{"id":65579,"date":"2026-01-25T11:24:44","date_gmt":"2026-01-25T03:24:44","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/65579.html"},"modified":"2026-01-25T11:24:44","modified_gmt":"2026-01-25T03:24:44","slug":"jetson-orin-%e5%b9%b3%e5%8f%b0-ftpm-%e5%85%a8%e9%9d%a2%e8%a7%a3%e6%9e%90%ef%bc%9a%e4%bb%8e-tpm-%e6%a6%82%e5%bf%b5%e5%88%b0-op-tee-%e5%ae%9e%e6%88%98%ef%bc%88%e5%90%ab-eks-ekb%e3%80%81%e6%b5%81","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/65579.html","title":{"rendered":"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09"},"content":{"rendered":"<hr \/>\n<p>&#x1f4fa; B\u7ad9\u89c6\u9891\u8bb2\u89e3&#xff08;Bilibili&#xff09;&#xff1a;\u535a\u4e3b\u4e2a\u4eba\u4ecb\u7ecd<\/p>\n<p>&#x1f4d8; \u300aYocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b\u300b\u4eac\u4e1c\u8d2d\u4e70\u94fe\u63a5&#xff1a;Yocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b<\/p>\n<p>&#x1f4d8; \u52a0\u535a\u4e3b\u5fae\u4fe1&#xff0c;\u8fdb\u6280\u672f\u4ea4\u6d41\u7fa4&#xff1a; jerrydev<\/p>\n<hr \/>\n<h2>Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790&#xff1a;\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218&#xff08;\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868&#xff09;<\/h2>\n<p>\u9002\u7528\u5e73\u53f0&#xff1a;Jetson AGX Orin \/ Jetson Orin NX \/ Jetson Orin Nano&#xff08;Jetson Linux \/ JetPack 6.x \u53ca\u540e\u7eed&#xff09;<\/p>\n<hr \/>\n<h3>0. \u4f60\u4e3a\u4ec0\u4e48\u4f1a\u9047\u5230 fTPM&#xff1f;<\/h3>\n<p>\u5f88\u591a\u540c\u5b66\u7b2c\u4e00\u6b21\u5728 Jetson \u4e0a\u770b\u5230 fTPM&#xff08;Firmware TPM&#xff09; \u7684\u63cf\u8ff0&#xff0c;\u4f1a\u4ea7\u751f\u4e09\u8fde\u7591\u95ee&#xff1a;<\/p>\n<ul>\n<li>TPM \u5230\u5e95\u662f\u4ec0\u4e48&#xff1f;<\/li>\n<li>fTPM \u7684\u201c\u529f\u80fd\u201d\u5177\u4f53\u505a\u4ec0\u4e48&#xff1f;\u770b\u4e0a\u53bb\u50cf\u4e00\u5806\u8bc1\u4e66\u3001\u5bc6\u94a5\u3001EKS\/EKB&#xff0c;\u8d8a\u770b\u8d8a\u50cf\u201c\u8981\u6539 EKS\u201d&#xff1f;<\/li>\n<li>\u6ca1\u6709 fTPM&#xff0c;OP-TEE \u4f1a\u4e0d\u4f1a\u5c31\u4e0d\u80fd\u5de5\u4f5c&#xff1f;<\/li>\n<\/ul>\n<p>\u8fd9\u7bc7\u6587\u7ae0\u628a\u8fd9\u4e9b\u95ee\u9898\u4e00\u6b21\u8bb2\u6e05\u695a&#xff1a;<\/p>\n<li>\u5148\u7528\u6700\u76f4\u89c2\u7684\u65b9\u5f0f\u89e3\u91ca TPM \u7684\u201c\u6838\u5fc3\u4ef7\u503c\u201d\u3002<\/li>\n<li>\u518d\u628a Jetson \u4e0a\u7684 fTPM \u67b6\u6784\u753b\u6210\u4e00\u5f20\u56fe&#xff0c;\u8ba9\u4f60\u80fd\u628a\u201c\u7528\u6237\u6001\u5de5\u5177\u3001\u5185\u6838\u9a71\u52a8\u3001OP-TEE\u3001TA\u3001EKS\/EKB\u3001Secure Storage\u201d\u4e32\u8d77\u6765\u3002<\/li>\n<li>\u6700\u540e\u7ed9\u51fa\u4e00\u5957\u53ef\u5728\u677f\u5b50\u4e0a\u76f4\u63a5\u8dd1\u901a\u7684\u5b9e\u6218\u6b65\u9aa4&#xff1a;\u4ece\u9a71\u52a8\u52a0\u8f7d\u3001Provisioning&#xff08;\u521d\u59cb\u5316\/\u5199\u5165 EK \u8bc1\u4e66\/\u8bbe\u7f6e owner auth&#xff09;&#xff0c;\u5230\u7528 tpm2-tools \u9a8c\u8bc1 PCR \/ NV \/ Quote \u7684\u57fa\u672c\u80fd\u529b\u3002<\/li>\n<hr \/>\n<p><img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260125032442-69758cfa683b0.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<h3>1. TPM \u662f\u4ec0\u4e48&#xff1f;\u5168\u79f0\u662f\u4ec0\u4e48&#xff1f;\u5b83\u201c\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u201d&#xff1f;<\/h3>\n<h4>1.1 TPM \u5168\u79f0<\/h4>\n<p>TPM &#061; Trusted Platform Module&#xff0c;\u4e2d\u6587\u5e38\u8bd1\u4e3a \u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3002<\/p>\n<p>\u5b83\u7684\u672c\u8d28\u4e0d\u662f\u201c\u4e00\u4e2a\u666e\u901a\u7684\u52a0\u5bc6\u5e93\u201d&#xff0c;\u800c\u662f\u4e00\u4e2a\u53ef\u88ab\u4fe1\u4efb\u7684\u5b89\u5168\u6839&#xff08;Root of Trust&#xff09;&#xff1a;<\/p>\n<ul>\n<li>\u80fd\u751f\u6210\u5e76\u4fdd\u62a4\u5bc6\u94a5&#xff08;\u5bc6\u94a5\u5c3d\u91cf\u4e0d\u51fa\u82af\u7247\/\u4e0d\u51fa\u5b89\u5168\u57df&#xff09;<\/li>\n<li>\u80fd\u8bb0\u5f55\u201c\u542f\u52a8\/\u8f6f\u4ef6\u72b6\u6001\u201d\u7684\u5ea6\u91cf\u503c&#xff08;PCR&#xff09;<\/li>\n<li>\u80fd\u628a\u5bc6\u94a5\u6216\u6570\u636e\u201c\u7ed1\u5b9a\u201d\u5230\u67d0\u4e2a\u53ef\u4fe1\u72b6\u6001&#xff08;Seal\/Unseal&#xff09;<\/li>\n<li>\u80fd\u5bf9\u5916\u63d0\u4f9b\u201c\u8bc1\u660e\u6211\u662f\u8c01\u3001\u6211\u73b0\u5728\u8fd0\u884c\u7684\u72b6\u6001\u662f\u4ec0\u4e48\u201d\u7684\u8bc1\u636e&#xff08;Quote \/ Attestation&#xff09;<\/li>\n<\/ul>\n<h4>1.2 \u4e09\u4e2a\u5173\u952e\u8bcd&#xff1a;PCR\u3001NV\u3001Attestation<\/h4>\n<p>\u5982\u679c\u4f60\u53ea\u8bb0 3 \u4e2a\u70b9&#xff0c;\u5c31\u8bb0\u8fd9 3 \u4e2a&#xff1a;<\/p>\n<li>\n<p>PCR&#xff08;Platform Configuration Register&#xff09;<\/p>\n<ul>\n<li>TPM \u91cc\u4e00\u7ec4\u201c\u53ea\u80fd\u8ffd\u52a0&#xff08;extend&#xff09;\u201d\u7684\u5bc4\u5b58\u5668&#xff0c;\u7528\u6765\u5b58\u653e\u5ea6\u91cf\u503c\u3002<\/li>\n<li>PCR \u4e0d\u662f\u76f4\u63a5\u5199\u5165\u201c\u67d0\u4e2a\u503c\u201d&#xff0c;\u800c\u662f\u201c\u65e7\u503c &#043; \u65b0\u4e8b\u4ef6\u54c8\u5e0c\u201d\u4e0d\u65ad\u7d2f\u79ef&#xff0c;\u5f62\u6210\u4e0d\u53ef\u9006\u7684\u94fe\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>NV&#xff08;Non-Volatile Storage&#xff09;<\/p>\n<ul>\n<li>TPM \u5185\u90e8\/\u7ed1\u5b9a TPM \u7684\u975e\u6613\u5931\u5b58\u50a8&#xff08;\u7c7b\u4f3c\u5c0f\u578b\u5b89\u5168 NVRAM&#xff09;\u3002<\/li>\n<li>\u5e38\u7528\u4e8e\u5b58\u653e\u8bc1\u4e66\u3001\u8ba1\u6570\u5668\u3001\u7b56\u7565\u3001\u8bbe\u5907\u8eab\u4efd\u76f8\u5173\u7684\u6570\u636e\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>Attestation&#xff08;\u8fdc\u7a0b\u8bc1\u660e\/\u72b6\u6001\u8bc1\u660e&#xff09;<\/p>\n<ul>\n<li>\n<p>TPM \u53ef\u4ee5\u5bf9 PCR \u7b49\u72b6\u6001\u505a\u7b7e\u540d&#xff08;Quote&#xff09;&#xff0c;\u8ba9\u8fdc\u7aef\u9a8c\u8bc1&#xff1a;<\/p>\n<ul>\n<li>\u8fd9\u53f0\u8bbe\u5907\u662f\u5426\u662f\u201c\u67d0\u4e2a\u771f\u5b9e TPM \u5b9e\u4f8b\u201d&#xff08;\u8bbe\u5907\u8eab\u4efd&#xff09;<\/li>\n<li>\u8bbe\u5907\u5f53\u524d\u542f\u52a8\u72b6\u6001\u662f\u5426\u7b26\u5408\u9884\u671f&#xff08;\u5ea6\u91cf\u72b6\u6001&#xff09;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<h4>1.3 TPM \u7684\u5178\u578b\u7528\u9014&#xff08;\u4f60\u5728\u5de5\u7a0b\u91cc\u4f1a\u9047\u5230\u7684&#xff09;<\/h4>\n<ul>\n<li>\n<p>\u8bbe\u5907\u552f\u4e00\u8eab\u4efd&#xff08;Device Identity&#xff09;&#xff1a;\u7528 EK\/AK \u4f53\u7cfb\u505a\u53ef\u4fe1\u8eab\u4efd\u6839\u3002<\/p>\n<\/li>\n<li>\n<p>\u5b89\u5168\u542f\u52a8\u589e\u5f3a&#xff08;Secure Boot &#043; Measured Boot&#xff09;&#xff1a;<\/p>\n<ul>\n<li>Secure Boot&#xff1a;\u4e0d\u5141\u8bb8\u672a\u6388\u6743\u955c\u50cf\u542f\u52a8&#xff08;\u201c\u9a8c\u8bc1\/\u653e\u884c\u201d&#xff09;<\/li>\n<li>Measured Boot&#xff1a;\u628a\u542f\u52a8\u8fc7\u7a0b\u7684\u5173\u952e\u7ec4\u4ef6\u54c8\u5e0c\u5199\u5165 PCR&#xff08;\u201c\u8bb0\u5f55\/\u53ef\u8bc1\u660e\u201d&#xff09;<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u7ed1\u5b9a&#xff08;Seal LUKS key to PCR&#xff09;&#xff1a;\u53ea\u6709\u5728\u7b26\u5408 PCR \u72b6\u6001\u65f6\u624d\u653e\u51fa\u89e3\u5bc6\u5bc6\u94a5\u3002<\/p>\n<\/li>\n<li>\n<p>\u9632\u56de\u6eda\u3001\u53ef\u4fe1\u8ba1\u6570\u5668&#xff1a;\u7528 NV counter \u7c7b\u80fd\u529b\u505a\u9632\u56de\u6eda\u7b56\u7565\u3002<\/p>\n<\/li>\n<li>\n<p>\u4e91\u7aef\u8bbe\u5907\u6ce8\u518c\/\u96f6\u63a5\u89e6\u90e8\u7f72&#xff1a;\u4e91\u7aef\u7528 EK \u8bc1\u4e66\u94fe\u786e\u8ba4\u8bbe\u5907\u771f\u5b9e\u8eab\u4efd\u3002<\/p>\n<\/li>\n<\/ul>\n<p>\u91cd\u8981\u63d0\u9192&#xff1a;TPM \u4e0d\u7b49\u4ef7\u4e8e\u201c\u5b89\u5168\u542f\u52a8\u201d\u3002\u5b83\u66f4\u50cf\u4e00\u4e2a\u201c\u53ef\u8bc1\u660e\u7684\u5b89\u5168\u6839 &#043; \u5bc6\u94a5\u4e0e\u72b6\u6001\u7ed1\u5b9a\u5668\u201d\u3002<\/p>\n<hr \/>\n<h3>2. dTPM\u3001fTPM\u3001swtpm&#xff1a;\u5b83\u4eec\u5230\u5e95\u6709\u4ec0\u4e48\u533a\u522b&#xff1f;<\/h3>\n<p>TPM \u7684\u201c\u5b9e\u73b0\u5f62\u6001\u201d\u4e3b\u8981\u6709\u4e09\u7c7b&#xff1a;<\/p>\n<ul>\n<li>dTPM&#xff08;Discrete TPM&#xff09;&#xff1a;\u72ec\u7acb\u786c\u4ef6 TPM \u82af\u7247&#xff08;SPI\/I2C\/LPC\u2026&#xff09;<\/li>\n<li>fTPM&#xff08;Firmware TPM&#xff09;&#xff1a;\u56fa\u4ef6\/\u5b89\u5168\u57df\u5b9e\u73b0\u7684 TPM&#xff08;\u5178\u578b\u8fd0\u884c\u5728 TrustZone\/TEE&#xff09;<\/li>\n<li>swtpm&#xff08;Software TPM&#xff09;&#xff1a;\u7eaf\u8f6f\u4ef6\u6a21\u62df&#xff08;\u4e3b\u8981\u7528\u4e8e\u5f00\u53d1\/\u6d4b\u8bd5&#xff09;<\/li>\n<\/ul>\n<p>\u4e0b\u9762\u8fd9\u5f20\u8868\u975e\u5e38\u5173\u952e&#xff1a;<\/p>\n<table>\n<tr>\u7ef4\u5ea6dTPM&#xff08;\u72ec\u7acb\u82af\u7247&#xff09;fTPM&#xff08;\u56fa\u4ef6TPM&#xff0c;TEE\u4e2d&#xff09;swtpm&#xff08;\u8f6f\u4ef6\u6a21\u62df&#xff09;<\/tr>\n<tbody>\n<tr>\n<td>\u5b89\u5168\u8fb9\u754c<\/td>\n<td>\u82af\u7247\u7269\u7406\u9694\u79bb&#xff0c;\u6297\u653b\u51fb\u5f3a<\/td>\n<td>\u4f9d\u8d56 TEE\/\u5b89\u5168\u57df\u9694\u79bb<\/td>\n<td>\u4f9d\u8d56 OS \u9694\u79bb&#xff0c;\u57fa\u672c\u4e0d\u7b97\u786c\u5b89\u5168<\/td>\n<\/tr>\n<tr>\n<td>\u6210\u672c\/BOM<\/td>\n<td>\u589e\u52a0\u5668\u4ef6\u4e0e\u5e03\u7ebf<\/td>\n<td>\u4e0d\u589e\u52a0\u5916\u90e8\u5668\u4ef6<\/td>\n<td>0<\/td>\n<\/tr>\n<tr>\n<td>\u4f9b\u5e94\u94fe\/\u8ba4\u8bc1<\/td>\n<td>\u66f4\u5bb9\u6613\u505a\u786c\u4ef6\u7ea7\u8bc1\u660e<\/td>\n<td>\u4f9d\u8d56\u5e73\u53f0\u5b89\u5168\u80fd\u529b\u4e0e\u5b9e\u73b0\u8d28\u91cf<\/td>\n<td>\u4e0d\u9002\u5408\u751f\u4ea7<\/td>\n<\/tr>\n<tr>\n<td>\u6027\u80fd<\/td>\n<td>\u901a\u5e38\u8f83\u7a33\u5b9a<\/td>\n<td>\u53d6\u51b3\u4e8e TEE \u4e0e\u5b9e\u73b0<\/td>\n<td>\u53d6\u51b3\u4e8e CPU<\/td>\n<\/tr>\n<tr>\n<td>\u8bbe\u5907\u7aef\u63a5\u53e3<\/td>\n<td>SPI\/I2C\/LPC \u7b49<\/td>\n<td>\u5185\u6838\u9a71\u52a8 &#043; TEE \u901a\u9053<\/td>\n<td>socket\/\u6587\u4ef6\u7b49<\/td>\n<\/tr>\n<tr>\n<td>\u5178\u578b\u7528\u9014<\/td>\n<td>\u670d\u52a1\u5668\/\u4f01\u4e1a\u5b89\u5168\/\u9ad8\u5f3a\u5ea6<\/td>\n<td>\u79fb\u52a8\/\u5d4c\u5165\u5f0f\/\u6210\u672c\u654f\u611f<\/td>\n<td>CI\u3001\u4eff\u771f\u3001\u529f\u80fd\u5f00\u53d1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u5728 Jetson Orin \u5e73\u53f0\u4e0a&#xff0c;NVIDIA \u63d0\u4f9b\u7684\u662f fTPM \u65b9\u6848&#xff1a;<\/p>\n<ul>\n<li>\u4ee5 TPM 2.0 \u89c4\u8303\u53c2\u8003\u5b9e\u73b0\u4e3a\u57fa\u7840<\/li>\n<li>\u901a\u8fc7 OP-TEE \u5728\u5b89\u5168\u4e16\u754c\u8fd0\u884c\u4e00\u4e2a fTPM TA&#xff08;Trusted Application&#xff09;<\/li>\n<li>\u5728\u666e\u901a\u4e16\u754c&#xff08;Linux&#xff09;\u4f7f\u7528\u6807\u51c6 TSS&#xff08;TPM Software Stack&#xff09; \u4e0e\u4e4b\u4ea4\u4e92<\/li>\n<\/ul>\n<hr \/>\n<h3>3. fTPM \u7684\u201c\u529f\u80fd\u201d\u5230\u5e95\u662f\u4ec0\u4e48&#xff1f;\u4e00\u53e5\u8bdd\u8bb2\u6e05<\/h3>\n<p>fTPM \u7684\u529f\u80fd\u5c31\u662f&#xff1a;\u5728\u201c\u5b89\u5168\u4e16\u754c&#xff08;OP-TEE&#xff09;\u201d\u91cc\u63d0\u4f9b\u4e00\u4e2a\u7b26\u5408 TPM 2.0 \u89c4\u8303\u7684 TPM \u5b9e\u4f8b&#xff0c;\u8ba9 Linux \u50cf\u8bbf\u95ee\u771f\u5b9e TPM \u82af\u7247\u4e00\u6837\u8bbf\u95ee\u5b83\u3002<\/p>\n<p>\u6362\u53e5\u8bdd\u8bf4&#xff1a;<\/p>\n<ul>\n<li>\u4f60\u8fd0\u884c tpm2_pcrread\u3001tpm2_nvread\u3001tpm2_quote \u8fd9\u7c7b\u547d\u4ee4\u65f6<\/li>\n<li>\u4e0a\u5c42\u4ecd\u7136\u8d70\u6807\u51c6 TPM2.0 \u547d\u4ee4\u96c6<\/li>\n<li>\u53ea\u662f\u201cTPM \u5b9e\u4f53\u201d\u4e0d\u662f\u5916\u7f6e\u82af\u7247&#xff0c;\u800c\u662f OP-TEE \u4e2d\u7684 fTPM TA<\/li>\n<\/ul>\n<p>\u5b83\u7684\u4ef7\u503c\u4e3b\u8981\u4f53\u73b0\u5728&#xff1a;<\/p>\n<li>\u628a\u5bc6\u94a5\u64cd\u4f5c\u653e\u8fdb\u5b89\u5168\u4e16\u754c&#xff1a;\u964d\u4f4e\u5bc6\u94a5\u5728\u666e\u901a\u4e16\u754c\u66b4\u9732\u7684\u98ce\u9669\u3002<\/li>\n<li>\u63d0\u4f9b\u53ef\u8bc1\u660e\u7684\u8bbe\u5907\u8eab\u4efd&#xff1a;\u901a\u8fc7 EK\/\u8bc1\u4e66\u4f53\u7cfb\u8ba9\u8fdc\u7aef\u4fe1\u4efb\u8be5\u8bbe\u5907\u3002<\/li>\n<li>\u4e3a measured boot \/ sealed storage \u63d0\u4f9b\u6807\u51c6\u63a5\u53e3&#xff1a;\u628a\u201c\u72b6\u6001\u201d\u548c\u201c\u5bc6\u94a5\u91ca\u653e\u201d\u5173\u8054\u8d77\u6765\u3002<\/li>\n<hr \/>\n<h3>4. Jetson \u4e0a\u7684 fTPM \u8f6f\u4ef6\u67b6\u6784&#xff1a;\u4e00\u5f20\u56fe\u770b\u61c2<\/h3>\n<p>\u5148\u770b\u201c\u4ece\u5e94\u7528\u5230 fTPM TA\u201d\u7684\u5b8c\u6574\u94fe\u8def&#xff08;\u5efa\u8bae\u4f60\u628a\u8fd9\u5f20\u56fe\u8bb0\u4f4f&#xff09;&#xff1a;<\/p>\n<p>&#043;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#043;<br \/>\n|                         Linux \u666e\u901a\u4e16\u754c                         |<br \/>\n|                                                              |<br \/>\n|  [\u5e94\u7528] tpm2-tools \/ \u5e94\u7528\u7a0b\u5e8f \/ pkcs11 \/ systemd-cryptenroll  |<br \/>\n|          |                                                   |<br \/>\n|          v                                                   |<br \/>\n|  [TSS]  tpm2-tss (ESAPI\/FAPI)                                |<br \/>\n|          |   (TCTI&#061;device:\/dev\/tpmrm0)                       |<br \/>\n|          v                                                   |<br \/>\n|  \/dev\/tpmrm0  (\u5185\u6838 TPM Resource Manager \u8bbe\u5907)               |<br \/>\n|          |                                                   |<br \/>\n|          v                                                   |<br \/>\n|  Linux Kernel: tpm &#043; tpm_ftpm_tee &#043; tee\/optee driver          |<br \/>\n|          |      (\u628a TPM \u547d\u4ee4\u8f6c\u53d1\u5230 TEE)                       |<br \/>\n&#043;&#8212;&#8212;&#8212;-|&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#043;<br \/>\n           v<br \/>\n&#043;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#043;<br \/>\n|                         \u5b89\u5168\u4e16\u754c&#xff08;OP-TEE&#xff09;                     |<br \/>\n|                                                              |<br \/>\n|   [fTPM TA]  TPM2.0 \u53c2\u8003\u5b9e\u73b0\u5c01\u88c5\u6210 TA                          |<br \/>\n|          |                                                   |<br \/>\n|          v                                                   |<br \/>\n|   Secure Storage \/ Key Derivation \/ SE Keyslot \/ (\u53ef\u9009 RPMB)   |<br \/>\n&#043;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#043;<\/p>\n<p>\u8fd9\u5f20\u56fe\u5bf9\u5e94\u4f60\u5e38\u89c1\u7684\u201c\u770b\u4e0d\u61c2\u70b9\u201d&#xff1a;<\/p>\n<ul>\n<li>\n<p>TSS \u662f\u4ec0\u4e48&#xff1f;<\/p>\n<ul>\n<li>TPM Software Stack&#xff0c;\u7528\u6237\u6001\u7684\u8f6f\u4ef6\u6808&#xff0c;\u8ba9\u5e94\u7528\u4ee5\u7edf\u4e00\u65b9\u5f0f\u8bbf\u95ee TPM\u3002<\/li>\n<li>\u4f60\u7528 tpm2-tools&#xff0c;\u5176\u5b9e\u5c31\u662f\u5728\u7528 TSS\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>tpm_ftpm_tee \u662f\u4ec0\u4e48&#xff1f;<\/p>\n<ul>\n<li>Linux \u5185\u6838\u4e2d\u4e13\u95e8\u7528\u4e8e\u201c\u56fa\u4ef6 TPM&#xff08;TEE \u91cc\u7684 TPM&#xff09;\u201d\u7684\u9a71\u52a8\u6a21\u5757\u3002<\/li>\n<li>\u5b83\u628a TPM \u547d\u4ee4\u8f6c\u53d1\u7ed9 OP-TEE \u7684 TA\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>fTPM TA \u662f\u4ec0\u4e48&#xff1f;<\/p>\n<ul>\n<li>\u8fd0\u884c\u5728 OP-TEE \u4e2d\u7684\u201c\u53ef\u4fe1\u5e94\u7528\u201d&#xff0c;\u5b9e\u73b0 TPM2.0 \u547d\u4ee4\u5904\u7406\u3001NV\u3001\u5bc6\u94a5\u7b49\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<h3>5. fTPM \u548c EKS\/EKB \u5230\u5e95\u4ec0\u4e48\u5173\u7cfb&#xff1f;\u662f\u4e0d\u662f\u201c\u8981\u6539 EKS\u201d&#xff1f;<\/h3>\n<p>\u4f60\u95ee\u5f97\u975e\u5e38\u51c6\u786e&#xff1a;\u5f88\u591a\u8d44\u6599\u540c\u65f6\u51fa\u73b0 EKS\u3001EKB\u3001\u8bc1\u4e66\u3001Provisioning&#xff0c;\u5f88\u5bb9\u6613\u8ba9\u4eba\u8bef\u4f1a\u201cfTPM \u9700\u8981\u53bb\u6539 EKS\u201d\u3002<\/p>\n<p>\u7ed3\u8bba\u5148\u8bf4&#xff1a;<\/p>\n<ul>\n<li>fTPM \u4e0d\u7b49\u4ef7\u4e8e EKS&#xff0c;\u4e5f\u4e0d\u662f\u201c\u53bb\u6539 EKS\u201d\u3002<\/li>\n<li>EKS\/EKB \u662f fTPM provisioning&#xff08;\u51fa\u5382\u914d\u7f6e&#xff09;\u8fc7\u7a0b\u4e2d\u201c\u643a\u5e26\u6750\u6599\u201d\u7684\u4e00\u79cd\u65b9\u5f0f\u3002<\/li>\n<\/ul>\n<h4>5.1 \u4e24\u4e2a\u540d\u8bcd\u5148\u5206\u6e05<\/h4>\n<ul>\n<li>EKS&#xff08;Encrypted Key Store&#xff09;&#xff1a;Jetson \u7684\u4e00\u4e2a\u5206\u533a\/\u5b58\u50a8\u533a\u57df&#xff0c;\u7528\u4e8e\u653e\u7f6e\u201c\u52a0\u5bc6\u7684\u5bc6\u94a5\u6750\u6599\u955c\u50cf\u201d\u3002<\/li>\n<li>EKB&#xff08;Encrypted