From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthew Fioravante Subject: Re: [PATCH 4/4] stubdom/vtpm: Support multiple backends and locality Date: Thu, 29 Nov 2012 14:09:49 -0500 Message-ID: <50B7B2FD.5080205@jhuapl.edu> References: <50B4D060.9070403@jhuapl.edu> <1354029286-17652-1-git-send-email-dgdegra@tycho.nsa.gov> <1354029286-17652-5-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0208902575666907630==" Return-path: In-Reply-To: <1354029286-17652-5-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Daniel De Graaf Cc: "Ian.Campbell@citrix.com" , "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org This is a cryptographically signed message in MIME format. --===============0208902575666907630== Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms080006030705090900010804" This is a cryptographically signed message in MIME format. --------------ms080006030705090900010804 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Looks good. I'm actually kind of surprised that the emulator doesn't prov= ide an interface to set the requested locality. Acked by: Matthew Fioravante On 11/27/2012 10:14 AM, Daniel De Graaf wrote: > The vTPM protocol now contains a field allowing the locality of a > command to be specified; pass this to the TPM when processing a packet.= > This also enables a single vTPM to provide multiple tpmback interfaces > so that several closely related domains can share a vTPM (for example, = a > qemu device stubdom and its target domain). > > Signed-off-by: Daniel De Graaf > --- > stubdom/tpmemu-0.7.4.patch | 61 +++++++++++++++++++++++++++++++++++++= +++++---- > stubdom/vtpm/vtpm.c | 16 +++--------- > 2 files changed, 59 insertions(+), 18 deletions(-) > > diff --git a/stubdom/tpmemu-0.7.4.patch b/stubdom/tpmemu-0.7.4.patch > index b84eff1..31ace1a 100644 > --- a/stubdom/tpmemu-0.7.4.patch > +++ b/stubdom/tpmemu-0.7.4.patch > @@ -1,9 +1,60 @@ > -diff -Naur tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c tpm_emul= ator-x86_64/tpm/tpm_emulator_extern.c > ---- tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c 2012-04-27 10:5= 5:46.581963398 -0400 > -+++ tpm_emulator-x86_64/tpm/tpm_emulator_extern.c 2012-04-27 10:56:02.= 193034152 -0400 > -@@ -249,7 +249,7 @@ > +diff --git a/tpm/tpm_capability.c b/tpm/tpm_capability.c > +index 60bbb90..f8f7f0f 100644 > +--- a/tpm/tpm_capability.c > ++++ b/tpm/tpm_capability.c > +@@ -949,6 +949,8 @@ static TPM_RESULT set_vendor(UINT32 subCap, BYTE *= setValue, > + UINT32 setValueSize, BOOL ownerAuth, > + BOOL deactivated, BOOL disabled) > + { > ++ if (tpmData.stany.flags.localityModifier !=3D 8) > ++ return TPM_BAD_PARAMETER; > + /* set the capability area with the specified data, on failure > + deactivate the TPM */ > + switch (subCap) { > +diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c > +index 288d1ce..9e1cfb4 100644 > +--- a/tpm/tpm_cmd_handler.c > ++++ b/tpm/tpm_cmd_handler.c > +@@ -4132,7 +4132,7 @@ void tpm_emulator_shutdown() > + tpm_extern_release(); > + } > + > +-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t *= *out, uint32_t *out_size) > ++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t *= *out, uint32_t *out_size, int locality) > + { > + TPM_REQUEST req; > + TPM_RESPONSE rsp; > +@@ -4140,7 +4140,9 @@ int tpm_handle_command(const uint8_t *in, uint32= _t in_size, uint8_t **out, uint3 > + UINT32 len; > + BOOL free_out; > + > +- debug("tpm_handle_command()"); > ++ debug("tpm_handle_command(%d)", locality); > ++ if (locality !=3D -1) > ++ tpmData.stany.flags.localityModifier =3D locality; > + > + /* we need the whole packet at once, otherwise unmarshalling will f= ail */ > + if (tpm_unmarshal_TPM_REQUEST((uint8_t**)&in, &in_size, &req) !