[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] TPM: add CRB device

From: Stefan Berger
Subject: Re: [Qemu-devel] [PATCH] TPM: add CRB device
Date: Thu, 4 Jan 2018 16:44:29 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 01/04/2018 11:02 AM, Marc-André Lureau wrote:

----- Original Message -----
On 12/22/2017 09:55 AM, Marc-André Lureau wrote:
tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB)
Interface as defined in TCG PC Client Platform TPM Profile (PTP)
Specification Family “2.0” Level 00 Revision 01.03 v22.

The PTP allows device implementation to switch between TIS and CRB
model at run time, but given that CRB is a simpler device to
implement, I chose to implement it as a different device.

The device doesn't implement other locality than 0 for now (my laptop
TPM doesn't either, so I assume this isn't so bad)

The command/reply memory region is statically allocated after the CRB
registers address TPM_CRB_ADDR_BASE + sizeof(struct crb_regs) (I
wonder if the BIOS could or should allocate it instead, or what size
to use, again this seems to fit well expectations)

The PTP doesn't specify a particular bus to put the device. So I added
it on the system bus directly, so it could hopefully be used easily on
a different platform than x86. Currently, it fails to init on piix,
because error_on_sysbus_device() check. The check may be changed in a
near future, see discussion on the qemu-devel ML.

Tested with some success with Linux upstream and Windows 10, seabios &
modified ovmf. The device is recognized and correctly transmit
command/response with passthrough & emu.
When you say 'some success', you mean that a test suite wasn't passing
all tests, right? I didn't run the test suite so far, but what I tested
looks good to me so far.
I don't have a test suite, and I don't have much clue how to use a TPM for real 
on Linux.

We have one ACPI part missing in the implementation and that's this
mailbox thing that allows one to send a code to the firmware that the
firmware then reads and acts upon and reconfigures the TPM during the
next warm-boot.


It was challenging to implement this interface 'back then' using ACPI's
AML, but now it's even more low level with the programming interface.

I know we have to wait for that other patch. Nevertheless ...
Oh, so PPI is mandatory for CRB devices? Are you going to implement it?

Not sure whether it is mandatory. At some point we should have an implementation for it. Since the ACPI will be generated by QEMU, the firmwares reacting to the codes need to understand it. All firmwares running x86 VMs need to be in sync with that ACPI or at least be able to recognize it. There are SeaBIOS and UEFI (Tianocore) from what I know. SeaBIOS doesn't have an implementation (besides a previously posted prototype). I don't know about Tianocore...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]