Add devicetree overlay to support the SLB9670 TPM module for RPi

Bug #1822036 reported by Alex Murray on 2019-03-28
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-raspi2 (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Unassigned

Bug Description

[Impact]

 * Currently it is not possible to use the SLB9670 TPM module with Ubuntu Core since we do not ship the required devicetree overlay to enable it https://github.com/raspberrypi/linux/commit/c28ac2dc08bd73963f953a757a3362c64b5524ed and there is no way for snaps to easily add their own devicetree overlay. Finally it is not practical to expect Ubuntu Core users to have to build and maintain their own kernels just to support a particular hardware device.

For background discussion, refer to this thread on the snapcraft forums - https://forum.snapcraft.io/t/guidance-on-snap-interface-to-load-a-device-tree-overlay-on-rpi-core18/10106/11

 * Once this overlay is added, then users simply need to modify the boot config.txt to enable the overlay to be loaded automatically. In the future, snapd might also enable support so this can be managed by snapd via snap system configuration.

[Test Case]

 * Boot a RPi with a SLB9670 connected, modify /boot/config.txt to specify dtoverlay=tpm-slb9670, then load the tpm_tis_spi module and /dev/tpm0 should the be available.

[Regression Potential]

 * Almost zero chance of regression potential since this is simply adding a new overlay to the kernel. This is not loaded automatically so there is no real chance of regression.

[Other Info]

 * All that is required for this SRU is to merge https://github.com/raspberrypi/linux/commit/c28ac2dc08bd73963f953a757a3362c64b5524ed to the current bionic raspi kernel branch.

Stefan Bader (smb) on 2019-04-17
Changed in linux-raspi2 (Ubuntu Bionic):
importance: Undecided → Medium
status: New → Confirmed
Changed in linux-raspi2 (Ubuntu Bionic):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (13.0 KiB)

This bug was fixed in the package linux-raspi2 - 4.15.0-1036.38

---------------
linux-raspi2 (4.15.0-1036.38) bionic; urgency=medium

  [ Ubuntu: 4.15.0-50.54 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  [ Ubuntu: 4.15.0-49.53 ]

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
  * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
    - [Packaging] arm64: Drop snapdragon from kernel-versions

linux-raspi2 (4.15.0-1035.37) bionic; urgency=medium

  * linux-raspi2: 4.15.0-1035.37 -proposed tracker (LP: #1826334)

  * Add devicetree overlay to support the SLB9670 TPM module for RPi
    (LP: #1822036)
    - Add overlay for SLB9760 Iridium /LetsTrust TPM

  [ Ubuntu: 4.15.0-49.52 ]

  * linux: 4.15.0-49.52 -proposed tracker (LP: #1826358)
  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: En...

Changed in linux-raspi2 (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers