Add fwTPM example for Xilinx ZCU102 Cortex-R5 (lock-step) by dgarske · Pull Request #3 · wolfSSL/wolftpm-examples

dgarske · 2026-05-12T23:25:34Z

Summary

This PR adds a new fwTPM example under Xilinx/fwtpm-zcu102-r5/. The target is a stock ZCU102 development board with Linux running on the A53 APU and wolfTPM's fwTPM running bare-metal on the Cortex-R5 RPU in lock-step mode. Linux talks to the R5 fwTPM over OpenAMP RPMsg loaded via the upstream Linux remoteproc framework. The example is end-to-end verified on hardware -- the included Linux smoke test issues TPM2 Startup, SelfTest, GetRandom and GetCapability and gets clean responses from the R5.

This is the third fwTPM port in wolftpm-examples, joining STM32H5 (single-MCU, mssim over UART) and Microchip PolarFire SoC (RISC-V hart-4 under HSS, shared-memory TIS). It is the first port to:

run on a safety-class lock-step core (RPU0+RPU1 paired, single 256 KiB TCM view)
use OpenAMP RPMsg as the wolfTPM transport
be loaded at runtime by the Linux remoteproc framework (no co-resident boot loader required)

All work is public. No customer-specific hardware definitions or vendor-private assets are referenced -- the build uses the stock ZCU102 .xsa from Vitis 2025.2, the stock ZCU102 PetaLinux 2025.2 BSP, and the public OpenAMP / libmetal sources shipped under /opt/Xilinx/2025.2/data/.

What's included

Xilinx/fwtpm-zcu102-r5/
  README.md
  deploy-to-sdcard.sh               # host-side SD reflasher (BOOT.BIN + image.ub + rootfs)
  firmware/fwtpm-r5/                # R5 bare-metal firmware
    Makefile                        # Vitis 2025.2 armr5-none-eabi-gcc, sibling ../wolfssl ../wolftpm
    boot.S                          # custom R5 reset entry + TCM-resident MPU-disable stub
    lscript.ld                      # 1 MiB DDR carveout, TCM vectors
    mpu_setup.c                     # ARMv7-R MPU programming (2 GiB Normal-NC + 32 MiB Device)
    main.c                          # MPU init -> HAL init -> FWTPM_Init -> rpmsg server
    user_settings.h                 # wolfSSL + wolfTPM config (SP-32 math, no PQC for V1)
    fwtpm_clock_zynqmp.c            # FWTPM_CLOCK_HAL via PMU CCNT
    fwtpm_nv_ram.c                  # FWTPM_NV_HAL backed by DDR (V1, volatile)
    fwtpm_nv_qspi.c                 # FWTPM_NV_HAL backed by XQspiPsu (follow-on, see below)
    fwtpm_rpmsg.c                   # OpenAMP rpmsg endpoint ("wolftpm")
    platform_info.c                 # IPI doorbell + libmetal device registration
    rsc_table.c                     # remoteproc resource table (vdev + trace)
    bsp_stubs.c                     # _init, _sbrk, outbyte() -> trace_buffer ring
  petalinux/                        # PetaLinux 2025.2 project
    project-spec/meta-user/...
      conf/petalinuxbsp.conf
      recipes-bsp/device-tree/files/system-user.dtsi  # lock-step, IPI mailbox, vdev0vring*
      recipes-bsp/fwtpm-r5/                            # stages fwtpm_r5.elf to /lib/firmware/
      recipes-apps/fwtpm-rpmsg-test/                   # cross-compiled smoke client
      recipes-kernel/linux/linux-xlnx/openamp.cfg      # REMOTEPROC + RPMSG_CHAR enabled
  linux-client/
    fwtpm_rpmsg_test.c              # Linux client (Startup/SelfTest/GetRandom/GetCap)
    Makefile

End-to-end verification

After SD-card-flashing the PetaLinux image and writing the R5 ELF to /lib/firmware/, the firmware comes up cleanly on cold boot. The remoteproc trace ring (/sys/kernel/debug/remoteproc/remoteproc0/trace0) shows the full init sequence; dmesg shows Linux registering the rpmsg channel; the smoke client issues four TPM2 commands and gets TPM_RC_SUCCESS for all of them:

