From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:60531)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1QyqwC-00026L-7X
	for qemu-devel@nongnu.org; Wed, 31 Aug 2011 15:59:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1QyqwA-0001kg-T8
	for qemu-devel@nongnu.org; Wed, 31 Aug 2011 15:59:04 -0400
Received: from mail-ew0-f45.google.com ([209.85.215.45]:48000)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1QyqwA-0001kc-NA
	for qemu-devel@nongnu.org; Wed, 31 Aug 2011 15:59:02 -0400
Received: by ewy24 with SMTP id 24so805607ewy.4
	for <qemu-devel@nongnu.org>; Wed, 31 Aug 2011 12:59:01 -0700 (PDT)
Date: Wed, 31 Aug 2011 21:58:58 +0200
From: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Message-ID: <20110831195858.GA18881@zapo>
References: <20110831194540.700948503@linux.vnet.ibm.com>
	<20110831194606.997238750@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20110831194606.997238750@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH V7 5/9] Support for BIOS interrupt handler
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: chrisw@redhat.com, seabios@seabios.org, qemu-devel@nongnu.org

On Wed, Aug 31, 2011 at 03:45:45PM -0400, Stefan Berger wrote:
> This patch implements the TCG BIOS interrupt handler 1ah. It is for
> example used by trusted grub.
> 
> This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147
> and Wikipedia) for speeding up measurements of code. Trusted Grub for example
> makes use of this interface and measures (calculates SHA1) of the Linux kernel
> and initrd. Those files can be rather large and hunting their bytes through
> the TIS interface as part of the int handler commands invoked by trusted grub
> does take quite some time due to the many vmexits the interface is creating
> (one per byte).
> 
> There is also a threshold for the size of data to hash (100k) below which
> the TPM is used and above the internal faster SHA1 algorithm is used.

Hi Stefan,

A question:
Is there a reason for not reusing the SHA1 implementation from other libraries,
like OpenSSL?

I've got a couple of cryptographic device models on my end (some of them
that I may contribute at some point) that will need the various SHA hashes
and other ciphers.

In my case, there might be tons of data beeing hashed and when available,
it would be nice to be able to use cryptographic hw acceleration which
may be provided by OpenSSL engines. Or even, just heavily optimized
assembly versions of them.

Cheers