Key Blob&#xff09;&#xff1a;\u88ab\u52a0\u5bc6\u5c01\u88c5\u540e\u7684\u201c\u5bc6\u94a5\u6750\u6599\u5305\u201d&#xff0c;\u4f1a\u88ab\u5199\u5165 EKS \u5206\u533a\u3002<\/li>\n<\/ul>\n<p>\u4f60\u53ef\u4ee5\u628a\u5b83\u7c7b\u6bd4\u6210&#xff1a;<\/p>\n<ul>\n<li>EKS&#xff1a;\u4fdd\u9669\u7bb1&#xff08;\u5b58\u653e\u4f4d\u7f6e\/\u5206\u533a&#xff09;<\/li>\n<li>EKB&#xff1a;\u88c5\u5728\u4fdd\u9669\u7bb1\u91cc\u7684\u5bc6\u5c01\u6587\u4ef6\u888b&#xff08;\u52a0\u5bc6\u540e\u7684\u6750\u6599\u5305&#xff09;<\/li>\n<\/ul>\n<h4>5.2 fTPM provisioning \u4e3a\u4ec0\u4e48\u8981\u7528\u5230 EKB&#xff1f;<\/h4>\n<p>\u8981\u8ba9\u6bcf\u53f0\u8bbe\u5907\u7684 fTPM \u90fd\u201c\u53ef\u88ab\u4fe1\u4efb\u201d&#xff0c;\u5fc5\u987b\u89e3\u51b3\u4e00\u4e2a\u5173\u952e\u70b9&#xff1a;<\/p>\n<p>\u6bcf\u53f0\u8bbe\u5907\u8981\u6709\u552f\u4e00\u7684\u8eab\u4efd\u6750\u6599&#xff08;\u4f8b\u5982 EK \u76f8\u5173\u8bc1\u4e66\/\u79cd\u5b50&#xff09;&#xff0c;\u4e14\u8fd9\u4e2a\u6750\u6599\u8981\u5728\u751f\u4ea7\u5236\u9020\u9636\u6bb5\u88ab\u5b89\u5168\u5730\u6ce8\u5165\u3002<\/p>\n<p>\u5728 Jetson \u7684\u8bbe\u8ba1\u91cc&#xff0c;\u79bb\u7ebf provisioning \u7684\u6838\u5fc3\u601d\u8def\u662f&#xff1a;<\/p>\n<li>\n<p>\u5236\u9020\u9636\u6bb5\u4e3a\u6bcf\u53f0\u8bbe\u5907\u751f\u6210\u5fc5\u8981\u6750\u6599&#xff08;Device_SN\u3001\u79cd\u5b50\u3001EK \u8bc1\u4e66\u7b49&#xff09;\u3002<\/p>\n<\/li>\n<li>\n<p>\u628a\u8fd9\u4e9b\u6750\u6599\u7f16\u7801\u8fdb EKB \u5e76\u5199\u5165 EKS \u5206\u533a\u3002<\/p>\n<\/li>\n<li>\n<p>\u8bbe\u5907\u9996\u6b21\u542f\u52a8\u540e\u8fd0\u884c provisioning \u5de5\u5177&#xff1a;<\/p>\n<ul>\n<li>\u4ece EKB \u91cc\u53d6\u51fa EK \u8bc1\u4e66<\/li>\n<li>\u5199\u5165 fTPM \u7684 NV \u5b58\u50a8<\/li>\n<li>\u8bbe\u7f6e owner \u6388\u6743\u7b49<\/li>\n<\/ul>\n<\/li>\n<p>\u7528\u6d41\u7a0b\u56fe\u8868\u793a\u5c31\u662f&#xff1a;<\/p>\n<p>(\u5236\u9020\/\u5de5\u5382\u4fa7)<br \/>\n   \u751f\u6210\u6bcf\u53f0\u8bbe\u5907\u552f\u4e00\u6750\u6599 &#043; EK CSR -&gt; CA \u7b7e\u53d1 EK \u8bc1\u4e66<br \/>\n                |<br \/>\n                v<br \/>\n          \u6253\u5305\u5e76\u52a0\u5bc6\u6210 EKB<br \/>\n                |<br \/>\n                v<br \/>\n          \u5199\u5165\u8bbe\u5907\u7684 EKS \u5206\u533a<\/p>\n<p>(\u8bbe\u5907\u9996\u6b21\u542f\u52a8)<br \/>\n   OP-TEE \u521d\u59cb\u5316 fTPM TA<br \/>\n                |<br \/>\n                v<br \/>\n   provisioning \u5de5\u5177\u4ece EKB \u63d0\u53d6 EK \u8bc1\u4e66<br \/>\n                |<br \/>\n                v<br \/>\n   \u5c06 EK \u8bc1\u4e66\u5199\u5165 fTPM NV&#xff0c;\u5e76\u8bbe\u7f6e owner auth<br \/>\n                |<br \/>\n                v<br \/>\n   Linux \u4fa7\u5f00\u59cb\u4ee5\u201c\u53ef\u4fe1 TPM\u201d\u65b9\u5f0f\u4f7f\u7528&#xff08;EK\/AK\/Quote \u7b49&#xff09;<\/p>\n<h4>5.3 \u4e3a\u4ec0\u4e48 provisioning \u540e\u8981\u5199\u5165 fTPM NV&#xff1f;<\/h4>\n<p>\u56e0\u4e3a\u5f88\u591a\u4e91\u7aef\/\u5e73\u53f0\u9700\u8981\u901a\u8fc7 EK \u8bc1\u4e66\u94fe \u6765\u201c\u8ba4\u8fd9\u53f0\u8bbe\u5907\u201d\u3002<\/p>\n<ul>\n<li>\u8bc1\u4e66\u5728 EKB \u91cc\u662f\u201c\u6750\u6599\u6765\u6e90\u201d&#xff0c;\u4e0d\u4ee3\u8868 TPM \u5df2\u7ecf\u51c6\u5907\u597d\u5bf9\u5916\u63d0\u4f9b\u6807\u51c6 EK\/NV \u884c\u4e3a\u3002<\/li>\n<li>provisioning \u628a\u6750\u6599\u5199\u8fdb fTPM NV \u540e&#xff0c;TPM \u624d\u80fd\u7528\u6807\u51c6\u547d\u4ee4\u8fd4\u56de\u5bf9\u5e94\u8bc1\u4e66\/\u5bf9\u8c61\u3002<\/li>\n<\/ul>\n<p>\u4e00\u53e5\u8bdd&#xff1a;EKB \u662f\u201c\u51fa\u5382\u5305\u88f9\u201d&#xff0c;NV \u662f\u201cTPM \u81ea\u5df1\u7684\u8eab\u4efd\u8bc1\u4e0e\u6301\u4e45\u5316\u533a\u201d\u3002<\/p>\n<hr \/>\n<h3>6. \u6ca1\u6709 fTPM&#xff0c;OP-TEE \u5c31\u4e0d\u80fd\u6b63\u5e38\u5de5\u4f5c\u5417&#xff1f;<\/h3>\n<p>\u4e0d\u4f1a\u3002<\/p>\n<ul>\n<li>OP-TEE \u662f\u4e00\u4e2a\u901a\u7528 TEE&#xff1a;\u5b83\u8d1f\u8d23\u63d0\u4f9b\u5b89\u5168\u4e16\u754c\u8fd0\u884c\u73af\u5883\u3001TA \u6846\u67b6\u3001Secure Storage\u3001\u5bc6\u94a5\u6d3e\u751f\u7b49\u80fd\u529b\u3002<\/li>\n<li>fTPM \u53ea\u662f OP-TEE \u91cc\u7684\u4e00\u4e2a TA&#xff08;\u529f\u80fd\u6a21\u5757&#xff09;&#xff1a;\u4f60\u53ef\u4ee5\u542f\u7528&#xff0c;\u4e5f\u53ef\u4ee5\u4e0d\u542f\u7528\u3002<\/li>\n<\/ul>\n<p>\u4f46\u662f\u6709\u4e24\u4e2a\u5b9e\u9645\u5de5\u7a0b\u73b0\u8c61\u8981\u6ce8\u610f&#xff1a;<\/p>\n<li>\n<p>\u5982\u679c\u4f60\u542f\u7528\u4e86 fTPM&#xff0c;\u4f46\u53d1\u73b0 fTPM \u4e0d\u5de5\u4f5c&#xff0c;\u5f88\u591a\u65f6\u5019\u6839\u56e0\u662f OP-TEE \u6574\u4f53\u94fe\u8def\u5f02\u5e38&#xff08;tee-supplicant\u3001\u5b58\u50a8\u540e\u7aef\u3001TA \u90e8\u7f72\u7b49&#xff09;\u3002<\/p>\n<\/li>\n<li>\n<p>\u53cd\u8fc7\u6765&#xff0c;OP-TEE \u6b63\u5e38\u5e76\u4e0d\u610f\u5473\u7740 fTPM \u4e00\u5b9a\u53ef\u7528&#xff0c;\u56e0\u4e3a fTPM \u8fd8\u6d89\u53ca&#xff1a;<\/p>\n<ul>\n<li>TA \u662f\u5426\u7f16\u8bd1\u8fdb tos.img<\/li>\n<li>Linux \u5185\u6838\u662f\u5426\u6709 tpm_ftpm_tee<\/li>\n<li>provisioning \u662f\u5426\u5b8c\u6210<\/li>\n<\/ul>\n<\/li>\n<hr \/>\n<h3>7. \u5b9e\u6218&#xff1a;\u5728 Jetson \u4e0a\u628a fTPM \u8dd1\u8d77\u6765&#xff08;\u4ece 0 \u5230\u53ef\u9a8c\u8bc1&#xff09;<\/h3>\n<p>\u4e0b\u9762\u7ed9\u4e00\u5957\u201c\u6700\u5c0f\u53ef\u590d\u73b0\u201d\u7684\u5b9e\u6218\u8def\u5f84\u3002\u76ee\u6807\u662f&#xff1a;<\/p>\n<ul>\n<li>\u8ba9 \/dev\/tpm0 \/ \/dev\/tpmrm0 \u51fa\u73b0<\/li>\n<li>\u5b8c\u6210 provisioning&#xff08;\u5199\u5165 EK \u8bc1\u4e66\u3001\u8bbe\u7f6e owner auth&#xff09;<\/li>\n<li>\u7528 tpm2-tools \u9a8c\u8bc1 PCR\/NV\/\u968f\u673a\u6570\/\u57fa\u672c\u80fd\u529b<\/li>\n<\/ul>\n<p>\u8bf4\u660e&#xff1a;\u4e0d\u540c Jetson Linux\/JetPack \u7248\u672c\u76ee\u5f55\u7ed3\u6784\u7565\u6709\u5dee\u5f02&#xff1b;\u4f60\u53ef\u4ee5\u6309\u201c\u601d\u8def\u4e0e\u5173\u952e\u70b9\u201d\u5bf9\u7167\u843d\u5730\u3002<\/p>\n<h4>7.1 \u5148\u786e\u8ba4 OP-TEE \u57fa\u7840\u94fe\u8def<\/h4>\n<p>\u5728\u8bbe\u5907\u4e0a\u6267\u884c&#xff1a;<\/p>\n<p><span class=\"token function\">ls<\/span> -l \/dev\/tee*<\/p>\n<p>\u901a\u5e38\u4f1a\u770b\u5230 \/dev\/tee0\u3002<\/p>\n<p>\u518d\u770b\u670d\u52a1&#xff08;\u4e0d\u540c\u7248\u672c\u540d\u79f0\u53ef\u80fd\u7565\u6709\u5dee\u5f02&#xff09;&#xff1a;<\/p>\n<p>systemctl status nv-tee-supplicant.service<br \/>\n<span class=\"token comment\"># \u6216\u8005&#xff1a;systemctl status tee-supplicant<\/span><\/p>\n<p>\u5982\u679c tee-supplicant \u6ca1\u8d77\u6765&#xff0c;\u5185\u6838\u5230 OP-TEE TA \u7684\u8bbf\u95ee\u4f1a\u51fa\u73b0\u5404\u79cd\u5f02\u5e38\u3002<\/p>\n<h4>7.2 \u52a0\u8f7d fTPM \u5185\u6838\u9a71\u52a8&#xff08;\u5173\u952e\u4e00\u6b65&#xff09;<\/h4>\n<p><span class=\"token function\">sudo<\/span> modprobe tpm_ftpm_tee<\/p>\n<p>\u6210\u529f\u540e\u68c0\u67e5&#xff1a;<\/p>\n<p><span class=\"token function\">ls<\/span> -l \/dev\/tpm*<\/p>\n<p>\u4f60\u901a\u5e38\u4f1a\u770b\u5230&#xff1a;<\/p>\n<ul>\n<li>\/dev\/tpm0&#xff1a;TPM \u8bbe\u5907\u8282\u70b9<\/li>\n<li>\/dev\/tpmrm0&#xff1a;TPM Resource Manager&#xff08;\u63a8\u8350\u4f18\u5148\u4f7f\u7528&#xff09;<\/li>\n<\/ul>\n<p>\u63d0\u793a&#xff1a;\u73b0\u4ee3 Linux \u63a8\u8350\u7528 \/dev\/tpmrm0&#xff0c;\u5b83\u80fd\u8ba9\u591a\u8fdb\u7a0b\u5e76\u53d1\u8bbf\u95ee\u66f4\u7a33\u5b9a\u3002<\/p>\n<h4>7.3 provisioning&#xff1a;\u628a EK \u8bc1\u4e66\u5199\u5165 fTPM NV&#xff0c;\u5e76\u8bbe\u7f6e owner auth<\/h4>\n<p>\u5728 NVIDIA \u7684 fTPM \u6587\u6863\u6d41\u7a0b\u91cc&#xff0c;provisioning \u811a\u672c\u4f1a\u5b8c\u6210&#xff1a;<\/p>\n<ul>\n<li>\u67e5\u8be2 EK \u8bc1\u4e66&#xff08;RSA\/EC&#xff09;<\/li>\n<li>\u5b58\u5165 fTPM NV<\/li>\n<li>\u8bbe\u7f6e fTPM \u6388\u6743&#xff08;owner auth&#xff09;<\/li>\n<\/ul>\n<p>\u5178\u578b\u547d\u4ee4\u5f62\u5f0f\u5982\u4e0b&#xff1a;<\/p>\n<p><span class=\"token builtin class-name\">cd<\/span> ftpm_prov<br \/>\n<span class=\"token function\">sudo<\/span> .\/ftpm_device_provision.sh -r ek_cert_rsa.der -e ek_cert_ec.der -p owner<\/p>\n<p>\u53c2\u6570\u542b\u4e49&#xff1a;<\/p>\n<ul>\n<li>-r ek_cert_rsa.der&#xff1a;\u4ece EKB \u67e5\u8be2\u5e76\u5bfc\u51fa\u7684 RSA EK \u8bc1\u4e66\u6587\u4ef6<\/li>\n<li>-e ek_cert_ec.der&#xff1a;\u4ece EKB \u67e5\u8be2\u5e76\u5bfc\u51fa\u7684 EC EK \u8bc1\u4e66\u6587\u4ef6<\/li>\n<li>-p owner&#xff1a;fTPM owner \u6388\u6743\u53e3\u4ee4&#xff08;\u793a\u4f8b\u7528 owner&#xff0c;\u4f60\u5e94\u6309\u4ea7\u54c1\u7b56\u7565\u8bbe\u7f6e&#xff09;<\/li>\n<\/ul>\n<p>\u6838\u5fc3\u70b9&#xff1a;provisioning \u662f\u8ba9\u8bbe\u5907\u201c\u6210\u4e3a\u4e00\u4e2a\u53ef\u88ab\u4fe1\u4efb\u7684 TPM \u5b9e\u4f53\u201d\u7684\u5173\u952e\u6b65\u9aa4\u3002\u53ea\u628a TA \u7f16\u8bd1\u8fdb\u53bb\u3001\u9a71\u52a8\u52a0\u8f7d\u6210\u529f&#xff0c;\u5f80\u5f80\u8fd8\u4e0d\u591f\u3002<\/p>\n<h5>provisioning \u811a\u672c\u5728\u54ea\u91cc&#xff1f;<\/h5>\n<p>\u5e38\u89c1\u505a\u6cd5\u662f\u4ece host \u4fa7\u628a\u811a\u672c\u62f7\u5230\u8bbe\u5907\u4e0a&#xff0c;\u6765\u6e90\u4e00\u822c\u5728 OP-TEE samples \u91cc&#xff0c;\u4f8b\u5982&#xff08;\u793a\u610f&#xff09;&#xff1a;<\/p>\n<p><span class=\"token comment\"># \u5728 host \u4e0a&#xff08;\u6839\u636e\u4f60\u7684\u6e90\u7801\u5305\u5b9e\u9645\u8def\u5f84\u8c03\u6574&#xff09;<\/span><br \/>\n<span class=\"token function\">scp<\/span> optee\/samples\/ftpm-helper\/host\/tool\/ftpm_device_provision.sh <span class=\"token operator\">&lt;<\/span>device_ip<span class=\"token operator\">&gt;<\/span>:\/home\/<span class=\"token operator\">&lt;<\/span>user<span class=\"token operator\">&gt;<\/span>\/ftpm_prov\/<\/p>\n<p>\u5982\u679c\u4f60\u5728 BSP \u6e90\u7801\u5305\u91cc\u627e\u4e0d\u5230&#xff0c;\u4f18\u5148\u4ee5\u4f60\u5f53\u524d Jetson Linux \u7248\u672c\u7684\u5b98\u65b9\u8bf4\u660e\u4e3a\u51c6\u3002<\/p>\n<hr \/>\n<h3>8. \u7528 tpm2-tools \u5feb\u901f\u9a8c\u8bc1 fTPM \u662f\u5426\u771f\u7684\u201c\u80fd\u7528\u201d<\/h3>\n<h4>8.1 \u5b89\u88c5\u5de5\u5177<\/h4>\n<p><span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> update<br \/>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> <span class=\"token function\">install<\/span> -y tpm2-tools<\/p>\n<p>\u5efa\u8bae\u663e\u5f0f\u6307\u5b9a TCTI \u8d70 \/dev\/tpmrm0&#xff1a;<\/p>\n<p><span class=\"token builtin class-name\">export<\/span> <span class=\"token assign-left variable\">TPM2TOOLS_TCTI<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;device:\/dev\/tpmrm0&#034;<\/span><\/p>\n<h4>8.2 \u67e5\u770b TPM \u80fd\u529b\u5217\u8868<\/h4>\n<p>tpm2_getcap -l<\/p>\n<p>\u80fd\u6b63\u5e38\u8f93\u51fa\u4e00\u5927\u4e32 capability&#xff0c;\u8bf4\u660e TSS -&gt; \u5185\u6838 -&gt; fTPM TA \u7684\u94fe\u8def\u57fa\u672c\u901a\u3002<\/p>\n<h4>8.3 \u8bfb\u53d6 PCR&#xff08;\u7406\u89e3\u201c\u72b6\u6001\u5bc4\u5b58\u5668\u201d&#xff09;<\/h4>\n<p>tpm2_pcrread<br \/>\n<span class=\"token comment\"># \u6216\u8005\u53ea\u770b\u67d0\u4e9b&#xff1a;<\/span><br \/>\ntpm2_pcrread sha256:0,7<\/p>\n<p>\u4f60\u4f1a\u770b\u5230\u5404 bank&#xff08;sha1\/sha256\u2026&#xff09;\u4ee5\u53ca\u5bf9\u5e94 PCR \u7684\u503c\u3002<\/p>\n<h4>8.4 \u505a\u4e00\u6b21 PCR extend&#xff08;\u8ba9\u4f60\u76f4\u89c2\u7406\u89e3\u201c\u53ea\u80fd\u7d2f\u79ef\u201d&#xff09;<\/h4>\n<p>\u7528 tpm2_pcrevent \u6700\u7b80\u5355&#xff1a;\u5b83\u4f1a\u5bf9\u6587\u4ef6\/\u8f93\u5165\u505a hash \u5e76 extend \u5230 PCR\u3002<\/p>\n<p><span class=\"token builtin class-name\">echo<\/span> -n <span class=\"token string\">&#034;hello-ftpm&#034;<\/span> <span class=\"token operator\">|<\/span> tpm2_pcrevent &#8211; <span class=\"token number\">16<\/span><br \/>\n<span class=\"token comment\"># \u518d\u8bfb\u4e00\u6b21 PCR16&#xff1a;<\/span><br \/>\ntpm2_pcrread sha256:16<\/p>\n<p>\u4f60\u4f1a\u53d1\u73b0 PCR16 \u7684\u503c\u53d1\u751f\u53d8\u5316&#xff0c;\u800c\u4e14\u8fd9\u79cd\u53d8\u5316\u662f\u201c\u7d2f\u79ef\u94fe\u5f0f\u201d\u7684\u3002<\/p>\n<p>\u6ce8\u610f&#xff1a;\u5b9e\u9645\u4ea7\u54c1\u4e2d\u54ea\u4e9b PCR \u5141\u8bb8 extend\u3001\u7531\u8c01 extend&#xff0c;\u9700\u8981\u7531\u542f\u52a8\u94fe\/\u7b56\u7565\u51b3\u5b9a\u3002\u8fd9\u91cc\u662f\u4e3a\u4e86\u6f14\u793a\u4e0e\u7406\u89e3\u3002<\/p>\n<h4>8.5 \u9a8c\u8bc1 NV&#xff1a;\u5728 TPM \u91cc\u5b58\u4e00\u6bb5\u6570\u636e\u518d\u8bfb\u51fa\u6765<\/h4>\n<p>\u4e0b\u9762\u6f14\u793a\u201c\u5b9a\u4e49 NV index -&gt; \u5199\u5165 -&gt; \u8bfb\u53d6 -&gt; \u5220\u9664\u201d\u3002<\/p>\n<p><span class=\"token comment\"># 1) \u5b9a\u4e49\u4e00\u4e2a 32 \u5b57\u8282\u7684 NV index&#xff08;\u793a\u4f8b\u7528 0x1500016&#xff09;<\/span><br \/>\n<span class=\"token function\">sudo<\/span> tpm2_nvdefine 0x1500016 -C o -s <span class=\"token number\">32<\/span> -a <span class=\"token string\">&#034;ownerread|ownerwrite|policywrite&#034;<\/span><\/p>\n<p><span class=\"token comment\"># 2) \u5199\u5165\u6570\u636e&#xff08;\u51c6\u5907\u4e00\u4e2a\u6587\u4ef6&#xff09;<\/span><br \/>\n<span class=\"token builtin class-name\">echo<\/span> -n <span class=\"token string\">&#034;ftpm-nv-demo&#034;<\/span> <span class=\"token operator\">&gt;<\/span> nv.dat<br \/>\n<span class=\"token function\">sudo<\/span> tpm2_nvwrite -C o -i nv.dat 0x1500016<\/p>\n<p><span class=\"token comment\"># 3) \u8bfb\u56de&#xff08;\u8bfb 32 \u5b57\u8282&#xff09;<\/span><br \/>\n<span class=\"token function\">sudo<\/span> tpm2_nvread -C o -s <span class=\"token number\">32<\/span> 0x1500016<\/p>\n<p><span class=\"token comment\"># 4) \u7528\u5b8c\u5220\u9664&#xff08;\u53ef\u9009&#xff09;<\/span><br \/>\n<span class=\"token function\">sudo<\/span> tpm2_nvundefine -C o 0x1500016<\/p>\n<p>\u5982\u679c\u8fd9\u7ec4\u547d\u4ee4\u80fd\u6b63\u5e38\u8dd1\u901a&#xff0c;\u8bf4\u660e&#xff1a;<\/p>\n<ul>\n<li>fTPM \u7684 NV \u8def\u5f84\u53ef\u7528<\/li>\n<li>OP-TEE \u7684 secure storage \u540e\u7aef\u81f3\u5c11\u80fd\u6ee1\u8db3\u57fa\u7840\u6301\u4e45\u5316\u9700\u6c42<\/li>\n<\/ul>\n<hr \/>\n<h3>9. \/dev\/tpm0 \u4e0e \/dev\/tpmrm0&#xff1a;\u4e3a\u4ec0\u4e48\u4f60\u5e94\u8be5\u4f18\u5148\u7528 tpmrm0&#xff1f;<\/h3>\n<p>\u5f88\u591a\u4eba\u770b\u5230\u4e24\u4e2a\u8bbe\u5907\u8282\u70b9\u4f1a\u56f0\u60d1\u3002\u7b80\u5355\u8bf4&#xff1a;<\/p>\n<ul>\n<li>\/dev\/tpm0&#xff1a;\u76f4\u63a5 TPM \u8bbe\u5907<\/li>\n<li>\/dev\/tpmrm0&#xff1a;\u5185\u6838 resource manager&#xff08;\u4f1a\u5e2e\u4f60\u5904\u7406 session\/\u5bf9\u8c61\u5e76\u53d1&#xff09;<\/li>\n<\/ul>\n<p>\u5bf9\u6bd4\u8868&#xff1a;<\/p>\n<table>\n<tr>\u8bbe\u5907\u8282\u70b9\u4f5c\u7528\u9002\u5408\u573a\u666f\u5efa\u8bae<\/tr>\n<tbody>\n<tr>\n<td>\/dev\/tpm0<\/td>\n<td>\u76f4\u63a5\u8bbf\u95ee TPM<\/td>\n<td>\u5355\u8fdb\u7a0b\/\u7b80\u5355\u6d4b\u8bd5<\/td>\n<td>\u80fd\u7528\u4f46\u4e0d\u4f18\u5148<\/td>\n<\/tr>\n<tr>\n<td>\/dev\/tpmrm0<\/td>\n<td>\u5185\u6838\u8d44\u6e90\u7ba1\u7406<\/td>\n<td>\u591a\u8fdb\u7a0b\u5e76\u53d1\u3001\u7cfb\u7edf\u670d\u52a1\u3001\u957f\u671f\u8fd0\u884c<\/td>\n<td>\u4f18\u5148\u4f7f\u7528<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h3>10. fTPM \u4e0e Secure Boot \/ Measured Boot&#xff1a;\u522b\u6df7\u5728\u4e00\u8d77<\/h3>\n<p>\u8fd9\u91cc\u518d\u628a\u6700\u5bb9\u6613\u6df7\u6dc6\u7684\u4e00\u70b9\u8bb2\u900f&#xff1a;<\/p>\n<ul>\n<li>Secure Boot&#xff08;\u9a8c\u8bc1\u542f\u52a8&#xff09;&#xff1a;\u6838\u5fc3\u662f\u201c\u53ea\u5141\u8bb8\u6388\u6743\u7ec4\u4ef6\u542f\u52a8\u201d\u3002<\/li>\n<li>Measured Boot&#xff08;\u5ea6\u91cf\u542f\u52a8&#xff09;&#xff1a;\u6838\u5fc3\u662f\u201c\u628a\u542f\u52a8\u5173\u952e\u7ec4\u4ef6\u7684\u54c8\u5e0c\u5199\u8fdb PCR&#xff0c;\u5e76\u53ef\u5bf9\u5916\u8bc1\u660e\u201d\u3002<\/li>\n<\/ul>\n<p>\u4e24\u8005\u5173\u7cfb&#xff1a;<\/p>\n<ul>\n<li>Secure Boot \u66f4\u50cf\u201c\u95e8\u7981\u201d<\/li>\n<li>Measured Boot \u66f4\u50cf\u201c\u5168\u7a0b\u5f55\u50cf &#043; \u53ef\u9a8c\u771f\u201d<\/li>\n<\/ul>\n<p>fTPM \u4e3b\u8981\u7ed9 Measured Boot \u4e0e Attestation \u63d0\u4f9b\u6807\u51c6\u63a5\u53e3&#xff0c;\u4f46\u5b83\u4e5f\u5e38\u88ab\u7528\u4e8e\u201c\u628a\u5bc6\u94a5\u91ca\u653e\u7ed1\u5b9a\u5230\u72b6\u6001\u201d&#xff08;Seal\/Unseal&#xff09;&#xff0c;\u4ece\u800c\u4e0e Secure Boot \u5f62\u6210\u4e92\u8865\u3002<\/p>\n<hr \/>\n<h3>11. Jetson \u4e0a fTPM \u6301\u4e45\u5316\u80cc\u540e\u4f9d\u8d56\u4ec0\u4e48&#xff1f;\u4e3a\u4ec0\u4e48\u7ecf\u5e38\u8e29\u5751&#xff1f;<\/h3>\n<p>fTPM \u9700\u8981\u5b58\u50a8\u4e00\u4e9b\u6301\u4e45\u5316\u72b6\u6001&#xff08;NV \u7d22\u5f15\u3001\u8ba1\u6570\u5668\u3001\u8bc1\u4e66\u7b49&#xff09;\u3002\u5728 Jetson \u5e73\u53f0\u4e0a&#xff0c;\u8fd9\u901a\u5e38\u4f9d\u8d56 OP-TEE \u7684 Secure Storage \u540e\u7aef&#xff1a;<\/p>\n<ul>\n<li>REE FS&#xff1a;\u4f9d\u8d56\u666e\u901a\u4e16\u754c\u6587\u4ef6\u7cfb\u7edf&#xff08;\u9ed8\u8ba4\u5e38\u7528&#xff09;<\/li>\n<li>RPMB&#xff1a;\u4f9d\u8d56 eMMC \u7684 RPMB \u5206\u533a&#xff08;\u66f4\u5f3a\u7684\u6297\u56de\u653e\/\u6297\u7be1\u6539\u80fd\u529b&#xff0c;\u4f46\u5e76\u975e\u6240\u6709 SKU\/\u7248\u672c\u90fd\u652f\u6301&#xff09;<\/li>\n<\/ul>\n<p>\u4f60\u9700\u8981\u7279\u522b\u6ce8\u610f\u4e24\u4e2a\u70b9&#xff1a;<\/p>\n<li>\n<p>\u4e0d\u540c Jetson Linux \u7248\u672c\/\u4e0d\u540c\u6a21\u5757 SKU \u5bf9 RPMB \u652f\u6301\u60c5\u51b5\u53ef\u80fd\u4e0d\u540c\u3002<\/p>\n<\/li>\n<li>\n<p>\u5982\u679c\u4f7f\u7528 REE FS \u4f5c\u4e3a secure storage \u540e\u7aef&#xff0c;\u5fc5\u987b\u786e\u4fdd\u4fdd\u5b58\u4f4d\u7f6e\u4e0d\u4f1a\u88ab\u201cfactory reset\/\u6e05\u7406\u673a\u5236\u201d\u62b9\u6389&#xff0c;\u5426\u5219\u4f1a\u5bfc\u81f4&#xff1a;<\/p>\n<ul>\n<li>fTPM NV \u4e22\u5931<\/li>\n<li>\u8bbe\u5907\u8eab\u4efd\u53d8\u5316\/\u5bc6\u94a5\u53d8\u5316<\/li>\n<li>\u8fdc\u7a0b\u8bc1\u660e\u4f53\u7cfb\u5d29\u6e83<\/li>\n<\/ul>\n<\/li>\n<p>\u5de5\u7a0b\u5efa\u8bae&#xff1a;<\/p>\n<ul>\n<li>\u8bc4\u4f30\u4ea7\u54c1\u5f62\u6001\u4e0e Jetson Linux \u7248\u672c\u652f\u6301\u60c5\u51b5&#xff0c;\u80fd\u7528 RPMB \u4f18\u5148\u7528\u3002<\/li>\n<li>\u82e5\u4f7f\u7528 REE FS&#xff0c;\u786e\u4fdd OP-TEE secure storage \u8def\u5f84\u4f4d\u4e8e\u53ef\u9760\u6301\u4e45\u5316\u5206\u533a&#xff0c;\u5e76\u53d7\u7cfb\u7edf\u7b56\u7565\u4fdd\u62a4\u3002<\/li>\n<\/ul>\n<hr \/>\n<h3>12. \u5e38\u89c1\u95ee\u9898\u6392\u67e5\u6e05\u5355&#xff08;\u975e\u5e38\u5b9e\u7528&#xff09;<\/h3>\n<h4>12.1 modprobe \u6210\u529f\u4f46\u6ca1\u6709 \/dev\/tpm0<\/h4>\n<ul>\n<li>\u68c0\u67e5\u5185\u6838\u662f\u5426\u542f\u7528 TPM \u4e0e tpm_ftpm_tee&#xff1a;<\/li>\n<\/ul>\n<p><span class=\"token function\">dmesg<\/span> <span class=\"token operator\">|<\/span> <span class=\"token function\">grep<\/span> -i tpm<br \/>\nlsmod <span class=\"token operator\">|<\/span> <span class=\"token function\">grep<\/span> tpm<\/p>\n<ul>\n<li>\u68c0\u67e5 OP-TEE \u901a\u9053&#xff1a;<\/li>\n<\/ul>\n<p><span class=\"token function\">dmesg<\/span> <span class=\"token operator\">|<\/span> <span class=\"token function\">grep<\/span> -i <span class=\"token function\">tee<\/span><br \/>\n<span class=\"token function\">ls<\/span> -l \/dev\/tee0<\/p>\n<h4>12.2 \/dev\/tpm0 \u6709\u4e86&#xff0c;\u4f46 tpm2-tools \u62a5\u9519<\/h4>\n<ul>\n<li>\u4f18\u5148\u7528 \/dev\/tpmrm0&#xff1a;<\/li>\n<\/ul>\n<p><span class=\"token builtin class-name\">export<\/span> <span class=\"token assign-left variable\">TPM2TOOLS_TCTI<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;device:\/dev\/tpmrm0&#034;<\/span><\/p>\n<ul>\n<li>\u518d\u8dd1 tpm2_getcap -l \u770b\u662f\u5426\u94fe\u8def\u901a\u3002<\/li>\n<\/ul>\n<h4>12.3 NV \u64cd\u4f5c\u5931\u8d25\u6216 provisioning \u5931\u8d25<\/h4>\n<ul>\n<li>\u5f88\u591a\u4e0e OP-TEE secure storage \u540e\u7aef\u6709\u5173&#xff1a;\u8def\u5f84\u4e0d\u53ef\u5199\u3001\u88ab\u6e05\u7406\u3001\u6743\u9650\/\u6302\u8f7d\u95ee\u9898\u3002<\/li>\n<li>\u786e\u8ba4 tee-supplicant \u670d\u52a1\u6b63\u5e38\u3002<\/li>\n<\/ul>\n<h4>12.4 provisioning \u505a\u5b8c\u4e86&#xff0c;\u4e3a\u4ec0\u4e48\u8fd8\u8981\u5173\u5fc3 EK \u8bc1\u4e66&#xff1f;<\/h4>\n<p>\u56e0\u4e3a\u6ca1\u6709 EK \u8bc1\u4e66\/\u53ef\u4fe1\u94fe&#xff0c;\u8fdc\u7aef\u7cfb\u7edf\u5f88\u96be\u201c\u8ba4\u201d\u4f60\u7684 TPM \u8eab\u4efd\u3002<\/p>\n<hr \/>\n<h3>13. \u7ed3\u8bed&#xff1a;\u7528\u4e00\u53e5\u5de5\u7a0b\u5316\u7684\u8bdd\u603b\u7ed3 fTPM<\/h3>\n<p>\u5728 Jetson Orin \u4e0a&#xff0c;fTPM &#061; \u201c\u7528 OP-TEE \u628a TPM2.0 \u505a\u6210\u4e00\u4e2a TA\u201d&#xff0c;\u8ba9 Linux \u901a\u8fc7\u6807\u51c6 TSS\/TPM \u8bbe\u5907\u63a5\u53e3\u83b7\u5f97&#xff1a;\u8bbe\u5907\u8eab\u4efd\u3001\u5ea6\u91cf\u72b6\u6001&#xff08;PCR&#xff09;\u3001\u5bc6\u94a5\u7ed1\u5b9a\u4e0e\u8fdc\u7a0b\u8bc1\u660e\u80fd\u529b\u3002<\/p>\n<p>\u5b83\u4e0e EKS\/EKB \u7684\u5173\u7cfb\u4e0d\u662f\u201c\u6539 EKS\u201d&#xff0c;\u800c\u662f\u201c\u51fa\u5382 provisioning \u7684\u6750\u6599\u6295\u9012\u65b9\u5f0f\u201d&#xff1b;\u6ca1\u6709 fTPM&#xff0c;OP-TEE \u4ecd\u7136\u53ef\u4ee5\u5de5\u4f5c&#xff0c;\u4f46 fTPM \u662f OP-TEE \u5728\u5e73\u53f0\u53ef\u4fe1\u4f53\u7cfb\u91cc\u7684\u4e00\u4e2a\u975e\u5e38\u5178\u578b\u3001\u975e\u5e38\u5b9e\u7528\u7684\u5b89\u5168\u670d\u52a1\u3002<\/p>\n<hr \/>\n<h3>\u53c2\u8003\u8d44\u6599&#xff08;\u5efa\u8bae\u6536\u85cf&#xff09;<\/h3>\n<ul>\n<li>\n<p>NVIDIA Jetson Linux Developer Guide \u2013 Firmware TPM&#xff08;\u4e0d\u540c\u7248\u672c URL \u4f1a\u53d8\u5316&#xff0c;\u8bf7\u4ee5\u4f60\u4f7f\u7528\u7684 Jetson Linux \u7248\u672c\u4e3a\u51c6&#xff09;<\/p>\n<ul>\n<li>https:\/\/docs.nvidia.com\/jetson\/<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>Linux \u5185\u6838\u6587\u6863&#xff1a;tpm_ftpm_tee \u9a71\u52a8\u8bf4\u660e<\/p>\n<ul>\n<li>https:\/\/docs.kernel.org\/security\/tpm\/tpm_ftpm_tee.html<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>TPM2 \u5de5\u5177\u94fe&#xff08;tpm2-tools \/ tpm2-tss&#xff09;<\/p>\n<ul>\n<li>https:\/\/tpm2-tools.readthedocs.io\/<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>TCG&#xff08;Trusted Computing Group&#xff09;TPM 2.0 \u89c4\u8303\u4e0e\u6587\u6863\u5165\u53e3<\/p>\n<ul>\n<li>https:\/\/trustedcomputinggroup.org\/<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<hr \/>\n<p>&#x1f4fa; B\u7ad9\u89c6\u9891\u8bb2\u89e3&#xff08;Bilibili&#xff09;&#xff1a;\u535a\u4e3b\u4e2a\u4eba\u4ecb\u7ecd<\/p>\n<p>&#x1f4d8; \u300aYocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b\u300b\u4eac\u4e1c\u8d2d\u4e70\u94fe\u63a5&#xff1a;Yocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b<\/p>\n<p>&#x1f4d8; \u52a0\u535a\u4e3b\u5fae\u4fe1&#xff0c;\u8fdb\u6280\u672f\u4ea4\u6d41\u7fa4&#xff1a; jerrydev<\/p>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>&#x1f4fa; B\u7ad9\u89c6\u9891\u8bb2\u89e3&#xff08;Bilibili&#xff09;&#xff1a;\u535a\u4e3b\u4e2a\u4eba\u4ecb\u7ecd<br \/>\n&#x1f4d8; \u300aYocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b\u300b\u4eac\u4e1c\u8d2d\u4e70\u94fe\u63a5&#xff1a;Yocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b<br \/>\n&#x1f4d8; \u52a0\u535a\u4e3b\u5fae\u4fe1&#xff0c;\u8fdb\u6280\u672f\u4ea4\u6d41\u7fa4&#xff1a; jerrydev Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790&#xff1a;\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218&#xff08;\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868&#xff09; \u9002\u7528<\/p>\n","protected":false},"author":2,"featured_media":65578,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[156,61,100,188,4647,305],"topic":[],"class_list":["post-65579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-yolo","tag-61","tag-100","tag-188","tag-4647","tag-305"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/65579.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"&#x1f4fa; B\u7ad9\u89c6\u9891\u8bb2\u89e3&#xff08;Bilibili&#xff09;&#xff1a;\u535a\u4e3b\u4e2a\u4eba\u4ecb\u7ecd &#x1f4d8; \u300aYocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b\u300b\u4eac\u4e1c\u8d2d\u4e70\u94fe\u63a5&#xff1a;Yocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b &#x1f4d8; \u52a0\u535a\u4e3b\u5fae\u4fe1&#xff0c;\u8fdb\u6280\u672f\u4ea4\u6d41\u7fa4&#xff1a; jerrydev Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790&#xff1a;\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218&#xff08;\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868&#xff09; \u9002\u7528\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/65579.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-25T03:24:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260125032442-69758cfa683b0.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/65579.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/65579.html\",\"name\":\"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-01-25T03:24:44+00:00\",\"dateModified\":\"2026-01-25T03:24:44+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/65579.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/65579.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/65579.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/65579.html","og_locale":"zh_CN","og_type":"article","og_title":"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"&#x1f4fa; B\u7ad9\u89c6\u9891\u8bb2\u89e3&#xff08;Bilibili&#xff09;&#xff1a;\u535a\u4e3b\u4e2a\u4eba\u4ecb\u7ecd &#x1f4d8; \u300aYocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b\u300b\u4eac\u4e1c\u8d2d\u4e70\u94fe\u63a5&#xff1a;Yocto\u9879\u76ee\u5b9e\u6218\u6559\u7a0b &#x1f4d8; \u52a0\u535a\u4e3b\u5fae\u4fe1&#xff0c;\u8fdb\u6280\u672f\u4ea4\u6d41\u7fa4&#xff1a; jerrydev Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790&#xff1a;\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218&#xff08;\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868&#xff09; \u9002\u7528","og_url":"https:\/\/www.wsisp.com\/helps\/65579.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-01-25T03:24:44+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260125032442-69758cfa683b0.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"7 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/65579.html","url":"https:\/\/www.wsisp.com\/helps\/65579.html","name":"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-01-25T03:24:44+00:00","dateModified":"2026-01-25T03:24:44+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/65579.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/65579.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/65579.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"Jetson Orin \u5e73\u53f0 fTPM \u5168\u9762\u89e3\u6790\uff1a\u4ece TPM \u6982\u5ff5\u5230 OP-TEE \u5b9e\u6218\uff08\u542b EKS\/EKB\u3001\u6d41\u7a0b\u56fe\u3001\u5bf9\u6bd4\u8868\uff09"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/65579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=65579"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/65579\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/65578"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=65579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=65579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=65579"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=65579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}