€•BŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ,/translations/zh_CN/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/zh_TW/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/it_IT/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ja_JP/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ko_KR/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/sp_SP/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒF/var/lib/git/docbuild/linux/Documentation/security/tpm/tpm_ffa_crb.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒTPM CRB over FF-A Driver”h]”hŒTPM CRB over FF-A Driver”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hX`The TPM Command Response Buffer (CRB) interface is a standard TPM interface defined in the TCG PC Client Platform TPM Profile (PTP) Specification [1]_. The CRB provides a structured set of control registers a client uses when interacting with a TPM as well as a data buffer for storing TPM commands and responses. A CRB interface can be implemented in:”h]”(hŒ’The TPM Command Response Buffer (CRB) interface is a standard TPM interface defined in the TCG PC Client Platform TPM Profile (PTP) Specification ”…””}”(hhËhžhhŸNh NubhŒfootnote_reference”“”)”}”(hŒ[1]_”h]”hŒ1”…””}”(hhÕhžhhŸNh Nubah}”(h]”Œid1”ah ]”h"]”h$]”h&]”Œrefid”Œid5”Œdocname”Œsecurity/tpm/tpm_ffa_crb”uh1hÓhhËŒresolved”KubhŒÊ. The CRB provides a structured set of control registers a client uses when interacting with a TPM as well as a data buffer for storing TPM commands and responses. A CRB interface can be implemented in:”…””}”(hhËhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒ*hardware registers in a discrete TPM chip ”h]”hÊ)”}”(hŒ)hardware registers in a discrete TPM chip”h]”hŒ)hardware registers in a discrete TPM chip”…””}”(hhþhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hhúubah}”(h]”h ]”h"]”h$]”h&]”uh1høhhõhžhhŸh³h Nubhù)”}”(hŒqin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM ”h]”hÊ)”}”(hŒpin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM”h]”hŒpin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1høhhõhžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1hóhŸh³h K hh¶hžhubhÊ)”}”(hŒ‰The Firmware Framework for Arm A-profile (FF-A) [2]_ is a specification that defines interfaces and protocols for the following purposes:”h]”(hŒ0The Firmware Framework for Arm A-profile (FF-A) ”…””}”(hj2hžhhŸNh NubhÔ)”}”(hŒ[2]_”h]”hŒ2”…””}”(hj:hžhhŸNh Nubah}”(h]”Œid2”ah ]”h"]”h$]”h&]”häŒid6”hæhçuh1hÓhj2hèKubhŒU is a specification that defines interfaces and protocols for the following purposes:”…””}”(hj2hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhô)”}”(hhh]”(hù)”}”(hŒyCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone) ”h]”hÊ)”}”(hŒxCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone)”h]”hŒxCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone)”…””}”(hj[hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhjWubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjThžhhŸh³h Nubhù)”}”(hŒ‘Provide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware. ”h]”hÊ)”}”(hŒProvide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware.”h]”hŒProvide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware.”…””}”(hjshžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjoubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjThžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j0j1uh1hóhŸh³h Khh¶hžhubhÊ)”}”(hXŽA TPM can be implemented as an FF-A secure service. This could be a firmware TPM or could potentially be a TPM service that acts as a proxy to a discrete TPM chip. An FF-A based TPM abstracts hardware details (e.g. bus controller and chip selects) away from the OS and can protect locality 4 from access by an OS. The TCG-defined CRB interface is used by clients to interact with the TPM service.”h]”hXŽA TPM can be implemented as an FF-A secure service. This could be a firmware TPM or could potentially be a TPM service that acts as a proxy to a discrete TPM chip. An FF-A based TPM abstracts hardware details (e.g. bus controller and chip selects) away from the OS and can protect locality 4 from access by an OS. The TCG-defined CRB interface is used by clients to interact with the TPM service.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hŒ·The Arm TPM Service Command Response Buffer Interface Over FF-A [3]_ specification defines FF-A messages that can be used by a client to signal when updates have been made to the CRB.”h]”(hŒ@The Arm TPM Service Command Response Buffer Interface Over FF-A ”…””}”(hj›hžhhŸNh NubhÔ)”}”(hŒ[3]_”h]”hŒ3”…””}”(hj£hžhhŸNh Nubah}”(h]”Œid3”ah ]”h"]”h$]”h&]”häŒid7”hæhçuh1hÓhj›hèKubhŒs specification defines FF-A messages that can be used by a client to signal when updates have been made to the CRB.”…””}”(hj›hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K"hh¶hžhubhÊ)”}”(hŒAHow the Linux CRB driver interacts with FF-A is summarized below:”h]”hŒAHow the Linux CRB driver interacts with FF-A is summarized below:”…””}”(hj½hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K&hh¶hžhubhô)”}”(hhh]”(hù)”}”(hŒThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec. ”h]”hÊ)”}”(hŒŽThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec.”h]”hŒŽThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec.”