Re: [Qemu-devel] [PATCH 0/5] Extend TPM support with a QEMU-external TPM

[Stefan Berger <stefanb@linux.vnet.ibm.com>]

On 04/16/2015 09:35 AM, Igor Mammedov wrote:
> On Wed, 15 Apr 2015 18:38:43 -0400
> Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
>
>> The following series of patches extends TPM support with an
>> external TPM that offers a Linux CUSE (character device in userspace)
>> interface. This TPM lets each VM access its own private vTPM.
>> The CUSE TPM supports suspend/resume and migration. Much
>> out-of-band functionality necessary to control the CUSE TPM is
>> implemented using ioctl's.
>>
>> The series extends the TPM support so far that most functionality of
>> TPM support on a physical platform is now available to each x86 VM,
>> this includes the Physical Presence Interface support that has
>> its counter-part in the SeaBIOS and is implemented using ACPI.
>>
>> http://www.seabios.org/pipermail/seabios/2015-March/008978.html
> is it already merged?

No, not yet. :-(

>
> Is it possible to use MMIO region instead of allocating tpm_ppi_anchor
> and tpm_ppi in BIOS memory?

MMIO region of what? Of the TIS? The TIS doesn't have memory locations 
'just to keep bytes' and they would be cleared upon machine reset / reboot.

The purpose of the PPI interface is to leave an opcode for the BIOS to 
act upon after a reset. So we have to write it into memory that doesn't 
get cleared upon reboot. Also, the BIOS leaves a result in memory so we 
can read the result code in the OS via sysfs entry.

I had previously tried using NVRAM of the TPM to leave that opcode (and 
result) , but this doesn't work well due to protection restrictions of 
the TPM's NVRAM locations and using the Linux TSS for example non-root 
users could then write an opcode into the NVRAM of the TPM (there are 
TPM commands to write to the TPM's NVRAM locations and tpm-tools has 
tools to write to these locations) that the machine then ends up acting 
upon without the admin of the machine wanting that. So, that's not a 
choice, either.


> That would simplify BIOS part a bit and significantly simplify ACPI code
> as most of it is dealing with figuring out address of tpm_ppi.

Wished it would, but I don't see a way to make it easier.

So the first time one looks into the sysfs ppi entries [on Linux] it may 
take a few seconds until the anchor is found. Subsequently the memory 
location is cached and operations  go a lot faster.

    Stefan

>>
>> Stefan Berger (5):
>>    Provide support for the CUSE TPM
>>    Support Physical Presence Interface Spec
>>    Introduce condition to notifiy waiters of completed command
>>    Introduce condition in TPM backend for notification
>>    Add support for VM suspend/resume for TPM TIS
>>
>>   hmp.c                        |   6 +
>>   hw/i386/acpi-tpm-core.dsl    | 277 +++++++++++++++++++++++++++++
>>   hw/i386/acpi-tpm2.dsl        |  27 +++
>>   hw/i386/q35-acpi-dsdt.dsl    |   1 +
>>   hw/i386/ssdt-tpm.dsl         |  12 +-
>>   hw/tpm/tpm_int.h             |   4 +
>>   hw/tpm/tpm_ioctl.h           | 178 +++++++++++++++++++
>>   hw/tpm/tpm_passthrough.c     | 410 +++++++++++++++++++++++++++++++++++++++++--
>>   hw/tpm/tpm_tis.c             | 152 +++++++++++++++-
>>   hw/tpm/tpm_tis.h             |   2 +
>>   hw/tpm/tpm_util.c            | 206 ++++++++++++++++++++++
>>   hw/tpm/tpm_util.h            |   7 +
>>   include/sysemu/tpm_backend.h |  12 ++
>>   qapi-schema.json             |  17 +-
>>   qemu-options.hx              |  21 ++-
>>   qmp-commands.hx              |   2 +-
>>   tpm.c                        |  11 +-
>>   17 files changed, 1316 insertions(+), 29 deletions(-)
>>   create mode 100644 hw/i386/acpi-tpm-core.dsl
>>   create mode 100644 hw/i386/acpi-tpm2.dsl
>>   create mode 100644 hw/tpm/tpm_ioctl.h
>>