Re: [U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation
On 11/27/21 02:38, Tom Rini wrote:
On Wed, Nov 24, 2021 at 08:33:42AM +0100, Heinrich Schuchardt wrote:
On 11/24/21 08:23, Ilias Apalodimas wrote:
Hi Heinrich,
On Mon, 15 Nov 2021 at 12:11, Heinrich Schuchardt
wrote:
Provide a QEMU helper script to launch swtpm and add extra parameters to
conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
Signed-off-by: Heinrich Schuchardt
---
bin/qemu.swtpm | 19 +++
bin/travis-ci/conf.qemu_arm64_na | 3 ++-
bin/travis-ci/conf.qemu_arm_na | 3 ++-
3 files changed, 23 insertions(+), 2 deletions(-)
create mode 100755 bin/qemu.swtpm
diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
new file mode 100755
index 000..089feba
--- /dev/null
+++ b/bin/qemu.swtpm
@@ -0,0 +1,19 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-2
+#
+# This script launches swtpm to emulate a TPMv2. The parameter -t makes it
+# unload when the connection to QEMU is terminated. To make use of it add
+#
+# qemu_helper_script="swtpm"
+#
+# to the board script and the following arguments to qemu_extra_args
+#
+# -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
+# -tpmdev emulator,id=tpm0,chardev=chrtpm \
+# -device tpm-tis-device,tpmdev=tpm0
+#
+# U-Boot must be built with CONFIG_TPM2_MMIO=y.
+
+mkdir -p /tmp/tpm
+swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
+--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
Nit pick the & can be '-d'
Daemonizing will ensure that we don't get console output. I will change
this.
diff --git a/bin/travis-ci/conf.qemu_arm64_na b/bin/travis-ci/conf.qemu_arm64_na
index e7c9426..14577d8 100644
--- a/bin/travis-ci/conf.qemu_arm64_na
+++ b/bin/travis-ci/conf.qemu_arm64_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-aarch64"
-qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci"
+qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
reset_impl=none
flash_impl=none
diff --git a/bin/travis-ci/conf.qemu_arm_na b/bin/travis-ci/conf.qemu_arm_na
index 0f07c80..de0694d 100644
--- a/bin/travis-ci/conf.qemu_arm_na
+++ b/bin/travis-ci/conf.qemu_arm_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-arm"
-qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR}
-device e1000,netdev=net0 -device virtio-rng-pci"
+qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR}
-device e1000,netdev=net0 -device virtio-rng-pci -chardev
socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device
tpm-tis-device,tpmdev=tpm0"
Just a note here 'tpm-tis-device' works for arm. If we evenr need
this on x86 it's 'tpm-tis'
This file is ARM specific.
Sure, but it's worth noting since if we can also use these features and
tests on qemu-x86_64 we should. Doesn't need to be to start with tho.
And I will apply this shortly.
The current version of this patch is:
[v2,1/1] Enable TPMv2 emulation
https://patchwork.ozlabs.org/project/uboot/patch/20211124081251.59511-1-heinrich.schucha...@canonical.com/
On x86 we don't have support for the emulated TPM in U-Boot. According
to the QEMU documentation you would have to parse ACPI tables to detect
if a TPM is made available by QEMU. Maybe you could instead define it in
arch/x86/dts/qemu-x86_i440fx.dts.
Cf. https://qemu-project.gitlab.io/qemu/specs/tpm.html#acpi-interface
Once that work is done we should enable the TPM emulation on x86 in the
U-Boot test hooks.