$ sudo /usr/bin/fwtpm_rpmsg_test
Startup         tag=0x8001 size=10 rc=0x00000000  OK
SelfTest        tag=0x8001 size=10 rc=0x00000000  OK
GetRandom(32)   tag=0x8001 size=44 rc=0x00000000  OK
GetCapability   tag=0x8001 size=27 rc=0x00000000  OK
all 4 tests passed

R5 trace ring concurrently:

mpu: enabled
=== wolfTPM fwTPM on ZCU102 R5 (lock-step) ===
step 1..8: NV + clock HAL setup OK
step 10: FWTPM_Init done
fwTPM initialized successfully
step 11..12: rpmsg init done
rpmsg ready, waiting for commands

Linux dmesg:

remoteproc remoteproc0: Booting fw image fwtpm_r5.elf, size 2648804
rproc-virtio rproc-virtio.1.auto: assigned reserved memory node vdev0buffer@3ee08000
virtio_rpmsg_bus virtio0: rpmsg host is online
remoteproc remoteproc0: remote processor ffe00000.r5f is now up
virtio_rpmsg_bus virtio0: creating channel wolftpm addr 0x400

Architecture highlights

The interesting bits worth a reviewer's attention:

Lock-step config from the device tree, not from a boot-time flag. system-user.dtsi sets xlnx,cluster-mode = <1> and xlnx,tcm-mode = <1> on the r5fss node, so the upstream xlnx,zynqmp-r5fss driver brings up the two R5 cores as one logical core with 256 KiB TCM at VA 0. One remoteproc0 instance, one ELF.
R5 firmware is rproc-loaded at runtime. No co-resident bootloader -- Linux's remoteproc framework parses the ELF (text in DDR carveout, vectors in TCM), loads it, kicks the R5 out of reset, and registers the rpmsg channel from the firmware's NS announce.
MPU programmed by hand, libxilstandalone _boot bypassed. The BSP's _boot does MPU + cache init that assumes a peripheral layout that doesn't match the rproc-loaded layout. mpu_setup.c programs just two regions -- 2 GiB Normal-NC covering TCM + DDR (so libmetal's LDREX/STREX atomics work), and 32 MiB Device covering IPI/UART/QSPI/CSU at 0xFE000000. Caches stay off in V1 so the trace ring is coherent with the APU without explicit dcache flushes.
boot.S has a TCM-resident reset stub. ZynqMP remoteproc stop / start preserves CP15 state across firmware reloads, so a previous run can leave an MPU map that prefetch-aborts the first DDR instruction fetch by _entry. The TCM stub clears SCTLR.M / C / I before jumping to DDR.
DT memory-region naming matches what the kernel expects. The OpenAMP shared regions are named vdev0vring0 / vdev0vring1 / vdev0buffer (matching the kernel's vdev%dvring%d / vdev%dbuffer lookup pattern), and vdev0buffer has compatible = "shared-dma-pool" so of_reserved_mem_device_init_by_idx succeeds. With the obvious names (vring0, buffer) the kernel silently allocates fresh DMA pages at a different physical address and Linux + R5 talk to different memory.
IPI mailbox channel-7 (PL3, OpenAMP "bare-metal-app" channel) is wired via xlnx,zynqmp-ipi-mailbox and mboxes on r5f@0. The R5-side IPI bit mask in xparameters.h is 0x01000000 (bit 24 = PL3), matching the host's xlnx,ipi-id = 7.
linux-client/fwtpm_rpmsg_test.c uses an explicit dst = 1024 in RPMSG_CREATE_EPT_IOCTL because the in-kernel rpmsg_chrdev driver only auto-probes channels named "rpmsg-raw" -- our "wolftpm" channel needs the userspace ioctl dance to materialize a /dev/rpmsg0 device. 1024 is the first reserved endpoint address that rpmsg_create_ept(src = ANY) assigns on the R5 side.

