Hi
I wonder if UC20 Secure Boot and FDE features are fully supported on Raspberry PI4 bundled with OPTIGA TPM SLx 9670 TPM2.0 (SPI Interface)
I’m currently facing 2 main issues:
- related to EFI system
- related to spi and tpm modules not loaded in the kernel
EFI system
During UC20 boot the console displays:
secboot_tpm.go:80: checking if secure boot is enabled…
secboot_tpm.go:82: secure boot not enabled: not a supported EFI system
handlers_install.go:354: not encrypting device storage as checking TPM gave: not a supported EFI system
how is it possible to boot an EFI system?
Kernel modules
I noticed that the following modules:
- spi-bcm2835
- tpm_tis_spi
- tpm_tis_core
- tpm
are currently not loaded by default so, the device /dev/tpm0 is not available.
Manually loading those modules makes the device /dev/tpm0 available and addressable.
So I started building a custom UC20 image for raspberry with the idea to customize also the gadget snap to include the missing modules, but I ended suffering of the issue:
assertion is signed with expired public key
reported here:
I’m quite lost, so if anyone could give an advice it would be really appreciated