This will be the required settings:
qemu_helper_script="swtpm"
qemu_extra_args="-nographic -cpu qemu64 -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0
-chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
Best regards
Heinrich
Re: [U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation
On Wed, Nov 24, 2021 at 08:33:42AM +0100, Heinrich Schuchardt wrote:
> On 11/24/21 08:23, Ilias Apalodimas wrote:
> > Hi Heinrich,
> >
> > On Mon, 15 Nov 2021 at 12:11, Heinrich Schuchardt
> > wrote:
> > >
> > > Provide a QEMU helper script to launch swtpm and add extra parameters to
> > > conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
> > >
> > > Signed-off-by: Heinrich Schuchardt
> > > ---
> > > bin/qemu.swtpm | 19 +++
> > > bin/travis-ci/conf.qemu_arm64_na | 3 ++-
> > > bin/travis-ci/conf.qemu_arm_na | 3 ++-
> > > 3 files changed, 23 insertions(+), 2 deletions(-)
> > > create mode 100755 bin/qemu.swtpm
> > >
> > > diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
> > > new file mode 100755
> > > index 000..089feba
> > > --- /dev/null
> > > +++ b/bin/qemu.swtpm
> > > @@ -0,0 +1,19 @@
> > > +#!/bin/sh
> > > +# SPDX-License-Identifier: BSD-2
> > > +#
> > > +# This script launches swtpm to emulate a TPMv2. The parameter -t makes
> > > it
> > > +# unload when the connection to QEMU is terminated. To make use of it add
> > > +#
> > > +# qemu_helper_script="swtpm"
> > > +#
> > > +# to the board script and the following arguments to qemu_extra_args
> > > +#
> > > +# -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
> > > +# -tpmdev emulator,id=tpm0,chardev=chrtpm \
> > > +# -device tpm-tis-device,tpmdev=tpm0
> > > +#
> > > +# U-Boot must be built with CONFIG_TPM2_MMIO=y.
> > > +
> > > +mkdir -p /tmp/tpm
> > > +swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
> > > +--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
> >
> > Nit pick the & can be '-d'
>
> Daemonizing will ensure that we don't get console output. I will change
> this.
>
> >
> > > diff --git a/bin/travis-ci/conf.qemu_arm64_na
> > > b/bin/travis-ci/conf.qemu_arm64_na
> > > index e7c9426..14577d8 100644
> > > --- a/bin/travis-ci/conf.qemu_arm64_na
> > > +++ b/bin/travis-ci/conf.qemu_arm64_na
> > > @@ -22,8 +22,9 @@
> > >
> > > console_impl=qemu
> > > qemu_machine="virt"
> > > +qemu_helper_script="swtpm"
> > > qemu_binary="qemu-system-aarch64"
> > > -qemu_extra_args="-cpu cortex-a57 -nographic -netdev
> > > user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0
> > > -device virtio-rng-pci"
> > > +qemu_extra_args="-cpu cortex-a57 -nographic -netdev
> > > user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0
> > > -device virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock
> > > -tpmdev emulator,id=tpm0,chardev=chrtpm -device
> > > tpm-tis-device,tpmdev=tpm0"
> > > qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
> > > reset_impl=none
> > > flash_impl=none
> > > diff --git a/bin/travis-ci/conf.qemu_arm_na
> > > b/bin/travis-ci/conf.qemu_arm_na
> > > index 0f07c80..de0694d 100644
> > > --- a/bin/travis-ci/conf.qemu_arm_na
> > > +++ b/bin/travis-ci/conf.qemu_arm_na
> > > @@ -22,8 +22,9 @@
> > >
> > > console_impl=qemu
> > > qemu_machine="virt"
> > > +qemu_helper_script="swtpm"
> > > qemu_binary="qemu-system-arm"
> > > -qemu_extra_args="-nographic -netdev
> > > user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0
> > > -device virtio-rng-pci"
> > > +qemu_extra_args="-nographic -netdev
> > > user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0
> > > -device virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock
> > > -tpmdev emulator,id=tpm0,chardev=chrtpm -device
> > > tpm-tis-device,tpmdev=tpm0"
> >
> > Just a note here 'tpm-tis-device' works for arm. If we evenr need
> > this on x86 it's 'tpm-tis'
>
> This file is ARM specific.
Sure, but it's worth noting since if we can also use these features and
tests on qemu-x86_64 we should. Doesn't need to be to start with tho.
And I will apply this shortly.