Known limitations / follow-ons (called out in `README.md`)

NV is RAM-backed in V1 (fwtpm_nv_ram.c). The 64 KiB volatile NV image lives in the DDR carveout and does not survive power cycle or remoteproc stop/start. Persistent NV via the QSPI partition at 0x07FF0000 (fwtpm_nv_qspi.c skeleton included) needs Linux MTD to carve out (or skip) that range so the R5 owns it without conflict. An rpmsg-mediated NV proxy where Linux owns MTD and the R5 sends read/write requests over a second endpoint is the cleaner long-term answer for production.
Polled rpmsg in V1 -- R5 keeps CPSR.I=1 (IRQ masked) and drives the vring drain from zynqmp_r5_rpmsg_poll. Adequate for the smoke test; the natural next step is enabling R5 IRQs after FWTPM_Init and routing the IPI as a real exception.
Caches off in V1. R5 D-cache is left disabled so trace-ring writes are visible to the APU without explicit Xil_DCacheFlush(). Enabling caches with per-region attributes is a clear follow-on once the transport is hardened.
PQC disabled in user_settings.h to keep R5 text footprint small. Easy to flip on once the basic transport is stable.
DEBUG_WOLFTPM filed as an upstream wolfTPM cleanup: a few sites in fwtpm_nv.c route diagnostic strings through plain printf / fprintf(stderr, ...) which hang on bare-metal R5 (no _write backend in newlib). README documents a candidate fix: route those through WOLFSSL_MSG / WOLFSSL_MSG_EX so embedded ports can hook them via wolfSSL_SetLoggingCb.

Bring-up notes (interesting bugs caught during dev)

For the curious -- six subtle issues we hit and resolved during hardware bring-up:

Init_MPU is not weak in the Xilinx 2025.2 BSP, so we couldn't override its peripheral map cleanly; we ship a custom boot.S + mpu_setup.c instead of using libxilstandalone's _boot.
DEBUG_WOLFTPM hung at the first NV log line because wolfTPM uses bare printf rather than the configurable WOLFSSL_MSG macro.
Vring carveouts in DT overlapped the firmware load region, causing rcu_sched stalls and SDHCI command timeouts on the APU. Moved the OpenAMP shared regions to 0x3EE00000+, outside rproc_0_reserved.
IPI bit mask 0x100 targeted the PMU, not the APU (channel 7 is bit 24 = 0x01000000). Linux never received the NS announce; /dev/rpmsg0 never appeared.
rpmsg_create_ept wasn't being called proactively -- we relied only on ns_bind_cb (which fires the opposite direction). Adding an explicit rpmsg_create_ept after rpmsg_init_vdev triggers the NS_CREATE announce to Linux.
metal_device static-init with page_shift = 12, page_mask = -1 is internally inconsistent. The compiled virtqueue_get_buffer_addr inline lookup reads physmap[offset >> 12], indexing 32 entries past the single-entry physmap. Loop increment becomes (-1) + 1 = 0 so the loop is infinite. Fix: page_shift = -1UL, page_mask = -1UL (libmetal's documented contiguous-region idiom). JTAG-localized via Xilinx Platform Cable II + xsdb.

Copilot

Pull request overview

This PR adds a new end-to-end fwTPM example targeting the Xilinx ZCU102 where Linux (A53) loads and communicates with a bare-metal Cortex-R5 lock-step fwTPM instance via Linux remoteproc + OpenAMP RPMsg, along with a PetaLinux project and a Linux-side smoke test.

Changes:

Added ZCU102 R5 lock-step bare-metal fwTPM firmware (resource table, MPU setup, RPMsg transport, NV HALs, linker script, build system).
Added a self-contained PetaLinux 2025.2 project (DT overlay carveouts/lock-step/IPI mailbox + recipes for firmware staging and smoke test + kernel config fragment).
Added host-side helpers and documentation (SD deploy script, READMEs, repo top-level README entry, gitignore updates).

