subject:"\[Qemu\-devel\] \[PATCH\] SeaBios\/vTPM\: Enable Xen stubdom vTPM for HVM virtual machine"

Re: [Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

2015-03-11 Thread Kevin O'Connor

On Tue, Mar 10, 2015 at 08:16:03AM -0400, Quan Xu wrote:
 This patch series are only the SeaBios part to enable stubdom vTPM for HVM
 virtual machine. It will work with Qemu patch series and Xen patch series.
 
 
 *INTRODUCTION*
 
 The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM 
 functionality
 to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This allows 
 programs
 to interact with a TPM in a virtual machine the same way they interact with a 
 TPM
 on the physical system. Each virtual machine gets its own unique, emulated, 
 software
 TPM. Each major component of vTPM is implemented as a stubdom, providing 
 secure
 separation guaranteed by the hypervisor.
 
 The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual 
 machine
 to use. It is a small wrapper around the Berlios TPM emulator. TPM commands 
 are passed
 from mini-os TPM backend driver.

Thanks.  Does this seabios patch require additional seabios patches
before it is useful?  Does it depend on upstream patches in Xen/QEMU
that are not yet committed?

-Kevin

Re: [Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

2015-03-11 Thread Xu, Quan

 -Original Message-
 From: Kevin O'Connor [mailto:ke...@koconnor.net]
 Sent: Thursday, March 12, 2015 3:49 AM
 To: Xu, Quan; seab...@seabios.org
 Cc: stefano.stabell...@eu.citrix.com; stef...@linux.vnet.ibm.com;
 qemu-devel@nongnu.org; xen-de...@lists.xen.org
 Subject: Re: [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual
 machine

 On Tue, Mar 10, 2015 at 08:16:03AM -0400, Quan Xu wrote:
  This patch series are only the SeaBios part to enable stubdom vTPM for
  HVM virtual machine. It will work with Qemu patch series and Xen patch 
  series.

  *INTRODUCTION*

  The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
  functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows
  .etc). This allows programs to interact with a TPM in a virtual
  machine the same way they interact with a TPM on the physical system.
  Each virtual machine gets its own unique, emulated, software TPM. Each
  major component of vTPM is implemented as a stubdom, providing secure
 separation guaranteed by the hypervisor.

  The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
  virtual machine to use. It is a small wrapper around the Berlios TPM
  emulator. TPM commands are passed from mini-os TPM backend driver.

 Thanks.  Does this seabios patch require additional seabios patches before it 
 is
 useful?  Does it depend on upstream patches in Xen/QEMU that are not yet
 committed?

 -Kevin

Kevin, 
 Thanks for your reply.
 It doesn't require additional seabios patches before it is useful. These 
patches 
Should work with:
  [PATCH v3 0/7] vTPM: Xen stubdom vTPM for HVM virtual machine   
--(Xen patch)
  [PATCH v4 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine   
--(Qemu patch)

I have committed but not upstream. I will forward them to you at next thread. 

Thanks

[Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

2015-03-10 Thread Quan Xu

Signed-off-by: Quan Xu quan...@intel.com
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
 Makefile   |   2 +-
 src/post.c |   3 +
 src/tpm.c  | 309 +
 src/tpm.h  | 141 
 4 files changed, 454 insertions(+), 1 deletion(-)
 create mode 100644 src/tpm.c
 create mode 100644 src/tpm.h

diff --git a/Makefile b/Makefile
index eecb8a1..945e997 100644
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,7 @@ SRCBOTH=misc.c stacks.c output.c string.c block.c cdrom.c 
disk.c mouse.c kbd.c \
 hw/virtio-ring.c hw/virtio-pci.c hw/virtio-blk.c hw/virtio-scsi.c \
 hw/lsi-scsi.c hw/esp-scsi.c hw/megasas.c
 SRC16=$(SRCBOTH)
-SRC32FLAT=$(SRCBOTH) post.c memmap.c malloc.c romfile.c x86.c optionroms.c \
+SRC32FLAT=$(SRCBOTH) post.c memmap.c malloc.c romfile.c tpm.c x86.c 
optionroms.c \
 pmm.c font.c boot.c bootsplash.c jpeg.c bmp.c \
 hw/ahci.c hw/pvscsi.c hw/usb-xhci.c hw/usb-hub.c \
 fw/coreboot.c fw/lzmadecode.c fw/csm.c fw/biostables.c \
diff --git a/src/post.c b/src/post.c
index 0fdd28e..8cb1abd 100644
--- a/src/post.c
+++ b/src/post.c
@@ -28,6 +28,7 @@
 #include output.h // dprintf
 #include string.h // memset
 #include util.h // kbd_init
+#include tpm.h //vtpm4hvm_setup
 