--
Tom
signature.asc
Description: PGP signature
Re: [U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation
On 11/24/21 08:23, Ilias Apalodimas wrote:
Hi Heinrich,
On Mon, 15 Nov 2021 at 12:11, Heinrich Schuchardt
wrote:
Provide a QEMU helper script to launch swtpm and add extra parameters to
conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
Signed-off-by: Heinrich Schuchardt
---
bin/qemu.swtpm | 19 +++
bin/travis-ci/conf.qemu_arm64_na | 3 ++-
bin/travis-ci/conf.qemu_arm_na | 3 ++-
3 files changed, 23 insertions(+), 2 deletions(-)
create mode 100755 bin/qemu.swtpm
diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
new file mode 100755
index 000..089feba
--- /dev/null
+++ b/bin/qemu.swtpm
@@ -0,0 +1,19 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-2
+#
+# This script launches swtpm to emulate a TPMv2. The parameter -t makes it
+# unload when the connection to QEMU is terminated. To make use of it add
+#
+# qemu_helper_script="swtpm"
+#
+# to the board script and the following arguments to qemu_extra_args
+#
+# -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
+# -tpmdev emulator,id=tpm0,chardev=chrtpm \
+# -device tpm-tis-device,tpmdev=tpm0
+#
+# U-Boot must be built with CONFIG_TPM2_MMIO=y.
+
+mkdir -p /tmp/tpm
+swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
+--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
Nit pick the & can be '-d'
Daemonizing will ensure that we don't get console output. I will change
this.
diff --git a/bin/travis-ci/conf.qemu_arm64_na b/bin/travis-ci/conf.qemu_arm64_na
index e7c9426..14577d8 100644
--- a/bin/travis-ci/conf.qemu_arm64_na
+++ b/bin/travis-ci/conf.qemu_arm64_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-aarch64"
-qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci"
+qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
reset_impl=none
flash_impl=none
diff --git a/bin/travis-ci/conf.qemu_arm_na b/bin/travis-ci/conf.qemu_arm_na
index 0f07c80..de0694d 100644
--- a/bin/travis-ci/conf.qemu_arm_na
+++ b/bin/travis-ci/conf.qemu_arm_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-arm"
-qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR}
-device e1000,netdev=net0 -device virtio-rng-pci"
+qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR}
-device e1000,netdev=net0 -device virtio-rng-pci -chardev
socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device
tpm-tis-device,tpmdev=tpm0"
Just a note here 'tpm-tis-device' works for arm. If we evenr need
this on x86 it's 'tpm-tis'
This file is ARM specific.
Best regards
Heinrich
qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
reset_impl=none
flash_impl=none
--
2.32.0
Other than that
Reviewed-by: Ilias Apalodimas
Re: [U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation
Hi Heinrich,
On Mon, 15 Nov 2021 at 12:11, Heinrich Schuchardt
wrote:
>
> Provide a QEMU helper script to launch swtpm and add extra parameters to
> conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
>
> Signed-off-by: Heinrich Schuchardt
> ---
> bin/qemu.swtpm | 19 +++
> bin/travis-ci/conf.qemu_arm64_na | 3 ++-
> bin/travis-ci/conf.qemu_arm_na | 3 ++-
> 3 files changed, 23 insertions(+), 2 deletions(-)
> create mode 100755 bin/qemu.swtpm
>
> diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
> new file mode 100755
> index 000..089feba
> --- /dev/null
> +++ b/bin/qemu.swtpm
> @@ -0,0 +1,19 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: BSD-2
> +#
> +# This script launches swtpm to emulate a TPMv2. The parameter -t makes it
> +# unload when the connection to QEMU is terminated. To make use of it add
> +#
> +# qemu_helper_script="swtpm"
> +#
> +# to the board script and the following arguments to qemu_extra_args
> +#
> +# -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
> +# -tpmdev emulator,id=tpm0,chardev=chrtpm \
> +# -device tpm-tis-device,tpmdev=tpm0
> +#
> +# U-Boot must be built with CONFIG_TPM2_MMIO=y.