Reviewed changes

Copilot reviewed 46 out of 49 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
Xilinx/fwtpm-zcu102-r5/README.md	ZCU102 fwTPM architecture/build/boot documentation for the new example.
Xilinx/fwtpm-zcu102-r5/deploy-to-sdcard.sh	Host script to deploy PetaLinux artifacts to an SD card.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/Makefile	Build rules for the R5 bare-metal fwTPM firmware (Tier-1 objects, Tier-2 ELF link).
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/boot.S	R5 reset/vector entry and TCM stub for remoteproc reload robustness.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/lscript.ld	Linker script for rproc DDR carveout + TCM vectors + trace/resource sections.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/mpu_setup.c	Minimal ARMv7-R MPU programming for Normal-NC + Device regions.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/main.c	Firmware entry: MPU init, HAL registration, fwTPM init, RPMsg server loop.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/user_settings.h	wolfSSL/wolfTPM build-time configuration for bare-metal R5.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/fwtpm_clock_zynqmp.c	Clock HAL (PMU CCNT) and RNG seed callback.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/fwtpm_nv_ram.c	Volatile RAM-backed NV HAL (V1 fallback).
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/fwtpm_nv_qspi.c	QSPI-backed NV HAL skeleton using XQspiPsu.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/fwtpm_rpmsg.c	OpenAMP RPMsg endpoint bridging to FWTPM_ProcessCommand + poll loop.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/platform_info.c	libmetal device registration + remoteproc ops + IPI helpers for OpenAMP.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/rsc_table.c	remoteproc resource table (rpmsg vdev + optional trace ring).
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/bsp_stubs.c	Newlib/BSP stubs: _sbrk + outbyte() -> trace buffer ring.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/zcu102_r5.h	Local header for platform HAL APIs used across firmware sources.
Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/include/xparameters.h	Hand-rolled minimal platform constants and carveout addresses.
Xilinx/fwtpm-zcu102-r5/petalinux/README.md	Instructions for building and validating the included PetaLinux project.
Xilinx/fwtpm-zcu102-r5/petalinux/.gitignore	Ignores PetaLinux build outputs/imported hardware, preserves key configs.
Xilinx/fwtpm-zcu102-r5/petalinux/.petalinux/metadata	Captures PetaLinux version and project metadata for the committed project.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/attributes	PetaLinux project attributes (e.g., defconfig selection).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/configs/config	Committed PetaLinux system configuration used as build input.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/configs/flash_parts.txt	Flash layout config for PetaLinux tooling.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/configs/rootfsconfigs/user-rootfsconfig	Rootfs config list (user-rootfsconfig) for the project.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/README	Meta-user layer README (currently template content).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/COPYING.MIT	MIT license text for the meta-user layer template.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/conf/layer.conf	Yocto layer configuration for meta-user (scarthgap compatibility).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/conf/petalinuxbsp.conf	Adds fwtpm-r5 and fwtpm-rpmsg-test packages to IMAGE_INSTALL.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/conf/user-rootfsconfig	Meta-user rootfs package listing file.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/device-tree/device-tree.bbappend	Hooks in system-user.dtsi overlay for the device-tree build.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/device-tree/device-tree-sdt.inc	SDT include wiring for extra DT include files.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/device-tree/files/system-user.dtsi	DT overlay: lock-step cluster mode, carveouts, IPI mailbox, QSPI partition, GEM3 PHY.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/fwtpm-r5/fwtpm-r5_0.1.0.bb	Recipe to stage the prebuilt R5 ELF into firmware directory for remoteproc.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-rpmsg-test/fwtpm-rpmsg-test_0.1.0.bb	Recipe to build/install the RPMsg smoke-test client.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-apps/fwtpm-rpmsg-test/files/fwtpm_rpmsg_test.c	Source for the smoke-test client (duplicate of linux-client version).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-kernel/linux/linux-xlnx_%.bbappend	Adds kernel feature fragments (bsp.cfg + openamp.cfg).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-kernel/linux/linux-xlnx/bsp.cfg	Empty kernel fragment placeholder referenced by bbappend.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-kernel/linux/linux-xlnx/openamp.cfg	Kernel config fragment enabling remoteproc/rpmsg/mailbox.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/u-boot/u-boot-xlnx_%.bbappend	U-Boot bbappend adding platform-top.h and bsp.cfg.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/u-boot/files/platform-top.h	U-Boot platform-top config header inclusion shim.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/u-boot/files/bsp.cfg	U-Boot config selection for platform-top.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/recipes-bsp/u-boot/files/0001-ubifs-distroboot-support.patch	U-Boot patch file (currently not wired into bbappend).
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/meta-xilinx-tools/recipes-bsp/uboot-device-tree/uboot-device-tree.bbappend	Adds a DT include for the U-Boot device-tree build.
Xilinx/fwtpm-zcu102-r5/petalinux/project-spec/meta-user/meta-xilinx-tools/recipes-bsp/uboot-device-tree/files/system-user.dtsi	Minimal U-Boot DT include overlay file.
Xilinx/fwtpm-zcu102-r5/linux-client/Makefile	Standalone build for the A53 Linux smoke-test client.
Xilinx/fwtpm-zcu102-r5/linux-client/fwtpm_rpmsg_test.c	Standalone A53 Linux RPMsg smoke-test client source.
README.md	Top-level repo README updated to mention the new ZCU102 example.
.gitignore	Repo gitignore updated for ZCU102 example build artifacts (BSP/hw/petalinux outputs/client binary).

