From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Stefan Berger" <stefanb@linux.ibm.com>
Subject: [Qemu-devel] [PULL v2 42/49] tpm: clear RAM when "memory overwrite" requested
Date: Tue, 15 Jan 2019 15:06:08 -0500 [thread overview]
Message-ID: <20190115200252.25911-43-mst@redhat.com> (raw)
In-Reply-To: <20190115200252.25911-1-mst@redhat.com>
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Note: the "Platform Reset Attack Mitigation" specification isn't
explicit about NVDIMM, since they could have different usages. It uses
the term "system memory" generally (and also "volatile memory RAM" in
its introduction). For initial support, I propose to consider
non-volatile memory as not being subject to the memory clear. There is
an on-going discussion in the TCG "pcclientwg" working group for
future revisions.
CPU cache clearing is done unconditionally in edk2 since commit
d20ae95a13e851 (edk2-stable201811).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/tpm/tpm_ppi.h | 10 ++++++++++
hw/tpm/tpm_crb.c | 3 +++
hw/tpm/tpm_ppi.c | 22 ++++++++++++++++++++++
hw/tpm/tpm_tis.c | 3 +++
hw/tpm/trace-events | 3 +++
5 files changed, 41 insertions(+)
diff --git a/hw/tpm/tpm_ppi.h b/hw/tpm/tpm_ppi.h
index c5e555fe2c..d33ef27de6 100644
--- a/hw/tpm/tpm_ppi.h
+++ b/hw/tpm/tpm_ppi.h
@@ -33,4 +33,14 @@ typedef struct TPMPPI {
void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m,
hwaddr addr, Object *obj);
+/**
+ * tpm_ppi_reset:
+ * @tpmppi: a TPMPPI
+ *
+ * Function to call on machine reset. It will check if the "Memory
+ * overwrite" variable is set, and perform a memory clear on volatile
+ * memory if requested.
+ **/
+void tpm_ppi_reset(TPMPPI *tpmppi);
+
#endif /* TPM_TPM_PPI_H */
diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index 012ec686d4..3087acc4ab 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -233,6 +233,9 @@ static void tpm_crb_reset(void *dev)
{
CRBState *s = CRB(dev);
+ if (s->ppi_enabled) {
+ tpm_ppi_reset(&s->ppi);
+ }
tpm_backend_reset(s->tpmbe);
memset(s->regs, 0, sizeof(s->regs));
diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c
index cf17779c20..cd8205f212 100644
--- a/hw/tpm/tpm_ppi.c
+++ b/hw/tpm/tpm_ppi.c
@@ -16,8 +16,30 @@
#include "qapi/error.h"
#include "cpu.h"
#include "sysemu/memory_mapping.h"
+#include "sysemu/reset.h"
#include "migration/vmstate.h"
#include "tpm_ppi.h"
+#include "trace.h"
+
+void tpm_ppi_reset(TPMPPI *tpmppi)
+{
+ if (tpmppi->buf[0x15a /* movv, docs/specs/tpm.txt */] & 0x1) {
+ GuestPhysBlockList guest_phys_blocks;
+ GuestPhysBlock *block;
+
+ guest_phys_blocks_init(&guest_phys_blocks);
+ guest_phys_blocks_append(&guest_phys_blocks);
+ QTAILQ_FOREACH(block, &guest_phys_blocks.head, next) {
+ trace_tpm_ppi_memset(block->host_addr,
+ block->target_end - block->target_start);
+ memset(block->host_addr, 0,
+ block->target_end - block->target_start);
+ memory_region_set_dirty(block->mr, 0,
+ block->target_end - block->target_start);
+ }
+ guest_phys_blocks_free(&guest_phys_blocks);
+ }
+}
void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m,
hwaddr addr, Object *obj)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 02d9d5c911..fd6bb9b59a 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -872,6 +872,9 @@ static void tpm_tis_reset(DeviceState *dev)
s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->be_driver),
TPM_TIS_BUFFER_MAX);
+ if (s->ppi_enabled) {
+ tpm_ppi_reset(&s->ppi);
+ }
tpm_backend_reset(s->be_driver);
s->active_locty = TPM_TIS_NO_LOCALITY;
diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events
index 25bee0cecf..920d32ad55 100644
--- a/hw/tpm/trace-events
+++ b/hw/tpm/trace-events
@@ -51,3 +51,6 @@ tpm_tis_mmio_write_init_abort(void) "Initiating abort"
tpm_tis_mmio_write_lowering_irq(void) "Lowering IRQ"
tpm_tis_mmio_write_data2send(uint32_t value, unsigned size) "Data to send to TPM: 0x%08x (size=%d)"
tpm_tis_pre_save(uint8_t locty, uint32_t rw_offset) "locty: %d, rw_offset = %u"
+
+# hw/tpm/tpm_ppi.c
+tpm_ppi_memset(uint8_t *ptr, size_t size) "memset: %p %zu"
--
MST
next prev parent reply other threads:[~2019-01-15 20:06 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 20:03 [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features Michael S. Tsirkin
2019-01-15 20:03 ` [Qemu-devel] [PULL v2 01/49] pci/pcie: stop plug/unplug if the slot is locked Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 02/49] msix: make pba size math more uniform Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 03/49] hw/misc/ivshmem: Remove deprecated "ivshmem" legacy device Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 04/49] qemu: avoid memory leak while remove disk Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 05/49] tests: vhost-user-test: initialize 'fd' in chr_read Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 06/49] vhost-user: fix ioeventfd_enabled Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 07/49] util: check the return value of fcntl in qemu_set_{block, nonblock} Michael S. Tsirkin
