIduoOq/41H/9wSlL7kkHM6u+YeC50Zh5Vzc+fw28PKfMshCcjXYwLS/9q/KzFtDDjbmi051TWXLz4Zgxtek8bwvijfc9Yrexqy5oBT6P37boIFd74/XTNnB+F/YqMAbFGA/FBe54+BnuU7W1iwK8+fbtJWqdFvM7862H+OsqBn1zh7FumEjrEGAj/6NaW/npzOTI/5meLXHExUs89YO2V/uH3jLidsCB5r3qIZx45ju7FMN3zRPICF1mFv76bXPMNT6zEibPqfeGbt2aukEfKxF72N58pnDagP8IN2WAqx7L8di/yEIda9Q+vjLUvCbL3dNKYbVfK3UnWhGwOrv3nYHVIdSNE3UnKnSiJu6LHWFWFf0Aafp/I=", "X-Forefront-Antispam-Report": "CIP:198.47.23.194; CTRY:US; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:lewvzet200.ext.ti.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(376014)(1800799024)(82310400026)(36860700016)(56012099003)(18002099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n 0AGs7wbq/j0Cu/b3uVDD3+1RJv5Rtzcvf2hdiiJGB4MMleOPZxWMRQOk7OJECxD9RBKkeLW+09CgjKeY6AVOFxt2AZ6aoYij8+LXrUUz/HjcAu3SBIgaNupa+Pv6ur0vVm5fwC6Zqht9dyzKQo+x+t07m+DC3hpDUJztnND9ByBYhps8uzQlK5x3l6lAwhho7/bJEQPUJqrP7bIDPSXqV78nAlBbmZ5V+Q9nJqSSZ6s9Gm8tQURwqVzZBiVPEy5QxU8K2UnK24BxeIy3+Uvgwd8xUdPkjvxWLlfWggj98TjorSLJvpddAj1H3p31xxWiLUmqrs9Hi1LaTK536nWmVLMPpj/sJKor/0LARHJRIdV/MaH/d3ho9VD+hjiL2zU4LcbcFji26Hp3dUkKtKAk9/Wo4wkP0zct4i98R2YR1jCCIpzn9bVteauWdHEY3O9V", "X-OriginatorOrg": "ti.com", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "22 Apr 2026 09:20:10.9515 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n c58aff7e-2e27-417c-3a55-08dea0505a96", "X-MS-Exchange-CrossTenant-Id": "e5b49634-450b-4709-8abb-1e2b19b982b7", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=e5b49634-450b-4709-8abb-1e2b19b982b7; Ip=[198.47.23.194];\n Helo=[lewvzet200.ext.ti.com]", "X-MS-Exchange-CrossTenant-AuthSource": "\n SJ5PEPF00000203.namprd05.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "CY8PR10MB6564", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Add fTPM support documentation including an overview, configuration\nsteps for RPMB provisioning, OP-TEE TA build instructions, and\nverification procedure.\n\nSigned-off-by: Shiva Tripathi <s-tripathi1@ti.com>\n---\n doc/board/ti/k3.rst | 83 +++++++++++++++++++++++++++++++++++++++++++++\n 1 file changed, 83 insertions(+)", "diff": "diff --git a/doc/board/ti/k3.rst b/doc/board/ti/k3.rst\nindex 74ece0c9acf..fa0d999affe 100644\n--- a/doc/board/ti/k3.rst\n+++ b/doc/board/ti/k3.rst\n@@ -1258,3 +1258,86 @@ Currently, OpenOCD does not support tracing for K3 platforms. Tracing\n function could be beneficial if the bug in code occurs deep within\n nested function and can optionally save developers major trouble of\n stepping through a large quantity of code.\n+\n+Firmware TPM (fTPM) Support\n+---------------------------\n+\n+K3 family of devices with **eMMC** are capable of supporting firmware TPM\n+(fTPM) functionality through OP-TEE, providing TPM 2.0 capabilities\n+without requiring discrete TPM hardware.\n+The fTPM Trusted Application runs in OP-TEE secure world and uses\n+eMMC Replay Protected Memory Block (RPMB) for secure persistent\n+storage.\n+\n+The fTPM implementation consists of:\n+\n+* **fTPM TA**: Microsoft's fTPM Trusted Application (TA) running in OP-TEE\n+* **RPMB Storage**: eMMC RPMB partition for persistent TPM NV storage\n+* **U-Boot Support**: TPM commands and RPMB access via OP-TEE\n+\n+fTPM can be used to enable security features such as:\n+\n+* Measured boot\n+* Secure key storage\n+* Platform attestation\n+\n+Enabling fTPM in U-Boot\n+^^^^^^^^^^^^^^^^^^^^^^^\n+\n+The following are the steps to enable fTPM in uboot:\n+\n+1. Programming Keys into eMMC RPMB\n+\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n+\n+Since fTPM uses RPMB for persistent storage, the eMMC RPMB must be\n+provisioned with an authentication key on first boot. This requires\n+building optee_os with the ``CFG_RPMB_WRITE_KEY=y`` flag\n+\n+.. prompt:: bash $\n+\n+ # inside optee_os source\n+ make CROSS_COMPILE=$CC32 CROSS_COMPILE64=$CC64 CFG_ARM64_core=y \\\n+ PLATFORM=$OPTEE_PLATFORM CFG_RPMB_WRITE_KEY=y\n+\n+.. warning::\n+\n+ Programming the RPMB key is a **one-time, irreversible operation**.\n+ The key is derived from the Hardware Unique Key (HUK) and cannot\n+ be changed once programmed. For further details, refer\n+ `Secure Storage <https://optee.readthedocs.io/en/latest/architecture/secure_storage.html>`_\n+\n+On first boot with this configuration, OP-TEE will automatically program\n+the RPMB authentication key. Subsequent boots should use OP-TEE built\n+without this flag.\n+\n+2. Generate fTPM TA binary\n+\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n+\n+To generate fTPM TA binary, follow the\n+`Building the TA <https://github.com/OP-TEE/optee_ftpm#building-the-ta>`_\n+steps mentioned in the OP-TEE fTPM Github repository\n+\n+3. Build OP-TEE with TA:\n+\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n+\n+With the TA generated from last step, build optee-os with RPMB and early\n+TA enabled:\n+\n+.. prompt:: bash $\n+\n+ # inside optee_os source\n+ make CROSS_COMPILE=$CC32 CROSS_COMPILE64=$CC64 CFG_ARM64_core=y \\\n+ PLATFORM=$OPTEE_PLATFORM CFG_RPMB_FS=y CFG_REE_FS=n \\\n+ CFG_EARLY_TA=y CFG_RPMB_ANNOUNCE_PROBE_CAP=n \\\n+ EARLY_TA_PATHS=/path/to/ftpm_ta.stripped.elf\n+\n+Expected Outcome\n+^^^^^^^^^^^^^^^^\n+\n+To verify fTPM support is working, run tpm2 commands in u-boot prompt:\n+\n+.. code-block:: console\n+\n+ => tpm2 info\n+ Microsoft OP-TEE fTPM\n+ => tpm2 init\n", "prefixes": [] }