> +
> +mkdir -p /tmp/tpm
> +swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
> +--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
Nit pick the & can be '-d'
> diff --git a/bin/travis-ci/conf.qemu_arm64_na
> b/bin/travis-ci/conf.qemu_arm64_na
> index e7c9426..14577d8 100644
> --- a/bin/travis-ci/conf.qemu_arm64_na
> +++ b/bin/travis-ci/conf.qemu_arm64_na
> @@ -22,8 +22,9 @@
>
> console_impl=qemu
> qemu_machine="virt"
> +qemu_helper_script="swtpm"
> qemu_binary="qemu-system-aarch64"
> -qemu_extra_args="-cpu cortex-a57 -nographic -netdev
> user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
> virtio-rng-pci"
> +qemu_extra_args="-cpu cortex-a57 -nographic -netdev
> user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
> virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
> emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
> qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
> reset_impl=none
> flash_impl=none
> diff --git a/bin/travis-ci/conf.qemu_arm_na b/bin/travis-ci/conf.qemu_arm_na
> index 0f07c80..de0694d 100644
> --- a/bin/travis-ci/conf.qemu_arm_na
> +++ b/bin/travis-ci/conf.qemu_arm_na
> @@ -22,8 +22,9 @@
>
> console_impl=qemu
> qemu_machine="virt"
> +qemu_helper_script="swtpm"
> qemu_binary="qemu-system-arm"
> -qemu_extra_args="-nographic -netdev
> user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
> virtio-rng-pci"
> +qemu_extra_args="-nographic -netdev
> user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
> virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
> emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
Just a note here 'tpm-tis-device' works for arm. If we evenr need
this on x86 it's 'tpm-tis'
> qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
> reset_impl=none
> flash_impl=none
> --
> 2.32.0
>
Other than that
Reviewed-by: Ilias Apalodimas
[U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation
Provide a QEMU helper script to launch swtpm and add extra parameters to
conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
Signed-off-by: Heinrich Schuchardt
---
bin/qemu.swtpm | 19 +++
bin/travis-ci/conf.qemu_arm64_na | 3 ++-
bin/travis-ci/conf.qemu_arm_na | 3 ++-
3 files changed, 23 insertions(+), 2 deletions(-)
create mode 100755 bin/qemu.swtpm
diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
new file mode 100755
index 000..089feba
--- /dev/null
+++ b/bin/qemu.swtpm
@@ -0,0 +1,19 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-2
+#
+# This script launches swtpm to emulate a TPMv2. The parameter -t makes it
+# unload when the connection to QEMU is terminated. To make use of it add
+#
+# qemu_helper_script="swtpm"
+#
+# to the board script and the following arguments to qemu_extra_args
+#
+# -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
+# -tpmdev emulator,id=tpm0,chardev=chrtpm \
+# -device tpm-tis-device,tpmdev=tpm0
+#
+# U-Boot must be built with CONFIG_TPM2_MMIO=y.
+
+mkdir -p /tmp/tpm
+swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
+--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
diff --git a/bin/travis-ci/conf.qemu_arm64_na b/bin/travis-ci/conf.qemu_arm64_na
index e7c9426..14577d8 100644
--- a/bin/travis-ci/conf.qemu_arm64_na
+++ b/bin/travis-ci/conf.qemu_arm64_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-aarch64"
-qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci"
+qemu_extra_args="-cpu cortex-a57 -nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
reset_impl=none
flash_impl=none
diff --git a/bin/travis-ci/conf.qemu_arm_na b/bin/travis-ci/conf.qemu_arm_na
index 0f07c80..de0694d 100644
--- a/bin/travis-ci/conf.qemu_arm_na
+++ b/bin/travis-ci/conf.qemu_arm_na
@@ -22,8 +22,9 @@
console_impl=qemu
qemu_machine="virt"
+qemu_helper_script="swtpm"
qemu_binary="qemu-system-arm"
-qemu_extra_args="-nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci"
+qemu_extra_args="-nographic -netdev
user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device
virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
reset_impl=none
flash_impl=none
--
2.32.0
