From: Joelle van Dyne <j@getutm.app>
To: qemu-devel@nongnu.org
Subject: [PATCH v5 00/14] tpm: introduce TPM CRB SysBus device
Date: Mon, 13 Nov 2023 18:09:10 -0800 [thread overview]
Message-ID: <20231114020927.62315-1-j@getutm.app> (raw)
The impetus for this patch set is to get TPM 2.0 working on Windows 11 ARM64.
Windows' tpm.sys does not seem to work on a TPM TIS device (as verified with
VMWare's implementation). However, the current TPM CRB device uses a fixed
system bus address that is reserved for RAM in ARM64 Virt machines.
In the process of adding the TPM CRB SysBus device, we also went ahead and
cleaned up some of the existing TPM hardware code and fixed some bugs. We used
the TPM TIS devices as a template for the TPM CRB devices and refactored out
common code. We moved the ACPI DSDT generation to the device in order to handle
dynamic base address requirements as well as reduce redundent code in different
machine ACPI generation. We also changed the tpm_crb device to use the ISA bus
instead of depending on the default system bus as the device only was built for
the PC configuration.
Another change is that the TPM CRB registers are now mapped in the same way that
the pflash ROM devices are mapped. It is a memory region whose writes are
trapped as MMIO accesses. This was needed because Apple Silicon does not decode
LDP (AARCH64 load pair of registers) caused page faults. @agraf suggested that
we do this to avoid having to do AARCH64 decoding in the HVF backend's fault
handler.
Unfortunately, it seems like the LDP fault still happens on HVF but the issue
seems to be in the HVF backend which needs to be fixed in a separate patch.
One last thing that's needed to get Windows 11 to recognize the TPM 2.0 device
is for the OVMF firmware to setup the TPM device. Currently, OVMF for ARM64 Virt
only recognizes the TPM TIS device through a FDT entry. A workaround is to
falsely identify the TPM CRB device as a TPM TIS device in the FDT node but this
causes issues for Linux. A proper fix would involve adding an ACPI device driver
in OVMF.
This has been tested on ARM64 with `tpm-crb-device` and on x86_64 with
`tpm-crb`. Additional testing should be performed on other architectures (RISCV
and Loongarch for example) as well as migration cases.
v5:
- Fixed a typo in "tpm_crb: use a single read-as-mem/write-as-mmio mapping"
- Fixed ACPI tables not being created for pc CRB device
v4:
- Fixed broken test blobs
v3:
- Support backwards and forwards migration of existing tpm-crb device
- Dropped patch which moved tpm-crb to ISA bus due to migration concerns
- Unified `tpm_sysbus_plug` handler for ARM and Loongarch
- Added ACPI table tests for tpm-crb-device
- Refactored TPM CRB tests to run on tpm-crb-device for ARM Virt
v2:
- Fixed an issue where VMstate restore from an older version failed due to name
collision of the memory block.
- In the ACPI table generation for CRB devices, the check for TPM 2.0 backend is
moved to the device realize as CRB does not support TPM 1.0. It will error in
that case.
- Dropped the patch to fix crash when PPI is enabled on TIS SysBus device since
a separate patch submitted by Stefan Berger disables such an option.
- Fixed an issue where we default tpmEstablished=0 when it should be 1.
- In TPM CRB SysBus's ACPI entry, we accidently changed _UID from 0 to 1. This
shouldn't be an issue but we changed it back just in case.
- Added a patch to migrate saved VMstate from an older version with the regs
saved separately instead of as a RAM block.
Joelle van Dyne (14):
tpm_crb: refactor common code
tpm_crb: CTRL_RSP_ADDR is 64-bits wide
tpm_ppi: refactor memory space initialization
tpm_crb: use a single read-as-mem/write-as-mmio mapping
tpm_crb: move ACPI table building to device interface
tpm-sysbus: add plug handler for TPM on SysBus
hw/arm/virt: connect TPM to platform bus
hw/loongarch/virt: connect TPM to platform bus
tpm_tis_sysbus: move DSDT AML generation to device
tests: acpi: prepare for TPM CRB tests
tpm_crb_sysbus: introduce TPM CRB SysBus device
tests: acpi: implement TPM CRB tests for ARM virt
tests: acpi: updated expected blobs for TPM CRB
tests: add TPM-CRB sysbus tests for aarch64
docs/specs/tpm.rst | 2 +
hw/tpm/tpm_crb.h | 79 ++++++
hw/tpm/tpm_ppi.h | 10 +-
include/hw/acpi/tpm.h | 3 +-
include/sysemu/tpm.h | 7 +
tests/qtest/tpm-tests.h | 2 +
tests/qtest/tpm-util.h | 4 +-