Comments suppressed due to low confidence (2)

Xilinx/fwtpm-zcu102-r5/README.md:211

In the Memory Map table, the QSPI fwtpm-nv partition is listed at 0x07F00000, but system-user.dtsi defines it at 0x07FF0000. This discrepancy can cause readers to partition flash incorrectly and (if the QSPI HAL is enabled) can lead to writes to the wrong offset; please make the address consistent everywhere.

| RPMsg buffer pool | 0x3EE08000   | 256 KiB | shared payload buffers      |
| QSPI fwtpm-nv     | 0x07F00000   | 64 KiB  | persistent NV (R5 owns)     |

Xilinx/fwtpm-zcu102-r5/firmware/fwtpm-r5/fwtpm_nv_qspi.c:253

This file uses printf() for QSPI init errors, but the port documentation indicates newlib stdio is not usable on this bare-metal R5 (no _write backend). If printf isn’t wired to outbyte/xil_printf, these diagnostics may hang precisely when flash init fails; prefer xil_printf/outbyte-based logging for error reporting here.


    cfg = XQspiPsu_LookupConfig(XPAR_XQSPIPSU_0_BASEADDR);
    if (cfg == NULL) {
        printf("XQspiPsu LookupConfig failed\n");
        return -1;
    }
    rc = XQspiPsu_CfgInitialize(&g_qspi, cfg, cfg->BaseAddress);
    if (rc != XST_SUCCESS) {
        printf("XQspiPsu CfgInitialize failed: %d\n", rc);
        return rc;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

+    /* Register NV storage HAL (QSPI-backed, persistent). */
+    memset(&nvHal, 0, sizeof(nvHal));
+    emit("step 3: nv ram init (V1: volatile)\r\n");
+    rc = zynqmp_r5_nv_ram_init(&nvHal);
+    emit("step 4: nv init done\r\n");
+    if (rc != 0) {
+        xil_printf("ERROR: NV QSPI init failed: %d\n", rc);
+        goto error;


+#define ZCU102_R5_BUF_SIZE     0x00040000U   /* 256 KiB rpmsg buffer pool */
+
+/* QSPI NV partition (R5 owns; Linux must NOT mount). */
+#define ZCU102_FWTPM_NV_QSPI_OFFSET  0x07F00000U  /* last 1 MiB of 128 MiB */


+branch) on the Xilinx Zynq UltraScale+ MPSoC ZCU102. The fwTPM server runs
+bare-metal on the Cortex-R5 RPU pair in **lock-step mode** (RPU0+RPU1 paired
+into a single safety-class processor, 256 KB merged TCM). Persistent NV
+lives in a 64 KB QSPI flash partition. PetaLinux on the A53 APU acts as
+TPM client over **OpenAMP RPMsg** loaded via Linux `remoteproc`.


