Looking at Pluton again. Brief reminder that the current Pluton firmware exposes two devices: a TPM compatible device and a "Hardware Security Processor". I've dealt with the first, so today I'm looking at the second.
The Windows driver for this seems pretty boilerplate. It doesn't appear to hook into any OS internals, and instead just offers an ioctl() interface to userland. There's only two commands offered, and both just seem to pass the data through to the chip.
So, to figure out what it actually does, I need some userland code that makes use of it. Anyone seen any?
(But, anyway, there's no indication in the driver that the chip can actively involve itself in any kind of policy decision - no event code in the driver calls into other parts of the OS, for instance)
Oh wait of course there's an existing pile of driver code in Azure Sphere, so with luck the mailbox protocol is much the same…
