Hi Ard,
On 2/16/20 5:35 PM, Ard Biesheuvel wrote:
> On Fri, 14 Feb 2020 at 19:37, Eric Auger wrote:
>>
>> This series adds the capability to instantiate an MMIO TPM TIS
>> in ARM virt.
>>
>> The existing TPM TIS code is reshuffled into a generic part,
>> the ISA device and the sysbus device. The last patch allows
>> the instantiation of the TPM TIS sysbus device in ARM virt.
>>
>> The series was tested with the swtpm/libtpms emulator.
>> Automatic guest LUKS volume unlocking (tpm2) was successful.
>> EDK2 support is under development [3]. Thanks to Ard
>> for supporting me when setting up the test environment.
>>
>> Best Regards
>>
>> Eric
>>
>> Testing:
>>
>> mkdir /tmp/tpm
>> swtpm socket \
>> --tpm2 \
>> -t -d \
>> --tpmstate dir=/tmp/tpm \
>> --ctrl type=unixio,path=/tmp/swtpm-sock
>>
>> qemu command line must be augmented with the following options:
>>
>> -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
>> -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> -device tpm-tis-device,tpmdev=tpm0 \
>>
>> References:
>> [1] libtpms: https://github.com/stefanberger/libtpms/wiki
>> [2] swtpm: https://github.com/stefanberger/swtpm/wiki
>> [3] [PATCH 0/4] ArmVirtPkg: implement measured boot for ArmVirtQemu
>>
>> This series can be found at:
>> https://github.com/eauger/qemu/tree/v4.2.0-tpm-rfc-v2
>>
>> History:
>>
>> RFC v1 -> RFC v2:
>> - restructure the existing code with common, ISA and sysbus part.
>> - both ARM and x86 integration were tested.
>> - acknowledgement: migration has not been tested
>>
>> Eric Auger (6):
>> tpm: rename TPM_TIS into TPM_TIS_ISA
>> tpm: Use TPMState as a common struct
>> tpm: Separate tpm_tis common functions from isa code
>> tpm: Separate TPM_TIS and TPM_TIS_ISA configs
>> tpm: Add the SysBus TPM TIS device
>> hw/arm/virt: vTPM support
>>
>
> Many thanks to Eric for his work on this.
>
> I have tested this with my EDK2 code and a Linux/arm64 VM booting in
> DT mode with the tpm-tis driver enabled, and it works as expected. I
> can observe the firmware taking measurements during boot, and can dump
> the PCRs from Linux using tpm2_pcrlist.
>
> Tested-by: Ard Biesheuvel
> Acked-by: Ard Biesheuvel
Many thanks for the testing.
>
> Note that the UEFI firmware is itself a consumer of the DT
> description, so we need the DT related changes regardless of whether
> the VM boots in DT or ACPI mode.
OK thank you for the note. I will add this in my cover letter.
Best Regards
Eric
>
>
>
>> default-configs/i386-softmmu.mak | 2 +-
>> hw/arm/Kconfig | 1 +
>> hw/arm/sysbus-fdt.c| 36 +
>> hw/arm/virt.c | 7 +
>> hw/i386/Kconfig| 2 +-
>> hw/i386/acpi-build.c | 6 +-
>> hw/tpm/Kconfig | 12 +-
>> hw/tpm/Makefile.objs | 4 +-
>> hw/tpm/tpm_tis.h | 91 +
>> hw/tpm/{tpm_tis.c => tpm_tis_common.c} | 181 ++---
>> hw/tpm/tpm_tis_isa.c | 170 +++
>> hw/tpm/tpm_tis_sysbus.c| 159 ++
>> include/sysemu/tpm.h | 7 +-
>> tests/qtest/Makefile.include | 4 +-
>> 14 files changed, 502 insertions(+), 180 deletions(-)
>> create mode 100644 hw/tpm/tpm_tis.h
>> rename hw/tpm/{tpm_tis.c => tpm_tis_common.c} (85%)
>> create mode 100644 hw/tpm/tpm_tis_isa.c
>> create mode 100644 hw/tpm/tpm_tis_sysbus.c
>>
>> --
>> 2.20.1
>>
>