+    cmdBuf[0] = QSPI_CMD_FAST_READ_4B;
+    cmdBuf[1] = (uint8_t)(addr >> 24);
+    cmdBuf[2] = (uint8_t)(addr >> 16);
+    cmdBuf[3] = (uint8_t)(addr >> 8);
+    cmdBuf[4] = (uint8_t)(addr);
+
+    msg[0].TxBfrPtr = cmdBuf;
+    msg[0].RxBfrPtr = NULL;
+    msg[0].ByteCount = 5;
+    msg[0].BusWidth = XQSPIPSU_SELECT_MODE_SPI;
+    msg[0].Flags = XQSPIPSU_MSG_FLAG_TX;
+    msg[1].TxBfrPtr = NULL;
+    msg[1].RxBfrPtr = buf;
+    msg[1].ByteCount = size;
+    msg[1].BusWidth = XQSPIPSU_SELECT_MODE_SPI;
+    msg[1].Flags = XQSPIPSU_MSG_FLAG_RX;
+    /* FAST_READ has 1 dummy byte after address */
+    return XQspiPsu_PolledTransfer(&g_qspi, msg, 2);


+    rc = FWTPM_ProcessCommand(g_fwtpm_ctx, (const byte*)data, (int)len,
+                               g_rsp_buf, &rspSize, /*locality*/0);
+    if (rc != 0) {
+        printf("FWTPM_ProcessCommand: rc=%d\n", rc);
+        /* Send a minimal TPM error response: tag=TPM_ST_NO_SESSIONS,
+         * size=10, rc=TPM_RC_FAILURE -- this lets the client see a
+         * structured failure rather than a transport timeout. */
+        const uint8_t err[] = {
+            0x80, 0x01, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x01
+        };
+        return rpmsg_send(ept, err, sizeof(err));
+    }
+
+    return rpmsg_send(ept, g_rsp_buf, rspSize);
+}
+
+/* Linux-side endpoint deletion -- log only, fwTPM stays up. */
+static void rpmsg_unbind_cb(struct rpmsg_endpoint* ept)
+{
+    (void)ept;
+    printf("rpmsg endpoint unbound (linux client closed)\n");
+}


+P1="${DEV}1"
+P2="${DEV}2"


+(matching `firmware/fwtpm-r5/lscript.ld`), and installs:
+
+- `/usr/lib/firmware/fwtpm_r5.elf` -- the R5 firmware blob
+- `/usr/bin/fwtpm_rpmsg_test` -- the smoke-test client
+


+This README file contains information on the contents of the
+meta-user layer.
+
+Please see the corresponding sections below for details.
+


@@ -0,0 +1,5 @@
+PETALINUX_VER=2025.2
+VALIDATE_HW_CHKSUM=1
+HARDWARE_PATH=/home/davidgarske/GitHub/wolftpm-examples/Xilinx/fwtpm-zcu102-r5/hw/zcu102.xsa


+ #define BOOTENV_DEV_QSPI(devtypeu, devtypel, instance) \
+	"bootcmd_" #devtypel #instance "=sf probe " #instance " 0 0 && " \
+-		       "sf read $scriptaddr $script_offset_f $script_size_f && " \
+		       "setenv mtdids 'nor0=nor0' && " \
+		       "setenv mtdparts 'mtdparts=nor0:16m(raw),-(boot)' && " \
+		       "mtdparts && " \
+		       "ubi part boot; ubifsmount ubi0:boot; ubifsload $scriptaddr boot.scr; && " \
+		       "echo QSPI: Trying to boot script at ${scriptaddr} && " \


Add fwTPM example for Xilinx ZCU102 Cortex-R5 (lock-step)

d258b7d

dgarske self-assigned this May 12, 2026

Copilot AI review requested due to automatic review settings May 12, 2026 23:25

Copilot started reviewing on behalf of dgarske May 12, 2026 23:26 View session

Copilot AI reviewed May 12, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add fwTPM example for Xilinx ZCU102 Cortex-R5 (lock-step)#3

Add fwTPM example for Xilinx ZCU102 Cortex-R5 (lock-step)#3
dgarske wants to merge 1 commit into
mainfrom
fwtpm_zcu102_r5

dgarske commented May 12, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

		P1="${DEV}1"
		P2="${DEV}2"

Conversation

dgarske commented May 12, 2026

Summary

What's included

End-to-end verification

Architecture highlights

Known limitations / follow-ons (called out in README.md)

Bring-up notes (interesting bugs caught during dev)

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Known limitations / follow-ons (called out in `README.md`)