=3D = 0) { > +diff --git a/tpm/tpm_emulator.h b/tpm/tpm_emulator.h > +index eed749e..4c228bd 100644 > +--- a/tpm/tpm_emulator.h > ++++ b/tpm/tpm_emulator.h > +@@ -59,7 +59,7 @@ void tpm_emulator_shutdown(void); > + * its usage. In case of an error, all internally allocated memory > + * is released and the the state of out and out_size is unspecified. > + */ > +-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t *= *out, uint32_t *out_size); > ++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t *= *out, uint32_t *out_size, int locality); > + > + #endif /* _TPM_EMULATOR_H_ */ > + > +diff --git a/tpm/tpm_emulator_extern.c b/tpm/tpm_emulator_extern.c > +index aabe6c3..440a01b 100644 > +--- a/tpm/tpm_emulator_extern.c > ++++ b/tpm/tpm_emulator_extern.c > +@@ -249,7 +249,7 @@ int (*tpm_read_from_storage)(uint8_t **data, size_= t *data_length) =3D _tpm_read_fr > #else /* TPM_NO_EXTERN */ > - > + > int (*tpm_extern_init)(void) =3D= NULL; > -int (*tpm_extern_release)(void) =3D= NULL; > +void (*tpm_extern_release)(void) =3D= NULL; > diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c > index c33e078..dcfc3b9 100644 > --- a/stubdom/vtpm/vtpm.c > +++ b/stubdom/vtpm/vtpm.c > @@ -141,8 +141,6 @@ int check_ordinal(tpmcmd_t* tpmcmd) { > =20 > static void main_loop(void) { > tpmcmd_t* tpmcmd =3D NULL; > - domid_t domid; /* Domid of frontend */ > - unsigned int handle; /* handle of frontend */ > int res =3D -1; > =20 > info("VTPM Initializing\n"); > @@ -162,15 +160,7 @@ static void main_loop(void) { > goto abort_postpcrs; > } > =20 > - /* Wait for the frontend domain to connect */ > - info("Waiting for frontend domain to connect.."); > - if(tpmback_wait_for_frontend_connect(&domid, &handle) =3D=3D 0) { > - info("VTPM attached to Frontend %u/%u", (unsigned int) domid, ha= ndle); > - } else { > - error("Unable to attach to a frontend"); > - } > - > - tpmcmd =3D tpmback_req(domid, handle); > + tpmcmd =3D tpmback_req_any(); > while(tpmcmd) { > /* Handle the request */ > if(tpmcmd->req_len) { > @@ -183,7 +173,7 @@ static void main_loop(void) { > } > /* If not disabled, do the command */ > else { > - if((res =3D tpm_handle_command(tpmcmd->req, tpmcmd->req_le= n, &tpmcmd->resp, &tpmcmd->resp_len)) !=3D 0) { > + if((res =3D tpm_handle_command(tpmcmd->req, tpmcmd->req_le= n, &tpmcmd->resp, &tpmcmd->resp_len, tpmcmd->locality)) !=3D 0) { > error("tpm_handle_command() failed"); > create_error_response(tpmcmd, TPM_FAIL); > } > @@ -194,7 +184,7 @@ static void main_loop(void) { > tpmback_resp(tpmcmd); > =20 > /* Wait for the next request */ > - tpmcmd =3D tpmback_req(domid, handle); > + tpmcmd =3D tpmback_req_any(); > =20 > } > =20 --------------ms080006030705090900010804 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDyjCC A8YwggMvoAMCAQICBD/xyf0wDQYJKoZIhvcNAQEFBQAwLzELMAkGA1UEBhMCVVMxDzANBgNV BAoTBkpIVUFQTDEPMA0GA1UECxMGQklTRENBMB4XDTEwMDYxMTE4MjIwNloXDTEzMDYxMTE4 NTIwNlowZjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkpIVUFQTDEPMA0GA1UECxMGUGVvcGxl MTUwFgYDVQQLEw9WUE5Hcm91cC1CSVNEQ0EwGwYDVQQDExRNYXR0aGV3IEUgRmlvcmF2YW50 ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnpbwVSP6o1Nb5lcW7dd3yTo9iBJdi7qz 4nANOMFPK7JOy5npKN1iiousl28U/scUJES55gPwAWYJK3uVyQAsA4adgDKi5DoD1UHDQEwp bY7iHLJeq0NPr4BqYNqnCFPbE6HC8zSJrr4qKn+gVUQT39SIFqdiIPJwZL8FYTRQ/zsCAwEA AaOCAbYwggGyMAsGA1UdDwQEAwIHgDArBgNVHRAEJDAigA8yMDEwMDYxMTE4MjIwNlqBDzIw MTIwNzE3MjI1MjA2WjAbBg0rBgEEAbMlCwMBAQEBBAoWCGZpb3JhbWUxMBsGDSsGAQQBsyUL AwEBAQIEChIIMDAxMDQyNjEwWAYJYIZIAYb6ax4BBEsMSVRoZSBwcml2YXRlIGtleSBjb3Jy ZXNwb25kaW5nIHRvIHRoaXMgY2VydGlmaWNhdGUgbWF5IGhhdmUgYmVlbiBleHBvcnRlZC4w KAYDVR0RBCEwH4EdTWF0dGhldy5GaW9yYXZhbnRlQGpodWFwbC5lZHUwUgYDVR0fBEswSTBH oEWgQ6RBMD8xCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZKSFVBUEwxDzANBgNVBAsTBkJJU0RD QTEOMAwGA1UEAxMFQ1JMNTYwHwYDVR0jBBgwFoAUCDUpmxH52EU2CyWmF2EJMB1yqeswHQYD VR0OBBYEFO6LYxg6r9wHZ+zdQtBHn1dZ/YTNMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAww ChsEVjcuMQMCBLAwDQYJKoZIhvcNAQEFBQADgYEAJO9HQh4YNChVLzuZqK5ARJARD8JoujGZ fdo75quvg2jXFQe2sEjvLnxJZgm/pv8fdZakq48CWwjYHKuvIp7sDjTEsQfo+y7SpN/N2NvJ WU5SqfK1VgYtNLRRoGJUB5Q1aZ+Dg95g3kqpyfpUMISJL8IKVLtJVfN4fggFVUYZ9wwxggGr MIIBpwIBATA3MC8xCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZKSFVBUEwxDzANBgNVBAsTBkJJ U0RDQQIEP/HJ/TAJBgUrDgMCGgUAoIHLMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTEyMTEyOTE5MDk0OVowIwYJKoZIhvcNAQkEMRYEFIErKoc/yOhX2kdh kZDvIbhHYU8XMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAK BggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI KoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYAIjG4GFzNAR2xIfzAPLWI4QSAUzKET19M3 cIpkHxFGiH06PRWAa9dFc2a3S3WDd8TqOZby62ZCRTOAYBcQ1iWRf5H0StkDkWy8FNXtMWDs H37dwo53scU9IiuS+yVx4rc6YVKV+0gfZE5nfK20eW2nV9wnxrvj61zWYRfwzYNqgQAAAAAA AA== --------------ms080006030705090900010804-- --===============0208902575666907630== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============0208902575666907630==--