…””}”(hjÒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K(hjÎubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjËhžhhŸh³h Nubhù)”}”(hŒyIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes. ”h]”hÊ)”}”(hŒxIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes.”h]”hŒxIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes.”…””}”(hjêhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K+hjæubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjËhžhhŸh³h Nubhù)”}”(hXThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI 'start' method. The start method for Arm FF-A was defined in TCG ACPI v1.4 [4]_. ”h]”hÊ)”}”(hXThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI 'start' method. The start method for Arm FF-A was defined in TCG ACPI v1.4 [4]_.”h]”(hŒÿThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI ‘start’ method. The start method for Arm FF-A was defined in TCG ACPI v1.4 ”…””}”(hjhžhhŸNh NubhÔ)”}”(hŒ[4]_”h]”hŒ4”…””}”(hj hžhhŸNh Nubah}”(h]”Œid4”ah ]”h"]”h$]”h&]”häŒid8”hæhçuh1hÓhjhèKubhŒ.”…””}”(hjhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K.hjþubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjËhžhhŸh³h Nubhù)”}”(hŒàWhen the CRB driver performs its normal functions such as signaling 'start' and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM. ”h]”hÊ)”}”(hŒßWhen the CRB driver performs its normal functions such as signaling 'start' and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM.”h]”hŒãWhen the CRB driver performs its normal functions such as signaling ‘start’ and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM.”…””}”(hj.hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K3hj*ubah}”(h]”h ]”h"]”h$]”h&]”uh1høhjËhžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”j0j1uh1hóhŸh³h K(hh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒ References”h]”hŒ References”…””}”(hjKhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjHhžhhŸh³h K8ubhŒfootnote”“”)”}”(hŒ—**TCG PC Client Platform TPM Profile (PTP) Specification** https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”(hŒlabel”“”)”}”(hŒ1”h]”hŒ1”…””}”(hjahžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j_hj[ubhÊ)”}”(hŒ—**TCG PC Client Platform TPM Profile (PTP) Specification** https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”(hŒstrong”“”)”}”(hŒ:**TCG PC Client Platform TPM Profile (PTP) Specification**”h]”hŒ6TCG PC Client Platform TPM Profile (PTP) Specification”…””}”(hjuhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshjoubhŒ ”…””}”(hjohžhhŸNh NubhŒ reference”“”)”}”(hŒ\https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”hŒ\https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”…””}”(hj‰hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j‹uh1j‡hjoubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K:hj[ubeh}”(h]”håah ]”h"]”Œ1”ah$]”h&]”hßahæhçuh1jYhŸh³h K:hjHhžhhèKubjZ)”}”(hŒk**Arm Firmware Framework for Arm A-profile (FF-A)** https://developer.arm.com/documentation/den0077/latest/”h]”(j`)”}”(hŒ2”h]”hŒ2”…””}”(hj©hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j_hj¥ubhÊ)”}”(hŒk**Arm Firmware Framework for Arm A-profile (FF-A)** https://developer.arm.com/documentation/den0077/latest/”h]”(jt)”}”(hŒ3**Arm Firmware Framework for Arm A-profile (FF-A)**”h]”hŒ/Arm Firmware Framework for Arm A-profile (FF-A)”…””}”(hj»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshj·ubhŒ ”…””}”(hj·hžhhŸNh Nubjˆ)”}”(hŒ7https://developer.arm.com/documentation/den0077/latest/”h]”hŒ7https://developer.arm.com/documentation/den0077/latest/”…””}”(hjÍhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÏuh1j‡hj·ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjéubeh}”(h]”j²ah ]”h"]”Œ3”ah$]”h&]”j­ahæhçuh1jYhŸh³h K>hjHhžhhèKubjZ)”}”(hŒ]**TCG ACPI Specification** https://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”(j`)”}”(hŒ4”h]”hŒ4”…””}”(hj1hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j_hj-ubhÊ)”}”(hŒ]**TCG ACPI Specification** https://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”(jt)”}”(hŒ**TCG ACPI Specification**”h]”hŒTCG ACPI Specification”…””}”(hjChžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshj?ubhŒ ”…””}”(hj?hžhhŸNh Nubjˆ)”}”(hŒBhttps://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”hŒBhttps://trustedcomputinggroup.org/resource/tcg-acpi-specification/”…””}”(hjUhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jWuh1j‡hj?ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K@hj-ubeh}”(h]”jah ]”h"]”Œ4”ah$]”h&]”jahæhçuh1jYhŸh³h K@hjHhžhhèKubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1h´hh¶hžhhŸh³h K8ubeh}”(h]”Œtpm-crb-over-ff-a-driver”ah ]”h"]”Œtpm crb over ff-a driver”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j¤Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œ1”]”hÕaŒ2”]”j:aŒ3”]”j£aŒ4”]”j auŒrefids”}”Œnameids”}”(j~j{jvjsj¢håjæjIj*j²jnjuŒ nametypes”}”(j~‰jv‰j¢ˆjæˆj*ˆjnˆuh}”(j{h¶hßhÕjDj:j­j£jj jsjHhåj[jIj¥j²jéjj-uŒ footnote_refs”}”(jä]”hÕajæ]”j:ajè]”j£ajê]”j auŒ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”(j[j¥jéj-eŒ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”j²Ks…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.