€•1CŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ,/translations/zh_CN/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/zh_TW/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/it_IT/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ja_JP/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ko_KR/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/pt_BR/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/sp_SP/security/tpm/tpm_ffa_crb”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³ŒF/var/lib/git/docbuild/linux/Documentation/security/tpm/tpm_ffa_crb.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒTPM CRB over FF-A Driver”h]”hŒTPM CRB over FF-A Driver”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ paragraph”“”)”}”(hX`The TPM Command Response Buffer (CRB) interface is a standard TPM interface defined in the TCG PC Client Platform TPM Profile (PTP) Specification [1]_. The CRB provides a structured set of control registers a client uses when interacting with a TPM as well as a data buffer for storing TPM commands and responses. A CRB interface can be implemented in:”h]”(hŒ’The TPM Command Response Buffer (CRB) interface is a standard TPM interface defined in the TCG PC Client Platform TPM Profile (PTP) Specification ”…””}”(hhßh²hh³Nh´NubhŒfootnote_reference”“”)”}”(hŒ[1]_”h]”hŒ1”…””}”(hhéh²hh³Nh´Nubah}”(h]”Œid1”ah ]”h"]”h$]”h&]”Œrefid”Œid5”Œdocname”Œsecurity/tpm/tpm_ffa_crb”uh1hçhhߌresolved”KubhŒÊ. The CRB provides a structured set of control registers a client uses when interacting with a TPM as well as a data buffer for storing TPM commands and responses. A CRB interface can be implemented in:”…””}”(hhßh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒ*hardware registers in a discrete TPM chip ”h]”hÞ)”}”(hŒ)hardware registers in a discrete TPM chip”h]”hŒ)hardware registers in a discrete TPM chip”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j hj h²hh³hÇh´Nubj )”}”(hŒqin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM ”h]”hÞ)”}”(hŒpin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM”h]”hŒpin memory for a TPM running in isolated environment where shared memory allows a client to interact with the TPM”…””}”(hj*h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj&ubah}”(h]”h ]”h"]”h$]”h&]”uh1j hj h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jh³hÇh´K hhÊh²hubhÞ)”}”(hŒ‰The Firmware Framework for Arm A-profile (FF-A) [2]_ is a specification that defines interfaces and protocols for the following purposes:”h]”(hŒ0The Firmware Framework for Arm A-profile (FF-A) ”…””}”(hjFh²hh³Nh´Nubhè)”}”(hŒ[2]_”h]”hŒ2”…””}”(hjNh²hh³Nh´Nubah}”(h]”Œid2”ah ]”h"]”h$]”h&]”høŒid6”húhûuh1hçhjFhüKubhŒU is a specification that defines interfaces and protocols for the following purposes:”…””}”(hjFh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubj)”}”(hhh]”(j )”}”(hŒyCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone) ”h]”hÞ)”}”(hŒxCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone)”h]”hŒxCompartmentalize firmware into software partitions that run in the Arm Secure world environment (also know as TrustZone)”…””}”(hjoh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjkubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjhh²hh³hÇh´Nubj )”}”(hŒ‘Provide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware. ”h]”hÞ)”}”(hŒProvide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware.”h]”hŒProvide a standard interface for software components in the Non-secure state, for example OS and Hypervisors, to communicate with this firmware.”…””}”(hj‡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjƒubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjhh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jDjEuh1jh³hÇh´KhhÊh²hubhÞ)”}”(hXŽA TPM can be implemented as an FF-A secure service. This could be a firmware TPM or could potentially be a TPM service that acts as a proxy to a discrete TPM chip. An FF-A based TPM abstracts hardware details (e.g. bus controller and chip selects) away from the OS and can protect locality 4 from access by an OS. The TCG-defined CRB interface is used by clients to interact with the TPM service.”h]”hXŽA TPM can be implemented as an FF-A secure service. This could be a firmware TPM or could potentially be a TPM service that acts as a proxy to a discrete TPM chip. An FF-A based TPM abstracts hardware details (e.g. bus controller and chip selects) away from the OS and can protect locality 4 from access by an OS. The TCG-defined CRB interface is used by clients to interact with the TPM service.”…””}”(hj¡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÞ)”}”(hŒ·The Arm TPM Service Command Response Buffer Interface Over FF-A [3]_ specification defines FF-A messages that can be used by a client to signal when updates have been made to the CRB.”h]”(hŒ@The Arm TPM Service Command Response Buffer Interface Over FF-A ”…””}”(hj¯h²hh³Nh´Nubhè)”}”(hŒ[3]_”h]”hŒ3”…””}”(hj·h²hh³Nh´Nubah}”(h]”Œid3”ah ]”h"]”h$]”h&]”høŒid7”húhûuh1hçhj¯hüKubhŒs specification defines FF-A messages that can be used by a client to signal when updates have been made to the CRB.”…””}”(hj¯h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K"hhÊh²hubhÞ)”}”(hŒAHow the Linux CRB driver interacts with FF-A is summarized below:”h]”hŒAHow the Linux CRB driver interacts with FF-A is summarized below:”…””}”(hjÑh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K&hhÊh²hubj)”}”(hhh]”(j )”}”(hŒThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec. ”h]”hÞ)”}”(hŒŽThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec.”h]”hŒŽThe tpm_crb_ffa driver registers with the FF-A subsystem in the kernel with an architected TPM service UUID defined in the CRB over FF-A spec.”