Skip to content

fwTPM demo updates: PolarFire SoC, ZCU102 R5, STM32H5#4

Open
dgarske wants to merge 3 commits into
mainfrom
demo_2026-06-24
Open

fwTPM demo updates: PolarFire SoC, ZCU102 R5, STM32H5#4
dgarske wants to merge 3 commits into
mainfrom
demo_2026-06-24

Conversation

@dgarske

@dgarske dgarske commented Jun 25, 2026

Copy link
Copy Markdown
Member

Three independent fwTPM example updates, one self-contained commit each:

PolarFire SoC fwTPM (Microchip MPFS250T)

  • New default DDR_WCB transport: the shared mailbox lives in the non-cached 0xC0000000 DDR window so it is coherent for the bare-metal hart 4 (the U54 L1d is write-back with no cache-maintenance instruction, so a cacheable mailbox is not coherent on the stock HSS).
  • hart 4 runs real TPM 2.0 commands itself at startup (TPM2_Startup, TPM2_GetCapability, TPM2_GetRandom); the single fwtpm_caps.py client reads the result over /dev/mem and reports PASS/FAIL.
  • Verified end-to-end on the Video Kit: caps (Manufacturer "WOLF") and live System Controller TRNG entropy.

ZCU102 R5 fwTPM (Xilinx)

  • fwtpm_caps.c: APU-side TPM2_GetCapability client over OpenAMP rpmsg (the examples/wrap/caps analogue), plus a PetaLinux fwtpm-caps recipe that installs /usr/bin/fwtpm_caps.

STM32H5 fwTPM

  • fwtpm_nv_flash.c: append-only NV journal on STM32H5 internal flash, so TPM NV state survives a power cycle. Requires wolfTPM v4.1.0+ (append-only NV HAL, PR #540) — documented in the README and user_settings.h.

Each example's README and the root README are updated.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates three fwTPM example platforms (Microchip PolarFire SoC, Xilinx ZCU102 R5, and STM32H5) by adding new demo clients / transports and improving documentation and build integration for each board-specific workflow.

Changes:

  • ZCU102 R5: add an APU-side decoded TPM2_GetCapability “caps” rpmsg-char client plus a PetaLinux fwtpm-caps recipe and image install wiring.
  • STM32H5: add append-only NV journal support for internal flash persistence (and document wolfTPM v4.1.0+ requirement).
  • PolarFire SoC: switch default transport to a non-cached DDR mailbox (DDR_WCB), add on-hart caps/selftest output, and replace earlier Linux smoke scripts with a read-only fwtpm_caps.py health check.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
Xilinx/fwtpm-zcu102-r5/README.md Documents the new fwtpm_caps APU client and how it fits alongside existing rpmsg tests.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-caps/fwtpm-caps_0.1.0.bb New PetaLinux recipe to build/install /usr/bin/fwtpm_caps.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-caps/files/fwtpm_caps.c Recipe-local source for the decoded GetCapability client (rpmsg endpoint creation + TPM wire commands).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/conf/petalinuxbsp.conf Adds fwtpm-caps to the PetaLinux image install set.
Xilinx/fwtpm-zcu102-r5/linux-client/Makefile Builds the new fwtpm_caps client alongside existing Linux-side tools.
Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c Linux-side decoded GetCapability client over rpmsg-char.
STM32/fwtpm-stm32h5/user_settings.h Enables append-only NV mode for write-once/quadword-aligned internal flash.
STM32/fwtpm-stm32h5/README.md Documents new prerequisites/paths plus detailed append-only NV behavior and upgrade notes.
STM32/fwtpm-stm32h5/Makefile Clarifies user-settings-only defines and the append-only NV configuration.
STM32/fwtpm-stm32h5/fwtpm_nv_flash.c Implements STM32 internal-flash NV HAL aligned with append-only journal expectations and TrustZone aliasing.
README.md Adds a root-level section describing the PolarFire SoC AMP fwTPM example.
Microchip/fwtpm-polarfire-miv/README.md Updates transport/coherency discussion and shifts the demo focus to on-hart caps observed from Linux.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/startup.S Updates transport-related commentary and retains “dead end” notes for L1D_OFF / DDR_NONCACHED paths.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/mpfs_hal.c Adds UART TX timeout protection, refines console-ring behavior comments, and tweaks a timing-mix delay loop.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/Makefile Makes DDR_WCB the default transport and updates help text/documentation accordingly.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/main.c Adds an on-hart TPM2 caps/random selftest printed to the shared console ring.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_smoke.py Removed prior interactive smoke test script.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_mbox_dump.py Removed prior mailbox/ring dump script (superseded by caps tool).
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/linux-client/fwtpm_caps.py New read-only /dev/mem client that reports PASS/FAIL based on mailbox + console-ring output.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_trng_scb.c Updates documentation on SCB TRNG seeding and deployment caveats.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_tis_mpfs.h Updates transport IDs/bases and clarifies mailbox/ring documentation.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_tis_mpfs.c Adds cache-eviction / write-combine ordering workarounds and refines fencing/ordering around rsp_ready.
Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/.gitignore Broadens ignored payload binaries pattern.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread STM32/fwtpm-stm32h5/fwtpm_nv_flash.c Outdated
Comment thread Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/main.c
Comment thread Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c
Comment thread Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c
@dgarske dgarske force-pushed the demo_2026-06-24 branch from 096b94c to eb0990c Compare July 2, 2026 17:10
@dgarske dgarske requested a review from Copilot July 2, 2026 17:11
@dgarske dgarske self-assigned this Jul 2, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 5 comments.

Comment thread Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c
Comment thread Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_caps.c
Comment thread Microchip/fwtpm-polarfire-miv/firmware/fwtpm-u54/fwtpm_tis_mpfs.c
@dgarske dgarske force-pushed the demo_2026-06-24 branch from eb0990c to ab7ddb7 Compare July 2, 2026 22:29
@dgarske dgarske removed their assignment Jul 2, 2026
@dgarske dgarske requested a review from aidangarske July 2, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants