spike: identify an ARM64 device that supports fTPM

[mudler]

Is your feature request related to a problem? Please describe.
As part of #3094 we need to have access to an ARM-based device which supports fTPM

Describe the solution you'd like
Identify a set of devices that the team can get their hands on easily

Describe alternatives you've considered
Use emulation, but that is not real life.

Additional context

[Itxaka]

I bought http://radxa.com/products/orion/o6/ which should be here by february or so. It should support fTPM out of the box, and key management as well

[mudler]

Seems RPI5 is not a good fit: https://trustedfirmware-a.readthedocs.io/en/v2.11/plat/rpi5.html

[jimmykarily]

I sent an email to Radxa to help us identify a suitable device.

[Itxaka]

Even something like https://system76.com/desktops/thelio-astra-a1-n1/configure which is incredible, doesnt have fTPM and relies into an external plugged in TPM device https://www.newegg.com/asrock-rack-tpm-spi/p/N82E16816775069

[Itxaka]

wait, isnt fTPM from AMD? Does arm boards also implement it? Or do they rely into a real TPM module like the one linked above? If its hte latter, maybe we could jsut get a board that has a TPM SPI header and add a TPM module and test with that?

[Itxaka]

seems like even rpi can be used with a tpm module: https://buyzero.de/collections/andere-platinen/products/letstrust-hardware-tpm-trusted-platform-module

[jimmykarily]

we should definitely get one of these ^ to try it out. Nice finding @Itxaka .

[jimmykarily]

Regarding rpi5, I tried various things to get it to work but to no avail. First I took all the dtb file from the upstream raspberry pi OS this allowed me to get to the point where the u-boot logo is shown. But I couldn't get it any further than that. I even built a u-boot.bin from the master branch just in case they have some very recent patches but it didn't work either.

I read here that it might work on opensuse soon. In this page it says it needs kernel > 6.13 or patches so maybe we need to wait a little bit longer (until 6.13 makes it here?).

[tbrasser]

Get a few of these: https://computeblade.com/ (dev and tpm versions have tpm 2.0)

[Itxaka]

Raxda folks confirmed that the Orion 6 has full trustzone and TPM support so we will need to wait for it to be delivered to test it but sounds pretty good.