From: Stuart Yoder <stuart.yoder@arm.com>
To: jejb@linux.ibm.com,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: "amd-sev-snp@lists.suse.com" <amd-sev-snp@lists.suse.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: SVSM vTPM specification
Date: Fri, 14 Oct 2022 12:16:58 -0500 [thread overview]
Message-ID: <0a0f3b57-13c6-8161-8674-1dbcf3ca9ddc@arm.com> (raw)
In-Reply-To: <ce89a3298963f4fa234e46ae9fe00da66e2ff819.camel@linux.ibm.com>
On 10/13/22 4:41 PM, James Bottomley wrote:
> On Thu, 2022-10-13 at 17:14 -0400, Daniel P. Smith wrote:
>> On 10/13/22 17:06, James Bottomley wrote:
>>> On Thu, 2022-10-13 at 16:54 -0400, Daniel P. Smith wrote:
>>>> Pardon the interjection.
>>>>
>>>> On 10/13/22 15:20, James Bottomley wrote:
>>>>> On Thu, 2022-10-13 at 13:54 -0500, Tom Lendacky wrote:
>>>>>> On 10/12/22 14:05, James Bottomley wrote:
>>>>>>> On Wed, 2022-10-12 at 18:33 +0100, Dr. David Alan Gilbert
>>>>>>> wrote:
>>>>>>>> * Tom Lendacky (thomas.lendacky@amd.com) wrote:
>>>>>> ...
>>>>>>> It is theoretically possible to emulate a CRB TPM with just
>>>>>>> a
>>>>>>> single
>>>>>>> communication page and an ACPI entry (the Linux CRB driver
>>>>>>> is
>>>>>>> ACPI
>>>>>>> only
>>>>>>> at this time and responds to the "MSFT0101" ACPI entry).
>>>>>>>
>>>>>>> The CRB device responds to a very compact MMIO region (0x30
>>>>>>> bytes
>>>>>>> long)
>>>>>>> described in the CRB spec:
>>>>>>>
>>>>>>> https://trustedcomputinggroup.org/resource/tpm-2-0-mobile-command-response-buffer-interface-specification/
>>>>
>>>> IMHO I would not use the mobile CRB, which was designed as a
>>>> doorbell solution for ARM where trapping a page was not possible.
>>>> Since it is possible to trap on page access, this makes it
>>>> possible
>>>> to implement the PC Client MMIO interface and enables
>>>> implementations
>>>> to provide the complete set of TPM capabilities, e.g. localities.
>>>
>>> You mean the TIS interface:
>>>
>>> https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
>>>
>>> We discussed this at length with AMD ... which I think isn't
>>> captured in the email archives, unfortunately. However, the bottom
>>> line is that TIS uses a FIFO approach to sending data through the
>>> MMIO page. That's simply unscalable for pure emulation because it
>>> will result in 10-100x the number of write traps in the MMIO page
>>> as the CRB driver which uses a MMIO mailbox to trigger actions but
>>> passes the data via physical page addresses not FIFOs.
>>
>> Yes I am referring to the TIS interface but FIFO is only one of the
>> software interface defined in the spec. There is also the TIS CRB
>> interface which I should enable a similar experience as the mobile
>> CRB.
>
> Well, not in the above spec there isn't, it's a pure FIFO. I think you
> might be thinking of the PTP spec:
>
> https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/
>
> which defined locality mapping for the CRB interface (among other
> things). But regardless of the TCG maze of slightly overlapping specs,
> I think you now agree we can't use the FIFO interface because of the
> high access trap overhead. The outstanding question is over
> localities, but simply implementing the PTP multiple pages won't give
> us that. It works for physical hardware because there's an motherboard
> implementation specific way of shutting off access to MMIO registers at
> a given locality. We'd have to define such a thing for the SVSM ...
> but, as of today, it's not really properly defined for OVMF, indicating
> no-one's really using it as a security property for virtual
> environments.
Unless you expect to have some kind of virtual DRTM, all you need is
locality 0 in a virtual environment.
You could invent a new CRB-like interface, but how will it be
advertised? Through a new ACPI table definition that has to
get accepted by the UEFI Forum? Updating the TCG ACPI spec?
