element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • About Us
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Industrial Automation
  • Technologies
  • More
Industrial Automation
Blog Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse
  • Blog
  • Forum
  • Documents
  • Quiz
  • Events
  • Polls
  • Files
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
Join Industrial Automation to participate - click to join for free!
  • Share
  • More
  • Cancel
Group Actions
  • Group RSS
  • More
  • Cancel
Engagement
  • Author Author: Jan Cumps
  • Date Created: 14 Dec 2021 4:52 PM Date Created
  • Views 28524 views
  • Likes 5 likes
  • Comments 4 comments
  • raspberry
  • infineon
  • slb9670
  • eclipse
  • trusted_platform_module
  • bullseye
  • tpm
Related
Recommended

Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse

Jan Cumps
Jan Cumps
14 Dec 2021
Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse

How to Write and Build TPM enabled applications on your laptop. 
Then automatically deploy them to your Raspberry Pi and remotely debug.

image

Goal: Develop on a PC with Eclipse, execute on the Pi

Activities:

  • install a C toolchain for ARM on your (Windows) development PC
  • collect the TSS include files and libraries that we built earlier on the Pi
  • install and configure a debug server on the Pi
  • create an Eclipse C project, compile the code and build a Linux / ARM native executable
  • create a Debug target that uploads the executable to the Pi, starts a debug server on that Pi, and then lets Eclipse on your dev PC connect to it
  • Test all of this

Complexity level: All steps are easy.

The TPM Trusted Software Stack comes witch command line tools. But in essence they are a set of APIs.
These let you talk to TPM providers on Linux platforms.
The Infinion TSS application note for the SLx6970 comes with a set of C examples.
You can build them on the Raspberry Pi, execute them and see the output.

image
image: part of the application note TSS Programming section

I'd like to be able to do my development and build on a development PC. And debug my work from that same PC.
That's not difficult. Setting up cross-compile and remote debug toolchains for a Pi is a documented exercise.
I'm checking what's needed to get everything working, compile, link and debug.

image
image: end goal, a Linux C program compiled and linked on a Windows PC and Eclipse, with an active debug session

Cross Compile toolchain

You only have to do this once.

Install the Prebuilt Windows Toolchain for Raspberry Pi. Take the one that matches your Raspberry OS. In my case raspios-bullseye.
Remember where you install it. The location is needed in Eclipse in the next step.
I didn't let the installer add the binary directories to my path. It's not required. And my development PC is full of toolchains; adding some of them to the path gives unpredictable effects.
So I selected All Users (feel free to select current user), Hard Links and Do not add to Path.
What you've achieved is that you have a toolchain now with sysroot. The prebuilt Pi toolchain includes the necessary dependencies for your program, out of box. 

Download TSS libraries and include files

You only have to do this once.

When you follow Infineon's app note, you'll download a number of source files from GitHub. And a set of libraries is generated on your Pi.

They are needed on your Pi to execute programs that use TSS. 
On your development PC, you need the include files, because your program needs to know the TSS APIs and structures.
And you need a copy of the TSS libraries, so that the linker knows how to generate an executable program.

You'll need access to the Pi's file system. I'm using WinSCP for that. 
On your development PC, you create two folders. One to contain the libraries and one for the headers.

Libraries

Navigate to /usr/local/lib. This is the location where your TSS libraries are generated, when you follow the instructions in Chapter 4 of Infineon's app note.
Copy all files in that directory to the local lib folder you created on your PC.

image

Here's a way to find libraries on the Pi - if you ever need to locate a different one (I used cryptsetup as example):
sudo find / | grep libcryptsetup

Header files

Navigate to /home/pi/tssSetup/tpm2-tss/include.
Copy the tss folder and its subfolders to the include folder you created on your PC.

image

Remember the locations. We'll use them in our Eclipse projects.

Install and configure GDBSERVER on the Pi

You only have to do this once.

On most RaspiOS's, GDBSERVER isn't installed by default. Install it.

sudo apt-get install gdbserver

slight security warning: perform the following steps only on a development Pi.
This script has no place on a device that's accessible by someone else.
In essence, it does not add additional risks on a default Pi install, because only accounts that can execute sudo and connect to your pi, can execute this script.
Still, don't .
If you don't like this script, you can always start the gdbserver session manually on the Pi with sudo powers.

Our debug server needs to run with elevated rights. The pi user can't access the TPM driver.
It's started remotely from your development PC, each time you start a debug session.
We'll create a wrapper shell script that runs the gdbserver as sudo, with all parameters just passed through.

mkdir ~/bin
nano ~/bin/gdbserver_sudo

Enter these 2 lines of code:

#!/bin/bash
sudo gdbserver "$@"


Then Exit and save: CTRL-X -> Y  -> ENTER.
Make the script executable:

chmod +x ~/bin/gdbserver_sudo

That's it. On a Pi, this will now run your debug session as root.

Create an Eclipse project for the first example createPrimaryKey_FAPI.c

You do this once per project / executable. You can later copy this if you create new programs.

New Project

Open Eclipse on your development PC, create a new project
image

Select C project. Give it a name.
Select Empty Project, Cross GCC

image

Click next until the wizard asks for the toolchain.

image

Prefix: arm-none-linux-gnueabihf-
Path: the bin folder of the location where you installed the Cross Compile toolchain.

See comment of skruglewicz below. The Prefix can be different for each version of the toolchain.

Confirm. Eclipse opens your project.

Add example source

Create a new source folder in your project.
Copy the Infineon example createPrimaryKey_FAPI.c (the examples are part of the application note archive), and paste it in the source folder.

image

Configure includes

Right click on the project, select Properties.
Navigate to C/C++ Build -> Settings -> Tools Settings -> Cross GCC Compiler -> Includes
Add the path to the includes subdirectory of the location where you copied the tss includes.
You can use the File system... button to browse and select the folder. Eclipse will automatically turn that into a valid path for Make

image

Configure libraries

In the same dialog, navigate to Cross GCC Linker -> Libraries.
Add the path to the location where you copied the tss libraries.
You can use the File system... button again.

image

Then add the following libraries:

tss2-fapi
tss2-mu
tss2-esys
tss2-tctildr
tss2-sys

Configure Make

Navigate to C/C++ Build -> Builder Settings and select the internal builder.

image

OK all changes now, until the dialog closes.

Build the Linux Executable

You do this every time you make a change to your sources

If all steps were done correctly, you should now be able to compile the source and let Eclipse build the Linux executable.
Right-click the project, select Build Project.
Check the console:

image

You'll find the binary in the Debug subfolder of your project.

Remote Debug the Executable on the Pi

You only have to do this once per project. For next projects, if you prefer, you can duplicate and adapt.

This is showtime. We can ask Eclipse to deploy the executable on the Pi, then start the debug service on the Pi for it.
The Raspberry Pi has to run at this point, because we'll connect to it.

Right click on the project, select Debug As -> Debug configurations ...

image

Create new C/C++ Remote Application configuration

image

Main settings:

image

Create a New Connection

image

Enter your Pi's host name and your user name. Configure either your pi user password or your public key. Whatever authentication, you prefer.
Confirm.

Select the working directory on the Pi, where Eclipse will upload your binary.
I used the folder that's created as part of the Infineon app note.
You can use the Browse button in Eclipse to navigate to there. That's a good first test to see if the connection works.

image

Debug settings:

Navigate to Debugger -> Main, and select the name of the gdb executable of your Cross Compile toolchain

image

GDB debugger: arm-linux-gnueabihf-gdb

See comment of skruglewicz below. The Prefix can be different for each version of the toolchain.

Then we tell eclipse to call our gdbserver wrapper on the Pi, instead of the gdbserver itself.
(refresher: this is because the debugger needs to run as sudo, and our wrapper does that)

Navigate to Debugger -> Gdbserver Settings

image

Gdbserver path: /home/pi/bin/gdbserver_sudo

That's it. If you now click the Debug button, the magic should happen:
Eclipse uploads your binary and makes it executable
Then it starts the remote debug session for your program.
It stops on the first source line  of the program's main().

image

At this point, your development cycle is identical to debugging a local application.
You can build and debug applications with TPM functionality on your resource-rich development PC, in an IDE.
You test everything on the real target hardware.

Next time you want to debug this project, you can just reuse this configuration to start a new debug session.