2019-01-25 18:53 ` Philippe Mathieu-Daudé
2019-01-25 18:58 ` Kamil Rytarowski
2019-01-25 19:04 ` Brad Smith
2019-01-25 19:36 ` Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 08/49] tests: acpi: use AcpiSdtTable::aml in consistent way Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 09/49] tests: acpi: make sure FADT is fetched only once Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 10/49] tests: acpi: simplify rsdt handling Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 11/49] tests: acpi: reuse fetch_table() for fetching FACS and DSDT Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 12/49] tests: acpi: reuse fetch_table() in vmgenid-test Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 13/49] tests: smbios: fetch whole table in one step instead of reading it step by step Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 14/49] tests: acpi: squash sanitize_fadt_ptrs() into test_acpi_fadt_table() Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 15/49] tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature Michael S. Tsirkin
2019-01-15 20:04 ` [Qemu-devel] [PULL v2 16/49] virtio-net: support RSC v4/v6 tcp traffic for Windows HCK Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 17/49] virtio-net: changed VIRTIO_NET_F_RSC_EXT to be 61 Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 18/49] virtio: split vhost vsock bits from virtio-pci Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 19/49] virtio: split virtio input host " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 20/49] virtio: split virtio input " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 21/49] virtio: split virtio rng " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 22/49] virtio: split virtio balloon " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 23/49] virtio: split virtio 9p " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 24/49] virtio: split vhost user blk " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 25/49] virtio: split vhost user scsi " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 26/49] virtio: split vhost " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 27/49] virtio: split virtio " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 28/49] virtio: split virtio blk " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 29/49] virtio: split virtio net " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 30/49] virtio: split virtio serial " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 31/49] virtio: split virtio gpu bits from virtio-pci.h Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 32/49] virtio: split virtio crypto " Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 33/49] virtio: virtio 9p really requires CONFIG_VIRTFS to work Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 34/49] globals: Allow global properties to be optional Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 35/49] virtio: Make disable-legacy/disable-modern compat properties optional Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 36/49] hw/misc/edu: add msi_uninit() for pci_edu_uninit() Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 37/49] tpm: add a "ppi" boolean property Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 38/49] tpm: allocate/map buffer for TPM Physical Presence interface Michael S. Tsirkin
2019-01-15 20:05 ` [Qemu-devel] [PULL v2 39/49] acpi: expose TPM/PPI configuration parameters to firmware via fw_cfg Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 40/49] acpi: build TPM Physical Presence interface Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 41/49] acpi: add ACPI memory clear interface Michael S. Tsirkin
2019-01-15 20:06 ` Michael S. Tsirkin [this message]
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 43/49] hw: acpi: Fix memory hotplug AML generation error Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 44/49] acpi: update expected files Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 45/49] qemu/compiler: Define QEMU_NONSTRING Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 46/49] block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 47/49] hw/acpi: " Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 48/49] migration: Fix stringop-truncation warning Michael S. Tsirkin
2019-01-15 20:06 ` [Qemu-devel] [PULL v2 49/49] migration: Use strnlen() for fixed-size string Michael S. Tsirkin
2019-01-17 12:48 ` [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features Peter Maydell
2019-01-17 13:44 ` Michael S. Tsirkin
2019-01-17 14:07 ` Peter Maydell
2019-01-17 14:19 ` Michael S. Tsirkin
2019-01-17 14:25 ` Peter Maydell
2019-01-17 14:38 ` Michael S. Tsirkin
2019-01-17 16:21 ` Peter Maydell
2019-01-18 2:12 ` Michael S. Tsirkin
2019-01-18 9:28 ` Igor Mammedov
2019-01-18 15:56 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190115200252.25911-43-mst@redhat.com \
--to=mst@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).