From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: Kevin O'Connor <kevin@koconnor.net>
Cc: seabios@seabios.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [SeaBIOS] [PATCH V5 0/9] Add TPM support to SeaBIOS
Date: Thu, 07 Jul 2011 07:48:29 -0400 [thread overview]
Message-ID: <4E159D0D.3040701@linux.vnet.ibm.com> (raw)
In-Reply-To: <20110706225805.GA24189@morn.localdomain>
On 07/06/2011 06:58 PM, Kevin O'Connor wrote:
> On Wed, Jul 06, 2011 at 12:31:58PM -0400, Stefan Berger wrote:
>> The following set of patches add TPM and Trusted Computing support to SeaBIOS.
>> In particular the patches add:
>>
>> - a TPM driver for the Qemu's TPM TIS emulation (not yet in Qemu git)
>> - ACPI support for the TPM device (SSDT table)
>> - ACPI support for measurement logging (TCPA table)
>> - Support for initialzation of the TPM
>> - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb])
>> (used by trusted grub; http://trousers.sourceforge.net/grub.html)
>> - Static Root of Trusted for Measurement (SRTM) support
>> - Support for S3 resume (sends command to TPM upon resume)
>> - TPM-specific menu for controlling aspects of the TPM
>> - [An optional test suite for the TIS interface]
>>
>> All implementations necessarily follow specifications.
> ...
>
> Thanks Stefan.
>
> Where does this stand with respect to QEmu integration?
Qemu integration is at least 'working' for me - it's just lacking
review/attention on the Qemu mailing list.
> BTW, I don't think patch 7 or 9 really make sense to integrate in the
> official version of SeaBIOS. Also, in patch 8, I'd prefer to see all
> new fw_cfg entries use the "romfile" mechanism.
Patch 7 is the menu. This patch is needed in 'some form' since in some
cases, like after giving up ownership of the TPM, the TPM becomes
disabled and deactivated and one has to interact with the BIOS to
activate and enable it again. Other scenarios include someone who has
forgotten the owner password for the TPM and now has to go through the
BIOS to give up ownership of it -- that's the only way one can do this then.
I'll have a look at the 'romfile' mechanism for patch 8.
I only post patch 9 for someone who is interested to be able to run the
tests. Since the 128kb are slowly filling up, it's not going to be
compilable with it for much longer and I don't expect it to go into the
repo.
Thanks for the feedback.
Stefan
> -Kevin
next prev parent reply other threads:[~2011-07-07 11:48 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-06 16:31 [Qemu-devel] [PATCH V5 0/9] Add TPM support to SeaBIOS Stefan Berger
2011-07-06 16:31 ` [Qemu-devel] [PATCH V5 1/9] Add an implementation of a TPM TIS driver Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 2/9] Provide ACPI SSDT table for TPM device + S3 resume support Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 3/9] Add public get_rsdp function Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 4/9] Implementation of the TCG BIOS extensions Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 5/9] Support for BIOS interrupt handler Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 6/9] Add measurement code to the BIOS Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 7/9] Add a menu for TPM control Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 8/9] Support for Qemu-provided measurements Stefan Berger
2011-07-06 16:32 ` [Qemu-devel] [PATCH V5 9/9] Optional tests for the TIS interface Stefan Berger
2011-07-06 22:58 ` [Qemu-devel] [SeaBIOS] [PATCH V5 0/9] Add TPM support to SeaBIOS Kevin O'Connor
2011-07-07 11:48 ` Stefan Berger [this message]
2011-07-07 12:43 ` Kevin O'Connor
2011-07-07 15:22 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E159D0D.3040701@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=kevin@koconnor.net \
--cc=qemu-devel@nongnu.org \
--cc=seabios@seabios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).