Enjoy.

The Python SDK with On Semiconductor RSL10 BLE article series Industry
part 1: overview and goal
part 2: WiFi Provisioning
part 3: Adding a Module (RSL10)
part 4: Talk BLE to the On Semi RSL10 Sensor Kit
part 5: A Cloud User Experience Example
part 6: Register as a Gateway Device
part 7: Register a Gateway and Client Devices
part 8: Get BLE Image from Camera and Send to Cloud
The NODE-Red SDK article series Industry
part 1: overview and goal
register a Thing and connect to IoTConnect.io cloud
part 2: create an account and log on to the portal
part 3: set up the thing and its interface in the cloud
part 4: set up Node-RED and first exchange
interact with IoTConnect.io cloud
part 5: online dashboard
part 6: rules and alerts
part 7: messages and commands from the cloud
safer connections with certificates
part 8a: safer connect with Self Signed Certificates
part 8b: safer connect with CA certificates Y
commercial and industrial scale: outsource certificate generation and programming to subcontractors and suppliers
part 9a: Outsource Certificate Signing in IIoT Supply Chain Y
part 9b: IIoT supply chain and Certificates - Create Ca Root certificate, Load to IoTConnect Cloud and Validate Y
part 9c: IIoT supply chain and Certificates - Create an Intermediate CA Certificate for your Subcontractor Y
part 9d: IIoT supply chain and Certificates - Subcontractor Generates a Thing Certificate for Your Device Y
part 9e: IIoT supply chain and Certificates - Test! Y
commercial and industrial scale: Trusted Platform Module (TPM) Authentication
part 10: Trusted Platform Module (TPM) Security Y
Infineon SLx9670 Trusted Platform Module (TPM) for IoT Security Y
Infineon Trust Platform Module + Raspberry Pi 3 B - Review (road test) Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part1: OS and Azure Cloud validation Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part2: Trusted Software Stack (tss) Y
Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse Y
part 11: Act as Gateway with Clients Y
The Automate Device Provisioning and Cloud Configuration article series Industry
Automatic Provisioning with REST API Y

  • Sign in to reply

Top Comments

  • Jan Cumps
    Jan Cumps over 3 years ago in reply to skruglewicz +1
    Are you using Buster OS and Toolchain? That could explain why the prefix is different - if it's a different version of the gnu tools.
  • Jan Cumps
    Jan Cumps over 3 years ago in reply to skruglewicz

    I'm eating my own cake.
    In the Sound and Vibration Measurement Hat for Raspberry Pi roadtest, the kit comes with Python and C examples.
    I checked if I could build one of the C examples.
    The answer is yes. I needed to copy over the dependencies: LIB and include headers for the toolkit. Then I could build and debug:


    image

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • skruglewicz
    skruglewicz over 3 years ago in reply to Jan Cumps

    Yes... I'm using buster not Bullseye.. that explains it...Thanks

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Jan Cumps
    Jan Cumps over 3 years ago in reply to skruglewicz

    Are you using Buster OS and Toolchain?
    That could explain why the prefix is different - if it's a different version of the gnu tools. 

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • skruglewicz
    skruglewicz over 3 years ago

    I just finished  going thru this blog.post

     Jan Cumps has done a great job on accomplishing 

    "How to Write and Build TPM enabled applications on your laptop. Then automatically deploy them to your Raspberry Pi and remotely debug."

    I finished every step and when I came to the end of the post, it worked the first time! Thanks for posting this. Great job....

    I only had a minor problem in the section 

    create an Eclipse C project, compile the code and build a Linux / ARM native executable

    In the following part:

    Click next until the wizard asks for the toolchain.

    image

    Prefix: arm-none-linux-gnueabihf-
    Path: the bin folder of the location where you installed the Cross Compile toolchain.

    I kept on getting a build error indicating that it could not Run program arm-none-linux-gnueabihf-gcc. It could not find the gcc?

    I looked in the \bin directory and I realized that My Prefix on my install was different. There was no "-none-" in the name. I changed it to "arm-linux-gnueabihf-" and was able to move on.

    I highly recommend going thru this exercise if your interested in in cross-compile and remote debugging PI code from the PC.

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube