The following series of patches adds TPM (Trusted Platform Module) support to Qemu. An emulator for the TIS (TPM Interface Spec) interface is added that provides the basis for accessing a 'backend' implementing the actual TPM functionality. The TIS emulator serves as a 'frontend' enabling for example Linux's TPM TIS (tpm_tis) driver.
In this series I am posting a backend implementation that makes use of the host's TPM through a passthrough driver, which on Linux is accessed using /dev/tpm0. v16: - applied to checkout of 42fe1c2 (Apr 27) - followed Anthony's suggestions for v15 - changed qemu-options.hx and vl.c to not show anything TPM-related if --enable-tpm-passthrough was not used on configure line v15: - applies to checkout of 8a22565 (Mar 27) - replacing g_malloc's with g_new; no more checks for NULL after allocs - introducing usage of bottom half in TIS frontend to deliver responses - get rid of locks since global lock is held by all threads entering TIS code - cleanups v14: - applies to checkout of da5361c (Dec 12) - implemented Anthony Liguori's suggestions - dropping the version log on individual patches v13: - applies to checkout of 61a5872 (Dec 12) - only allowing character devices as fd parameter - fixing error path in tpm_tis_init v12: - applies to checkout of ebffe2a (Oct 11) - added documentation for fd parameter - nits v11: - applies to checkout of 46f3069 (Sep 28) - some filing on the documentation - small nits fixed v10: - applies to checkout of 1ce9ce6 (Sep 27) - addressed Michael Tsirkin's comments on v9 v9: - addressed Michael Tsirkin's and other reviewers' comments - only posting Andreas Niederl's passthrough driver as the backend driver v8: - applies to checkout of f0fb8b7 (Aug 30) - fixing compilation error pointed out by Andreas Niederl - adding patch that allows to feed an initial state into the libtpms TPM - following memory API changes (glib) where necessary v7: - applies to checkout of b9c6cbf (Aug 9) - measuring the modules if multiboot is used - coding style fixes v6: - applies to checkout of 75ef849 (July 2nd) - some fixes and improvements to existing patches; see individual patches - added a patch with a null driver responding to all TPM requests with a response indicating failure; this backend has no dependencies and can alwayy be built; - added a patch to support the hashing of kernel, ramfs and command line if those were passed to Qemu using -kernel, -initrd and -append respectively. Measurements are taken, logged, and passed to SeaBIOS using the firmware interface. - libtpms revision 7 now requires 83kb of block storage due to having more NVRAM space v5: - applies to checkout of 1fddfba1 - adding support for split command line using the -tpmdev ... -device ... options while keeping the -tpm option - support for querying the device models using -tpm model=? - support for monitor 'info tpm' - adding documentation of command line options for man page and web page - increasing room for ACPI tables that qemu reserves to 128kb (from 64kb) - adding (experimental) support for block migration - adding (experimental) support for taking measurements when kernel, initrd and kernel command line are directly passed to Qemu v4: - applies to checkout of d2d979c6 - more coding style fixes - adding patch for supporting blob encryption (in addition to the existing QCoW2-level encryption) - this allows for graceful termination of a migration if the target is detected to have a wrong key - tested with big and little endian hosts - main thread releases mutex while checking for work to do on behalf of backend - introducing file locking (fcntl) on the block layer for serializing access to shared (QCoW2) files (used during migration) v3: - Building a null driver at patch 5/8 that responds to all requests with an error response; subsequently this driver is transformed to the libtpms-based driver for real TPM functionality - Reworked the threading; dropped the patch for qemu_thread_join; the main thread synchronizing with the TPM thread termination may need to write data to the block storage while waiting for the thread to terminate; did not previously show a problem but is safer - A lot of testing based on recent git checkout 4b4a72e5 (4/10): - migration of i686 VM from x86_64 host to i686 host to ppc64 host while running tests inside the VM - tests with S3 suspend/resume - tests with snapshots - multiple-hour tests with VM suspend/resume (using virsh save/restore) while running a TPM test suite inside the VM All tests passed; [not all of them were done on the ppc64 host] v2: - splitting some of the patches into smaller ones for easier review - fixes in individual patches Regards, Stefan Stefan Berger (7): Support for TPM command line options Add TPM (frontend) hardware interface (TPM TIS) to Qemu Add a debug register Build the TPM frontend code Add a TPM Passthrough backend driver implementation Introduce --enable-tpm-passthrough configure option Add fd parameter for TPM passthrough driver Makefile.target | 3 + configure | 28 ++ hmp-commands.hx | 2 + hmp.c | 28 ++ hmp.h | 1 + hw/tpm_backend.c | 58 ++++ hw/tpm_backend.h | 43 +++ hw/tpm_passthrough.c | 436 ++++++++++++++++++++++++ hw/tpm_tis.c | 892 ++++++++++++++++++++++++++++++++++++++++++++++++++ hw/tpm_tis.h | 78 +++++ monitor.c | 8 + qapi-schema.json | 29 ++ qemu-config.c | 25 ++ qemu-options.hx | 74 +++++ tpm.c | 231 +++++++++++++ tpm.h | 114 +++++++ vl.c | 19 + 17 files changed, 2069 insertions(+), 0 deletions(-) create mode 100644 hw/tpm_backend.c create mode 100644 hw/tpm_backend.h create mode 100644 hw/tpm_passthrough.c create mode 100644 hw/tpm_tis.c create mode 100644 hw/tpm_tis.h create mode 100644 tpm.c create mode 100644 tpm.h -- 188.8.131.52