From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:51639) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qen4Q-0008Ba-2q for qemu-devel@nongnu.org; Thu, 07 Jul 2011 07:48:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qen4O-0003sT-E3 for qemu-devel@nongnu.org; Thu, 07 Jul 2011 07:48:37 -0400 Received: from e31.co.us.ibm.com ([32.97.110.149]:34099) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qen4O-0003s0-26 for qemu-devel@nongnu.org; Thu, 07 Jul 2011 07:48:36 -0400 Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e31.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id p67BVIcu003533 for ; Thu, 7 Jul 2011 05:31:18 -0600 Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id p67BmUWJ155994 for ; Thu, 7 Jul 2011 05:48:30 -0600 Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p67BruI7014060 for ; Thu, 7 Jul 2011 05:53:56 -0600 Message-ID: <4E159D0D.3040701@linux.vnet.ibm.com> Date: Thu, 07 Jul 2011 07:48:29 -0400 From: Stefan Berger MIME-Version: 1.0 References: <20110706163158.459850865@linux.vnet.ibm.com> <20110706225805.GA24189@morn.localdomain> In-Reply-To: <20110706225805.GA24189@morn.localdomain> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [SeaBIOS] [PATCH V5 0/9] Add TPM support to SeaBIOS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin O'Connor Cc: seabios@seabios.org, qemu-devel@nongnu.org On 07/06/2011 06:58 PM, Kevin O'Connor wrote: > On Wed, Jul 06, 2011 at 12:31:58PM -0400, Stefan Berger wrote: >> The following set of patches add TPM and Trusted Computing support to SeaBIOS. >> In particular the patches add: >> >> - a TPM driver for the Qemu's TPM TIS emulation (not yet in Qemu git) >> - ACPI support for the TPM device (SSDT table) >> - ACPI support for measurement logging (TCPA table) >> - Support for initialzation of the TPM >> - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) >> (used by trusted grub; http://trousers.sourceforge.net/grub.html) >> - Static Root of Trusted for Measurement (SRTM) support >> - Support for S3 resume (sends command to TPM upon resume) >> - TPM-specific menu for controlling aspects of the TPM >> - [An optional test suite for the TIS interface] >> >> All implementations necessarily follow specifications. > ... > > Thanks Stefan. > > Where does this stand with respect to QEmu integration? Qemu integration is at least 'working' for me - it's just lacking review/attention on the Qemu mailing list. > BTW, I don't think patch 7 or 9 really make sense to integrate in the > official version of SeaBIOS. Also, in patch 8, I'd prefer to see all > new fw_cfg entries use the "romfile" mechanism. Patch 7 is the menu. This patch is needed in 'some form' since in some cases, like after giving up ownership of the TPM, the TPM becomes disabled and deactivated and one has to interact with the BIOS to activate and enable it again. Other scenarios include someone who has forgotten the owner password for the TPM and now has to go through the BIOS to give up ownership of it -- that's the only way one can do this then. I'll have a look at the 'romfile' mechanism for patch 8. I only post patch 9 for someone who is interested to be able to run the tests. Since the 128kb are slowly filling up, it's not going to be compilable with it for much longer and I don't expect it to go into the repo. Thanks for the feedback. Stefan > -Kevin