Re: [Qemu-devel] [PATCH] Add TPM support

[Thiemo Seufer <ths@networkno.de>]

Thomas Bleher wrote:
> This patch adds support for an Atmel TPM chip.
> 
> Background: TPMs are rather complex chips, supporting many commands and
> implementing complex crypto protocols like Direct Anonymous Attestation
> (DAA). Therefore, this patch does not directly implement a TPM chip, but
> instead utilizes the TPM emulator project (http://tpm-emulator.berlios.de/).
> The TPM emulator can be run as a daemon, communicating through a unix domain
> socket.
> 
> This patch adds a "-tpm path" parameter to qemu, where "path" is the unix
> domain socket of the TPM emulator. If the parameter is given, the chip is
> registered in the emulated system. Otherwise, behaviour is unchanged.
> 
> The interface presented inside qemu is that of an Atmel TPM chip, simply
> because there is a Linux driver for this chip and the interface is very
> simple. I do not own any TPM chip, therefore the interface was written
> purely by looking at the Linux driver.
> 
> Use case: This patch makes it possible to experiment with software like IBMs
> Integrity Measurement Architecture (IMA), without having an actual TPM (this
> patch was developed for a demonstration involving IMA, among other things).
> It should also be possible to use Microsofts BitLocker technology, although
> this hasn't been tested yet.
> 
> ---
>  Makefile.target |    3 +
>  hw/tpm.c        |  219 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  vl.c            |   12 +++
>  vl.h            |    4 +
>  4 files changed, 238 insertions(+), 0 deletions(-)
>  create mode 100644 hw/tpm.c
> 
> diff --git a/Makefile.target b/Makefile.target
> index 33dc285..3665e82 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -460,6 +460,9 @@ VL_OBJS += ne2000.o
>  VL_OBJS += pcnet.o
>  VL_OBJS += rtl8139.o
>  
> +# TPM device
> +VL_OBJS += tpm.o
> +
>  ifeq ($(TARGET_BASE_ARCH), i386)
>  # Hardware support
>  VL_OBJS+= ide.o pckbd.o ps2.o vga.o $(SOUND_HW) dma.o $(AUDIODRV)
> diff --git a/hw/tpm.c b/hw/tpm.c
> new file mode 100644
> index 0000000..eaebd46
> --- /dev/null
> +++ b/hw/tpm.c
> @@ -0,0 +1,219 @@
> +/*
> + * TPM emulation
> + * Written by Thomas Bleher <ThomasBleher@gmx.de>.
> + *
> + * This driver emulates a TPM chip. TPM chips are quite complex, and a TPM
> + * emulator already exists, therefore this driver just connects to this
> + * emulator and forwards all the data. For the TPM emulator project, see
> + * http://tpm-emulator.berlios.de/
> + *
> + * The author does not own any TPM chip himself, so the Linux Kernel driver for
> + * Atmel TPM chips was taken as a reference. The code works fine with the Linux
> + * driver, but no tests have been done on other operating systems.
> + *
> + * Some structures are copied from the Linux Kernel source code.
> + */

So the License of this file is "GPL, Version 2"? The license should be
mentioned in the comment.


Thiemo