…””}”(hjæh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K(hjâubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjßh²hh³hÇh´Nubj )”}”(hŒyIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes. ”h]”hÞ)”}”(hŒxIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes.”h]”hŒxIf a TPM service is discovered by FF-A, the probe() function in the tpm_crb_ffa driver runs, and the driver initializes.”…””}”(hjþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K+hjúubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjßh²hh³hÇh´Nubj )”}”(hXThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI 'start' method. The start method for Arm FF-A was defined in TCG ACPI v1.4 [4]_. ”h]”hÞ)”}”(hXThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI 'start' method. The start method for Arm FF-A was defined in TCG ACPI v1.4 [4]_.”h]”(hŒÿThe probing and initialization of the Linux CRB driver is triggered by the discovery of a TPM advertised via ACPI. The CRB driver can detect the type of TPM through the ACPI ‘start’ method. The start method for Arm FF-A was defined in TCG ACPI v1.4 ”…””}”(hjh²hh³Nh´Nubhè)”}”(hŒ[4]_”h]”hŒ4”…””}”(hjh²hh³Nh´Nubah}”(h]”Œid4”ah ]”h"]”h$]”h&]”høŒid8”húhûuh1hçhjhüKubhŒ.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K.hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjßh²hh³hÇh´Nubj )”}”(hŒàWhen the CRB driver performs its normal functions such as signaling 'start' and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM. ”h]”hÞ)”}”(hŒßWhen the CRB driver performs its normal functions such as signaling 'start' and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM.”h]”hŒãWhen the CRB driver performs its normal functions such as signaling ‘start’ and locality request/relinquish it invokes the tpm_crb_ffa_start() funnction in the tpm_crb_ffa driver which handles the FF-A messaging to the TPM.”…””}”(hjBh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K3hj>ubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjßh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jDjEuh1jh³hÇh´K(hhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒ References”h]”hŒ References”…””}”(hj_h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj\h²hh³hÇh´K8ubhŒfootnote”“”)”}”(hŒ—**TCG PC Client Platform TPM Profile (PTP) Specification** https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”(hŒlabel”“”)”}”(hŒ1”h]”hŒ1”…””}”(hjuh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshjoubhÞ)”}”(hŒ—**TCG PC Client Platform TPM Profile (PTP) Specification** https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”(hŒstrong”“”)”}”(hŒ:**TCG PC Client Platform TPM Profile (PTP) Specification**”h]”hŒ6TCG PC Client Platform TPM Profile (PTP) Specification”…””}”(hj‰h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j‡hjƒubhŒ ”…””}”(hjƒh²hh³Nh´NubhŒ reference”“”)”}”(hŒ\https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”h]”hŒ\https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jŸuh1j›hjƒubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K:hjoubeh}”(h]”hùah ]”h"]”Œ1”ah$]”h&]”hóahúhûuh1jmh³hÇh´K:hj\h²hhüKubjn)”}”(hŒk**Arm Firmware Framework for Arm A-profile (FF-A)** https://developer.arm.com/documentation/den0077/latest/”h]”(jt)”}”(hŒ2”h]”hŒ2”…””}”(hj½h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshj¹ubhÞ)”}”(hŒk**Arm Firmware Framework for Arm A-profile (FF-A)** https://developer.arm.com/documentation/den0077/latest/”h]”(jˆ)”}”(hŒ3**Arm Firmware Framework for Arm A-profile (FF-A)**”h]”hŒ/Arm Firmware Framework for Arm A-profile (FF-A)”…””}”(hjÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j‡hjËubhŒ ”…””}”(hjËh²hh³Nh´Nubjœ)”}”(hŒ7https://developer.arm.com/documentation/den0077/latest/”h]”hŒ7https://developer.arm.com/documentation/den0077/latest/”…””}”(hjáh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jãuh1j›hjËubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjýubeh}”(h]”jÆah ]”h"]”Œ3”ah$]”h&]”jÁahúhûuh1jmh³hÇh´K>hj\h²hhüKubjn)”}”(hŒ]**TCG ACPI Specification** https://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”(jt)”}”(hŒ4”h]”hŒ4”…””}”(hjEh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jshjAubhÞ)”}”(hŒ]**TCG ACPI Specification** https://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”(jˆ)”}”(hŒ**TCG ACPI Specification**”h]”hŒTCG ACPI Specification”…””}”(hjWh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j‡hjSubhŒ ”…””}”(hjSh²hh³Nh´Nubjœ)”}”(hŒBhttps://trustedcomputinggroup.org/resource/tcg-acpi-specification/”h]”hŒBhttps://trustedcomputinggroup.org/resource/tcg-acpi-specification/”…””}”(hjih²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jkuh1j›hjSubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K@hjAubeh}”(h]”j-ah ]”h"]”Œ4”ah$]”h&]”j(ahúhûuh1jmh³hÇh´K@hj\h²hhüKubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K8ubeh}”(h]”Œtpm-crb-over-ff-a-driver”ah ]”h"]”Œtpm crb over ff-a driver”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j¸Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œ1”]”héaŒ2”]”jNaŒ3”]”j·aŒ4”]”jauŒrefids”}”Œnameids”}”(j’jjŠj‡j¶hùjúj]j>jÆj‚j-uŒ nametypes”}”(j’‰jŠ‰j¶ˆjúˆj>ˆj‚ˆuh}”(jhÊhóhéjXjNjÁj·j(jj‡j\hùjoj]j¹jÆjýj-jAuŒ footnote_refs”}”(jø]”héajú]”jNajü]”j·ajþ]”jauŒ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”(joj¹jýjAeŒ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”jÆKs…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.