From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:39359) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SCe9S-0005zN-DJ for qemu-devel@nongnu.org; Tue, 27 Mar 2012 17:42:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SCe9P-0005mT-KH for qemu-devel@nongnu.org; Tue, 27 Mar 2012 17:42:01 -0400 Received: from mail-ob0-f173.google.com ([209.85.214.173]:36941) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SCe9P-0005lh-CZ for qemu-devel@nongnu.org; Tue, 27 Mar 2012 17:41:59 -0400 Received: by obbwd20 with SMTP id wd20so432357obb.4 for ; Tue, 27 Mar 2012 14:41:57 -0700 (PDT) Message-ID: <4F723422.6030803@codemonkey.ws> Date: Tue, 27 Mar 2012 16:41:54 -0500 From: Anthony Liguori MIME-Version: 1.0 References: <1332879879-29460-1-git-send-email-stefanb@linux.vnet.ibm.com> <1332879879-29460-6-git-send-email-stefanb@linux.vnet.ibm.com> In-Reply-To: <1332879879-29460-6-git-send-email-stefanb@linux.vnet.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH V15 5/7] Add a TPM Passthrough backend driver implementation List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Berger Cc: mst@redhat.com, qemu-devel@nongnu.org, andreas.niederl@iaik.tugraz.at On 03/27/2012 03:24 PM, Stefan Berger wrote: > From Andreas Niederl's original posting with adaptations where necessary: > > This patch is based of off version 9 of Stefan Berger's patch series > "Qemu Trusted Platform Module (TPM) integration" > and adds a new backend driver for it. > > This patch adds a passthrough backend driver for passing commands sent to the > emulated TPM device directly to a TPM device opened on the host machine. > > Thus it is possible to use a hardware TPM device in a system running on QEMU, > providing the ability to access a TPM in a special state (e.g. after a Trusted > Boot). > > This functionality is being used in the acTvSM Trusted Virtualization Platform > which is available on [1]. > > Usage example: > qemu-system-x86_64 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \ > -device tpm-tis,tpmdev=tpm0 \ > -cdrom test.iso -boot d > > Some notes about the host TPM: > The TPM needs to be enabled and activated. If that's not the case one > has to go through the BIOS/UEFI and enable and activate that TPM for TPM > commands to work as expected. > It may be necessary to boot the kernel using tpm_tis.force=1 in the boot > command line or 'modprobe tpm_tis force=1' in case of using it as a module. > > Regards, > Andreas Niederl, Stefan Berger > > [1] http://trustedjava.sourceforge.net/ > > Signed-off-by: Andreas Niederl > Signed-off-by: Stefan Berger > --- > Makefile.target | 3 +- > configure | 3 + > hw/tpm_backend.c | 58 +++++++ > hw/tpm_backend.h | 43 +++++ > hw/tpm_passthrough.c | 419 ++++++++++++++++++++++++++++++++++++++++++++++++++ > qemu-options.hx | 37 +++++- > tpm.c | 17 ++ > tpm.h | 33 ++++ > 8 files changed, 611 insertions(+), 2 deletions(-) > create mode 100644 hw/tpm_backend.c > create mode 100644 hw/tpm_backend.h > create mode 100644 hw/tpm_passthrough.c > > diff --git a/Makefile.target b/Makefile.target > index 7cb4588..7af3593 100644 > --- a/Makefile.target > +++ b/Makefile.target > @@ -221,7 +221,8 @@ obj-$(CONFIG_NO_KVM) += kvm-stub.o > obj-$(CONFIG_VGA) += vga.o > obj-y += memory.o savevm.o > obj-y += tpm.o > -obj-$(CONFIG_TPM) += tpm_tis.o > +obj-$(CONFIG_TPM) += tpm_tis.o tpm_backend.o > +obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o > LIBS+=-lz > > obj-i386-$(CONFIG_KVM) += hyperv.o > diff --git a/configure b/configure > index c728b89..6395f06 100755 > --- a/configure > +++ b/configure > @@ -3847,6 +3847,9 @@ fi > > if test "$tpm" = "yes"; then > if test "$target_softmmu" = "yes" ; then > + if test "$linux" = "yes" ; then > + echo "CONFIG_TPM_PASSTHROUGH=y">> $config_target_mak > + fi > echo "CONFIG_TPM=y">> $config_host_mak > fi > fi > diff --git a/hw/tpm_backend.c b/hw/tpm_backend.c > new file mode 100644 > index 0000000..4cf0809 > --- /dev/null > +++ b/hw/tpm_backend.c > @@ -0,0 +1,58 @@ > +/* > + * common TPM backend driver functions > + * > + * Copyright (c) 2012 IBM Corporation > + * Authors: > + * Stefan Berger > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see > + */ > + > +#include "tpm.h" > +#include "qemu-thread.h" > +#include "hw/tpm_backend.h" > + > +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt) > +{ > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD, NULL); > +} > + > +void tpm_backend_thread_create(TPMBackendThread *tbt, > + GFunc func, gpointer user_data) > +{ > + if (!tbt->pool) { > + tbt->pool = g_thread_pool_new(func, user_data, 1, TRUE, NULL); > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL); > + } > +} > + > +void tpm_backend_thread_end(TPMBackendThread *tbt) > +{ > + if (tbt->pool) { > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_END, NULL); > + g_thread_pool_free(tbt->pool, FALSE, TRUE); > + tbt->pool = NULL; > + } > +} > + > +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, > + GFunc func, gpointer user_data) > +{ > + if (!tbt->pool) { > + tpm_backend_thread_create(tbt, func, user_data); > + } else { > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET, > + NULL); > + } > +} > diff --git a/hw/tpm_backend.h b/hw/tpm_backend.h > new file mode 100644 > index 0000000..f5fe198 > --- /dev/null > +++ b/hw/tpm_backend.h > @@ -0,0 +1,43 @@ > +/* > + * common TPM backend driver functions > + * > + * Copyright (c) 2012 IBM Corporation > + * Authors: > + * Stefan Berger > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see > + */ > + > +#ifndef HW_TPM_BACKEND_H > +#define HW_TPM_BACKEND_H > + > +typedef struct TPMBackendThread { > + GThreadPool *pool; > +} TPMBackendThread; > + > +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt); > +void tpm_backend_thread_create(TPMBackendThread *tbt, > + GFunc func, gpointer user_data); > +void tpm_backend_thread_end(TPMBackendThread *tbt); > +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, > + GFunc func, gpointer user_data); > + > +typedef enum TPMBackendCmd { > + TPM_BACKEND_CMD_INIT = 1, > + TPM_BACKEND_CMD_PROCESS_CMD, > + TPM_BACKEND_CMD_END, > + TPM_BACKEND_CMD_TPM_RESET, > +} TPMBackendCmd; > + > +#endif /* HW_TPM_BACKEND_H */ > diff --git a/hw/tpm_passthrough.c b/hw/tpm_passthrough.c > new file mode 100644 > index 0000000..dee7418 > --- /dev/null > +++ b/hw/tpm_passthrough.c > @@ -0,0 +1,419 @@ > +/* > + * passthrough TPM driver > + * > + * Copyright (c) 2010, 2011 IBM Corporation > + * Authors: > + * Stefan Berger > + * > + * Copyright (C) 2011 IAIK, Graz University of Technology > + * Author: Andreas Niederl > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see > + */ > + > +#include "qemu-common.h" > +#include "qemu-error.h" > +#include "tpm.h" > +#include "hw/hw.h" > +#include "hw/tpm_tis.h" > +#include "hw/tpm_backend.h" > +#include "hw/pc.h" > + > +/* #define DEBUG_TPM */ > + > +#ifdef DEBUG_TPM > +#define dprintf(fmt, ...) \ > + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) > +#else > +#define dprintf(fmt, ...) \ > + do { } while (0) > +#endif > + > +/* data structures */ > + > +typedef struct TPMPassthruThreadParams { > + TPMState *tpm_state; > + > + TPMRecvDataCB *recv_data_callback; > + TPMBackend *tb; > +} TPMPassthruThreadParams; > + > +struct TPMPassthruState { > + QemuThread thread; > + TPMBackendThread tbt; > + > + TPMPassthruThreadParams tpm_thread_params; > + > + char *tpm_dev; > + int tpm_fd; > + bool had_startup_error; > +}; > + > +#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" > + > +/* borrowed from qemu-char.c */ Sharing code is better than borrowing code :-) Regards, Anthony Liguori