From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:44862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QzIUg-0006Tp-76 for qemu-devel@nongnu.org; Thu, 01 Sep 2011 21:24:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QzIUf-0000Ac-7W for qemu-devel@nongnu.org; Thu, 01 Sep 2011 21:24:30 -0400 Received: from e39.co.us.ibm.com ([32.97.110.160]:55487) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QzIUe-0000AY-WF for qemu-devel@nongnu.org; Thu, 01 Sep 2011 21:24:29 -0400 Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e39.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id p82195MN002238 for ; Thu, 1 Sep 2011 19:09:05 -0600 Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p821ORxe192938 for ; Thu, 1 Sep 2011 19:24:27 -0600 Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p821UFEX024200 for ; Thu, 1 Sep 2011 19:30:15 -0600 Message-ID: <4E60304A.4040204@linux.vnet.ibm.com> Date: Thu, 01 Sep 2011 21:24:26 -0400 From: Stefan Berger MIME-Version: 1.0 References: <20110831143551.127339744@linux.vnet.ibm.com> <20110831143621.194691516@linux.vnet.ibm.com> <20110901172726.GG10989@redhat.com> In-Reply-To: <20110901172726.GG10989@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH V8 07/14] Implementation of the libtpms-based backend List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" Cc: chrisw@redhat.com, anbang.ruan@cs.ox.ac.uk, qemu-devel@nongnu.org, rrelyea@redhat.com, alevy@redhat.com, andreas.niederl@iaik.tugraz.at, serge@hallyn.com On 09/01/2011 01:27 PM, Michael S. Tsirkin wrote: > On Wed, Aug 31, 2011 at 10:35:58AM -0400, Stefan Berger wrote: >> This patch provides the glue for the TPM TIS interface (frontend) to >> the libtpms that provides the actual TPM functionality. >> >> Some details: >> >> This part of the patch provides support for the spawning of a thread >> that will interact with the libtpms-based TPM. It expects a signal >> from the frontend to wake and pick up the TPM command that is supposed >> to be processed and delivers the response packet using a callback >> function provided by the frontend. >> >> The backend connects itself to the frontend by filling out an interface >> structure with pointers to the function implementing support for various >> operations. >> >> In this part a structure with callback functions is registered with >> libtpms. Those callback functions are invoked by libtpms for example to >> store the TPM's state. >> >> The libtpms-based backend implements functionality to write into a >> Qemu block storage device rather than to plain files. With that we >> can support VM snapshotting and we also get the possibility to use >> encrypted QCoW2 for free. Thanks to Anthony for pointing this out. >> The storage part of the driver has been split off into its own patch. >> >> v6: >> - cache a copy of the last permanent state blob >> - move some functions into tpm_builtin.h >> - reworked parts of the error path handling where the TPM is >> now used to process commands under error conditions and the callbacks >> make the TPM aware of the error conditions. Only as the last resort >> fault messages are sent by the backend driver circumventing the TPM. >> - add out_len variable used in the thread >> >> v5: >> - check access() to TPM's state file and report error if file is not >> accessible >> >> v3: >> - temporarily deactivate the building of the tpm_builtin.c until >> subsequent patch completely converts it to the libtpms based driver >> >> v2: >> - fixes to adhere to the qemu coding style >> >> >> Signed-off-by: Stefan Berger >> >> --- >> configure | 1 >> hw/tpm_builtin.c | 450 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- >> hw/tpm_builtin.h | 56 ++++++ >> 3 files changed, 482 insertions(+), 25 deletions(-) >> >> Index: qemu-git/hw/tpm_builtin.c >> =================================================================== >> --- qemu-git.orig/hw/tpm_builtin.c >> +++ qemu-git/hw/tpm_builtin.c >> @@ -1,5 +1,5 @@ >> /* >> - * builtin 'null' TPM driver >> + * builtin TPM driver based on libtpms > Just wondering - might a stub driver be useful for > basic testing on systems without TPM hardware? 'systems without TPM hardware' -- we're not relying on underlying TPM provided by the host. But I assume that's not what you meant. A 'null' driver, which responds to every command with an error response, is added in patch 13. > The namespace comment applies to this and all other patches. > In patch 6 I am adding a skeleton backend driver that I am transforming into the libtpms-based backend in patch 7. I didn't name the file tpm_skeleton.c but already tpm_builtin.c and all functions already start with the prefix tpm_builtin. This presumably makes it easier to review since the 'meat' is added in part 7 and unnecessary function name changes are avoided. The null driver later on and the passthrough driver (posted by Andreas Niederl) all can be derived rather easily from that initial skeleton driver. In those we do adhere to the namespace requirement. Stefan