From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: stefanb@linux.vnet.ibm.com, qemu-devel@nongnu.org
Cc: anbang.ruan@cs.ox.ac.uk, andreas.niederl@iaik.tugraz.at,
serge@hallyn.com
Subject: [Qemu-devel] [PATCH V5 12/12] Experimental support for taking measurements when kernel etc. are passed to Qemu
Date: Fri, 20 May 2011 11:42:52 -0400 [thread overview]
Message-ID: <20110520154306.332177486@linux.vnet.ibm.com> (raw)
In-Reply-To: 20110520154240.279198011@linux.vnet.ibm.com
[-- Attachment #1: qemu_tpm_paravirt.diff --]
[-- Type: text/plain, Size: 2935 bytes --]
This really is just for experimental purposes since there are problems
when doing something similar with a multiboot kernel.
This patch addresses the case where the user provides the kernel, initrd
and kernel command line via command line parameters to Qemu. To avoid
incorrect measurements by SeaBIOS, the setup part of the kernel needs
to be treated separately.
For SeaBIOS to be able to measure the kernel whose measurement corresponds
to the 'sha1sum <kernel file>' we need to preserve the setup part of the
kernel. Since Qemu modifies it, we store a copy of the original setup
and later retrieve it in SeaBIOS's and concat the setup and rest of the kernel
to get the correct measurement.
An alternative would be to measure the files in Qemu and make the measurements
available to SeaBIOS. This would introduce a dependency of Qemu on a sha1
algorithm.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
hw/fw_cfg.h | 1 +
hw/pc.c | 8 +++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
Index: qemu-git/hw/fw_cfg.h
===================================================================
--- qemu-git.orig/hw/fw_cfg.h
+++ qemu-git/hw/fw_cfg.h
@@ -27,6 +27,7 @@
#define FW_CFG_SETUP_SIZE 0x17
#define FW_CFG_SETUP_DATA 0x18
#define FW_CFG_FILE_DIR 0x19
+#define FW_CFG_SETUP_ORIG_DATA 0x1a
#define FW_CFG_FILE_FIRST 0x20
#define FW_CFG_FILE_SLOTS 0x10
Index: qemu-git/hw/pc.c
===================================================================
--- qemu-git.orig/hw/pc.c
+++ qemu-git/hw/pc.c
@@ -659,7 +659,7 @@ static void load_linux(void *fw_cfg,
uint16_t protocol;
int setup_size, kernel_size, initrd_size = 0, cmdline_size;
uint32_t initrd_max;
- uint8_t header[8192], *setup, *kernel, *initrd_data;
+ uint8_t header[8192], *setup, *kernel, *initrd_data, *setup_orig;
target_phys_addr_t real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
FILE *f;
char *vmode;
@@ -807,6 +807,7 @@ static void load_linux(void *fw_cfg,
kernel_size -= setup_size;
setup = qemu_malloc(setup_size);
+ setup_orig = qemu_malloc(setup_size);
kernel = qemu_malloc(kernel_size);
fseek(f, 0, SEEK_SET);
if (fread(setup, 1, setup_size, f) != setup_size) {
@@ -818,6 +819,9 @@ static void load_linux(void *fw_cfg,
exit(1);
}
fclose(f);
+
+ memcpy(setup_orig, setup, setup_size);
+
memcpy(setup, header, MIN(sizeof(header), setup_size));
fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
@@ -828,6 +832,8 @@ static void load_linux(void *fw_cfg,
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
+ fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_ORIG_DATA, setup_orig, setup_size);
+
option_rom[nb_option_roms].name = "linuxboot.bin";
option_rom[nb_option_roms].bootindex = 0;
nb_option_roms++;
prev parent reply other threads:[~2011-05-20 15:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 15:42 [Qemu-devel] [PATCH V5 00/12] Qemu Trusted Platform Module (TPM) integration Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 01/12] Support for TPM command line options Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 02/12] Add TPM (frontend) hardware interface (TPM TIS) to Qemu Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 03/12] Add persistent state handling to TPM TIS frontend driver Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 04/12] Add tpm_tis driver to build process Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 05/12] Add a debug register Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 06/12] Add a TPM backend skeleton implementation Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 07/12] Implementation of the libtpms-based backend Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 08/12] Introduce file lock for the block layer Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 09/12] Add block storage support for libtpms based TPM backend Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 10/12] Encrypt state blobs using AES CBC encryption Stefan Berger
2011-05-20 15:42 ` [Qemu-devel] [PATCH V5 11/12] Experimental support for block migrating TPMs state Stefan Berger
2011-05-20 15:42 ` Stefan Berger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110520154306.332177486@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=anbang.ruan@cs.ox.ac.uk \
--cc=andreas.niederl@iaik.tugraz.at \
--cc=qemu-devel@nongnu.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).