 
 /
@@ -151,6 +152,8 @@ device_hardware_setup(void)
 esp_scsi_setup();
 megasas_setup();
 pvscsi_setup();
+if (runningOnXen())
+vtpm4hvm_setup();
 }
 
 static void
diff --git a/src/tpm.c b/src/tpm.c
new file mode 100644
index 000..a834d30
--- /dev/null
+++ b/src/tpm.c
@@ -0,0 +1,309 @@
+/*
+ * Implementation of a TPM driver for the TPM TIS interface
+ *
+ * Copyright (C) 2006-2013 IBM Corporation
+ * Copyright (C) 2015 Intel Corporation
+ *
+ * Authors:
+ * Stefan Berger stef...@linux.vnet.ibm.com
+ * Quan Xu quan...@intel.com
+ *
+ * This file may be distributed under the terms of the GNU
+ * LGPLv3 license.
+ */
+
+#include config.h
+#include util.h
+#include tpm.h
+
+static u32 tis_default_timeouts[4] = {
+TIS_DEFAULT_TIMEOUT_A,
+TIS_DEFAULT_TIMEOUT_B,
+TIS_DEFAULT_TIMEOUT_C,
+TIS_DEFAULT_TIMEOUT_D,
+};
+
+static u32 tpm_default_durations[3] = {
+TPM_DEFAULT_DURATION_SHORT,
+TPM_DEFAULT_DURATION_MEDIUM,
+TPM_DEFAULT_DURATION_LONG,
+};
+
+
+/* if device is not there, return '0', '1' otherwise */
+static u32 tis_probe(void)
+{
+u32 rc = 0;
+u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));
+
+if ((didvid != 0)  (didvid != 0x))
+rc = 1;
+
+return rc;
+}
+
+static u32 tis_init(void)
+{
+writeb(TIS_REG(0, TIS_REG_INT_ENABLE), 0);
+
+if (tpm_drivers[TIS_DRIVER_IDX].durations == NULL) {
+u32 *durations = malloc_low(sizeof(tpm_default_durations));
+if (durations)
+memcpy(durations, tpm_default_durations,
+   sizeof(tpm_default_durations));
+else
+durations = tpm_default_durations;
+tpm_drivers[TIS_DRIVER_IDX].durations = durations;
+}
+
+if (tpm_drivers[TIS_DRIVER_IDX].timeouts == NULL) {
+u32 *timeouts = malloc_low(sizeof(tis_default_timeouts));
+if (timeouts)
+memcpy(timeouts, tis_default_timeouts,
+   sizeof(tis_default_timeouts));
+else
+timeouts = tis_default_timeouts;
+tpm_drivers[TIS_DRIVER_IDX].timeouts = timeouts;
+}
+
+return 1;
+}
+
+
+static void set_timeouts(u32 timeouts[4], u32 durations[3])
+{
+u32 *tos = tpm_drivers[TIS_DRIVER_IDX].timeouts;
+u32 *dus = tpm_drivers[TIS_DRIVER_IDX].durations;
+
+if (tos  tos != tis_default_timeouts  timeouts)
+memcpy(tos, timeouts, 4 * sizeof(u32));
+if (dus  dus != tpm_default_durations  durations)
+memcpy(dus, durations, 3 * sizeof(u32));
+}
+
+
+static u32 tis_wait_sts(u8 locty, u32 time, u8 mask, u8 expect)
+{
+u32 rc = 1;
+
+while (time  0) {
+u8 sts = readb(TIS_REG(locty, TIS_REG_STS));
+if ((sts  mask) == expect) {
+rc = 0;
+break;
+}
+msleep(1);
+time--;
+}
+return rc;
+}
+
+static u32 tis_activate(u8 locty)
+{
+u32 rc = 0;
+u8 acc;
+int l;
+u32 timeout_a = tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_A];
+
+if (!(readb(TIS_REG(locty, TIS_REG_ACCESS)) 
+  TIS_ACCESS_ACTIVE_LOCALITY)) {
+/* release locality in use top-downwards */
+for (l = 4; l = 0; l--)
+writeb(TIS_REG(l, TIS_REG_ACCESS),
+   TIS_ACCESS_ACTIVE_LOCALITY);
+}
+
+/* request access to locality */
+writeb(TIS_REG(locty, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE);
+
+acc = readb(TIS_REG(locty, TIS_REG_ACCESS));
+if ((acc  TIS_ACCESS_ACTIVE_LOCALITY)) {
+writeb(TIS_REG(locty, TIS_REG_STS), TIS_STS_COMMAND_READY);
+rc = tis_wait_sts(locty, timeout_a,
+

[Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

2015-03-10 Thread Quan Xu

This patch series are only the SeaBios part to enable stubdom vTPM for HVM
virtual machine. It will work with Qemu patch series and Xen patch series.


*INTRODUCTION*

The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM 
functionality
to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This allows programs
to interact with a TPM in a virtual machine the same way they interact with a 
TPM
on the physical system. Each virtual machine gets its own unique, emulated, 
software
TPM. Each major component of vTPM is implemented as a stubdom, providing secure
separation guaranteed by the hypervisor.

The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual 
machine
to use. It is a small wrapper around the Berlios TPM emulator. TPM commands are 
passed
from mini-os TPM backend driver.


Signed-off-by: Quan Xu quan...@intel.com
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com

Quan Xu (1):
  SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

 Makefile   |   2 +-
 src/post.c |   3 +
 src/tpm.c  | 309 +
 src/tpm.h  | 141 
 4 files changed, 454 insertions(+), 1 deletion(-)
 create mode 100644 src/tpm.c
 create mode 100644 src/tpm.h

-- 
1.8.1.2

Re: [Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

Re: [Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

[Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

[Qemu-devel] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine

4 matches

Site Navigation

Mail list logo

Footer information