hw/acpi/aml-build.c | 7 +-
hw/arm/virt-acpi-build.c | 38 +--
hw/arm/virt.c | 8 +
hw/core/sysbus-fdt.c | 1 +
hw/i386/acpi-build.c | 16 +-
hw/loongarch/acpi-build.c | 38 +--
hw/loongarch/virt.c | 8 +
hw/riscv/virt.c | 1 +
hw/tpm/tpm-sysbus.c | 47 ++++
hw/tpm/tpm_crb.c | 302 ++++++----------------
hw/tpm/tpm_crb_common.c | 262 +++++++++++++++++++
hw/tpm/tpm_crb_sysbus.c | 162 ++++++++++++
hw/tpm/tpm_ppi.c | 5 +-
hw/tpm/tpm_tis_isa.c | 5 +-
hw/tpm/tpm_tis_sysbus.c | 37 +++
tests/qtest/bios-tables-test.c | 47 +++-
tests/qtest/tpm-crb-device-swtpm-test.c | 72 ++++++
tests/qtest/tpm-crb-device-test.c | 71 +++++
tests/qtest/tpm-crb-swtpm-test.c | 2 +
tests/qtest/tpm-crb-test.c | 121 +--------
tests/qtest/tpm-tests.c | 121 +++++++++
tests/qtest/tpm-tis-device-swtpm-test.c | 2 +-
tests/qtest/tpm-tis-device-test.c | 2 +-
tests/qtest/tpm-tis-i2c-test.c | 3 +
tests/qtest/tpm-tis-swtpm-test.c | 2 +-
tests/qtest/tpm-tis-test.c | 2 +-
tests/qtest/tpm-util.c | 16 +-
hw/arm/Kconfig | 1 +
hw/loongarch/Kconfig | 2 +
hw/riscv/Kconfig | 1 +
hw/tpm/Kconfig | 5 +
hw/tpm/meson.build | 5 +
hw/tpm/trace-events | 2 +-
tests/data/acpi/q35/DSDT.crb.tpm2 | Bin 0 -> 8355 bytes
tests/data/acpi/q35/TPM2.crb.tpm2 | Bin 0 -> 76 bytes
tests/data/acpi/virt/DSDT.crb-device.tpm2 | Bin 0 -> 5276 bytes
tests/data/acpi/virt/TPM2.crb-device.tpm2 | Bin 0 -> 76 bytes
tests/qtest/meson.build | 4 +
45 files changed, 1057 insertions(+), 468 deletions(-)
create mode 100644 hw/tpm/tpm_crb.h
create mode 100644 hw/tpm/tpm-sysbus.c
create mode 100644 hw/tpm/tpm_crb_common.c
create mode 100644 hw/tpm/tpm_crb_sysbus.c
create mode 100644 tests/qtest/tpm-crb-device-swtpm-test.c
create mode 100644 tests/qtest/tpm-crb-device-test.c
create mode 100644 tests/data/acpi/q35/DSDT.crb.tpm2
create mode 100644 tests/data/acpi/q35/TPM2.crb.tpm2
create mode 100644 tests/data/acpi/virt/DSDT.crb-device.tpm2
create mode 100644 tests/data/acpi/virt/TPM2.crb-device.tpm2
--
2.41.0
next reply other threads:[~2023-11-14 2:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-14 2:09 Joelle van Dyne [this message]
2023-11-14 2:09 ` [PATCH v5 01/14] tpm_crb: refactor common code Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 02/14] tpm_crb: CTRL_RSP_ADDR is 64-bits wide Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 03/14] tpm_ppi: refactor memory space initialization Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 04/14] tpm_crb: use a single read-as-mem/write-as-mmio mapping Joelle van Dyne
2023-11-14 15:46 ` Stefan Berger
2023-11-14 2:09 ` [PATCH v5 05/14] tpm_crb: move ACPI table building to device interface Joelle van Dyne
2023-11-14 16:37 ` Stefan Berger
2023-11-14 16:44 ` Stefan Berger
2023-11-14 19:29 ` Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 06/14] tpm-sysbus: add plug handler for TPM on SysBus Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 07/14] hw/arm/virt: connect TPM to platform bus Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 08/14] hw/loongarch/virt: " Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 09/14] tpm_tis_sysbus: move DSDT AML generation to device Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 10/14] tests: acpi: prepare for TPM CRB tests Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 11/14] tpm_crb_sysbus: introduce TPM CRB SysBus device Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 12/14] tests: acpi: implement TPM CRB tests for ARM virt Joelle van Dyne
2023-11-14 9:36 ` Marc-André Lureau
2023-11-14 13:04 ` Stefan Berger
2023-11-14 18:03 ` Stefan Berger
2023-11-14 21:05 ` Stefan Berger
2023-11-15 0:12 ` Stefan Berger
2023-11-24 0:56 ` Joelle van Dyne
2023-11-24 16:17 ` Stefan Berger
2023-11-24 16:21 ` Joelle van Dyne
2023-11-24 16:26 ` Stefan Berger
2023-11-25 2:39 ` Joelle van Dyne
2023-11-27 14:12 ` Stefan Berger
2023-11-14 2:09 ` [PATCH v5 13/14] tests: acpi: updated expected blobs for TPM CRB Joelle van Dyne
2023-11-14 2:09 ` [PATCH v5 14/14] tests: add TPM-CRB sysbus tests for aarch64 Joelle van Dyne
2023-11-14 9:38 ` [PATCH v5 00/14] tpm: introduce TPM CRB SysBus device Marc-André Lureau
2023-11-14 19:25 ` Joelle van Dyne
2023-11-20 8:29 ` Marc-André Lureau
2023-11-20 15:01 ` Stefan Berger
2024-04-30 11:54 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231114020927.62315-1-j@getutm.app \
--to=j@getutm.app \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).