And you will obviously need new drivers for each OS to be supported.
If you want to use a standard CRB and avoid overhead due to polling
in an MMIO interface you can implement the CRB interface completely in
normal DRAM, which is what is done for Trustzone-based firmware TPMs
on Arm. The Mobile CRB spec specifically allows this. But, you will
need a doorbell mechanism to signal the TPM to "start" operating on
a command that has been put in the CRB in DRAM. The Linux CRB driver
works out of the box with this approach.
The standard TPM2 ACPI table could be used and all you need to define
is a new start method.
There are tradeoffs for both approaches.
Thanks,
Stuart
next prev parent reply other threads:[~2022-10-14 17:17 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 16:38 SVSM vTPM specification Tom Lendacky
2022-10-12 17:33 ` Dr. David Alan Gilbert
2022-10-12 18:44 ` James Bottomley
2022-10-13 15:14 ` Tom Lendacky
2022-10-13 15:29 ` Daniele Buono
2022-10-13 15:30 ` James Bottomley
2022-10-18 20:22 ` Dov Murik
2022-10-19 5:47 ` Christophe de Dinechin
2022-10-19 6:39 ` Dov Murik
2022-10-19 8:08 ` Daniel P. Berrangé
2022-10-19 12:09 ` Christophe de Dinechin
2022-10-19 12:38 ` James Bottomley
2022-10-19 13:05 ` Daniel P. Berrangé
2022-10-19 14:43 ` Tom Lendacky
2022-10-19 15:20 ` James Bottomley
2022-10-19 21:58 ` Tom Lendacky
2022-10-19 20:57 ` Dov Murik
2022-10-19 22:04 ` Tom Lendacky
2022-10-19 22:14 ` Dionna Amalie Glaze
2022-10-19 23:38 ` James Bottomley
2022-10-19 22:36 ` [EXTERNAL] " David Altobelli
[not found] ` <CABayD+cYCj=uOtC5h1d781jh_B6XqxmZNfR69taEex7yvkizRw@mail.gmail.com>
[not found] ` <SJ0PR21MB132378C080FFED1E283B4051E92A9@SJ0PR21MB1323.namprd21.prod.outlook.com>
2022-10-20 20:29 ` James Bottomley
2022-10-21 0:02 ` [EXTERNAL] " Jon Lange
2022-10-21 13:04 ` James Bottomley
2022-10-21 16:31 ` [EXTERNAL] " Jon Lange
2022-10-22 3:20 ` James Bottomley
2022-10-24 4:51 ` [EXTERNAL] " Jon Lange
2022-10-24 10:59 ` Dr. David Alan Gilbert
2022-10-24 11:45 ` Dov Murik
2022-10-24 19:02 ` Tom Lendacky
2022-10-24 19:18 ` Dionna Amalie Glaze
2022-10-25 8:51 ` Dov Murik
2022-10-25 9:43 ` Christophe de Dinechin
2022-10-25 14:08 ` Tom Lendacky
2022-10-25 14:13 ` James Bottomley
2022-10-29 0:25 ` Steve Rutherford
2022-10-29 13:27 ` James Bottomley
2022-10-19 11:21 ` Dr. David Alan Gilbert
2022-10-19 11:45 ` James Bottomley
2022-10-12 19:05 ` James Bottomley
2022-10-13 18:54 ` Tom Lendacky
2022-10-13 19:20 ` James Bottomley
2022-10-13 20:54 ` Daniel P. Smith
2022-10-13 21:06 ` James Bottomley
2022-10-13 21:14 ` Daniel P. Smith
2022-10-13 21:41 ` James Bottomley
2022-10-14 17:16 ` Stuart Yoder [this message]
2022-10-14 21:46 ` Tom Lendacky
2022-10-16 16:29 ` Daniel P. Smith
2022-10-16 16:44 ` James Bottomley
2022-10-21 11:54 ` Daniel P. Smith
2022-10-21 12:31 ` James Bottomley
2022-10-18 20:45 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a0f3b57-13c6-8161-8674-1dbcf3ca9ddc@arm.com \
--to=stuart.yoder@arm.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgilbert@redhat.com \
--cc=dpsmith@apertussolutions.com \
--cc=jejb@linux.ibm.com \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).