fwTPM demo updates: PolarFire SoC, ZCU102 R5, STM32H5#4
Open
dgarske wants to merge 3 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates three fwTPM example platforms (Microchip PolarFire SoC, Xilinx ZCU102 R5, and STM32H5) by adding new demo clients / transports and improving documentation and build integration for each board-specific workflow.
Changes:
- ZCU102 R5: add an APU-side decoded
TPM2_GetCapability“caps” rpmsg-char client plus a PetaLinuxfwtpm-capsrecipe and image install wiring. - STM32H5: add append-only NV journal support for internal flash persistence (and document wolfTPM v4.1.0+ requirement).
- PolarFire SoC: switch default transport to a non-cached DDR mailbox (
DDR_WCB), add on-hart caps/selftest output, and replace earlier Linux smoke scripts with a read-onlyfwtpm_caps.pyhealth check.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| Xilinx/fwtpm-zcu102-r5/README.md | Documents the new fwtpm_caps APU client and how it fits alongside existing rpmsg tests. |
| Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-caps/fwtpm-caps_0.1.0.bb | New PetaLinux recipe to build/install /usr/bin/fwtpm_caps. |
| Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-caps/files/fwtpm_caps.c | Recipe-local source for the decoded GetCapability client (rpmsg endpoint creation + TPM wire commands). |
| Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/conf/petalinuxbsp.conf | Adds fwtpm-caps to the PetaLinux image install set. |
| Xilinx/fwtpm-zcu102-r5/linux-client/Makefile | Builds the new fwtpm_caps client alongside existing Linux-side tools. |
| Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c | Linux-side decoded GetCapability client over rpmsg-char. |
| STM32/fwtpm-stm32h5/user_settings.h | Enables append-only NV mode for write-once/quadword-aligned internal flash. |
| STM32/fwtpm-stm32h5/README.md | Documents new prerequisites/paths plus detailed append-only NV behavior and upgrade notes. |
| STM32/fwtpm-stm32h5/Makefile | Clarifies user-settings-only defines and the append-only NV configuration. |
| STM32/fwtpm-stm32h5/fwtpm_nv_flash.c | Implements STM32 internal-flash NV HAL aligned with append-only journal expectations and TrustZone aliasing. |
| README.md | Adds a root-level section describing the PolarFire SoC AMP fwTPM example. |
| Microchip/fwtpm-polarfire-miv/README.md | Updates transport/coherency discussion and shifts the demo focus to on-hart caps observed from Linux. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/startup.S | Updates transport-related commentary and retains “dead end” notes for L1D_OFF / DDR_NONCACHED paths. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/mpfs_hal.c | Adds UART TX timeout protection, refines console-ring behavior comments, and tweaks a timing-mix delay loop. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/Makefile | Makes DDR_WCB the default transport and updates help text/documentation accordingly. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/main.c | Adds an on-hart TPM2 caps/random selftest printed to the shared console ring. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_smoke.py | Removed prior interactive smoke test script. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_mbox_dump.py | Removed prior mailbox/ring dump script (superseded by caps tool). |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_caps.py | New read-only /dev/mem client that reports PASS/FAIL based on mailbox + console-ring output. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_trng_scb.c | Updates documentation on SCB TRNG seeding and deployment caveats. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_tis_mpfs.h | Updates transport IDs/bases and clarifies mailbox/ring documentation. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_tis_mpfs.c | Adds cache-eviction / write-combine ordering workarounds and refines fencing/ordering around rsp_ready. |
| Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/.gitignore | Broadens ignored payload binaries pattern. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three independent fwTPM example updates, one self-contained commit each:
PolarFire SoC fwTPM (Microchip MPFS250T)
DDR_WCBtransport: the shared mailbox lives in the non-cached0xC0000000DDR window so it is coherent for the bare-metal hart 4 (the U54 L1d is write-back with no cache-maintenance instruction, so a cacheable mailbox is not coherent on the stock HSS).TPM2_Startup,TPM2_GetCapability,TPM2_GetRandom); the singlefwtpm_caps.pyclient reads the result over/dev/memand reports PASS/FAIL.Manufacturer "WOLF") and live System Controller TRNG entropy.ZCU102 R5 fwTPM (Xilinx)
fwtpm_caps.c: APU-sideTPM2_GetCapabilityclient over OpenAMP rpmsg (theexamples/wrap/capsanalogue), plus a PetaLinuxfwtpm-capsrecipe that installs/usr/bin/fwtpm_caps.STM32H5 fwTPM
fwtpm_nv_flash.c: append-only NV journal on STM32H5 internal flash, so TPM NV state survives a power cycle. Requires wolfTPM v4.1.0+ (append-only NV HAL, PR #540) — documented in the README anduser_settings.h.Each example's README and the root README are updated.