From: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: "Ian.Campbell@citrix.com" <Ian.Campbell@citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [PATCH 4/4] stubdom/vtpm: Support multiple backends and locality
Date: Thu, 29 Nov 2012 14:09:49 -0500 [thread overview]
Message-ID: <50B7B2FD.5080205@jhuapl.edu> (raw)
In-Reply-To: <1354029286-17652-5-git-send-email-dgdegra@tycho.nsa.gov>
[-- Attachment #1.1: Type: text/plain, Size: 6005 bytes --]
Looks good. I'm actually kind of surprised that the emulator doesn't provide
an interface to set the requested locality.
Acked by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
On 11/27/2012 10:14 AM, Daniel De Graaf wrote:
> The vTPM protocol now contains a field allowing the locality of a
> command to be specified; pass this to the TPM when processing a packet.
> This also enables a single vTPM to provide multiple tpmback interfaces
> so that several closely related domains can share a vTPM (for example, a
> qemu device stubdom and its target domain).
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> stubdom/tpmemu-0.7.4.patch | 61 ++++++++++++++++++++++++++++++++++++++++++----
> stubdom/vtpm/vtpm.c | 16 +++---------
> 2 files changed, 59 insertions(+), 18 deletions(-)
>
> diff --git a/stubdom/tpmemu-0.7.4.patch b/stubdom/tpmemu-0.7.4.patch
> index b84eff1..31ace1a 100644
> --- a/stubdom/tpmemu-0.7.4.patch
> +++ b/stubdom/tpmemu-0.7.4.patch
> @@ -1,9 +1,60 @@
> -diff -Naur tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c tpm_emulator-x86_64/tpm/tpm_emulator_extern.c
> ---- tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c 2012-04-27 10:55:46.581963398 -0400
> -+++ tpm_emulator-x86_64/tpm/tpm_emulator_extern.c 2012-04-27 10:56:02.193034152 -0400
> -@@ -249,7 +249,7 @@
> +diff --git a/tpm/tpm_capability.c b/tpm/tpm_capability.c
> +index 60bbb90..f8f7f0f 100644
> +--- a/tpm/tpm_capability.c
> ++++ b/tpm/tpm_capability.c
> +@@ -949,6 +949,8 @@ static TPM_RESULT set_vendor(UINT32 subCap, BYTE *setValue,
> + UINT32 setValueSize, BOOL ownerAuth,
> + BOOL deactivated, BOOL disabled)
> + {
> ++ if (tpmData.stany.flags.localityModifier != 8)
> ++ return TPM_BAD_PARAMETER;
> + /* set the capability area with the specified data, on failure
> + deactivate the TPM */
> + switch (subCap) {
> +diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
> +index 288d1ce..9e1cfb4 100644
> +--- a/tpm/tpm_cmd_handler.c
> ++++ b/tpm/tpm_cmd_handler.c
> +@@ -4132,7 +4132,7 @@ void tpm_emulator_shutdown()
> + tpm_extern_release();
> + }
> +
> +-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size)
> ++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size, int locality)
> + {
> + TPM_REQUEST req;
> + TPM_RESPONSE rsp;
> +@@ -4140,7 +4140,9 @@ int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint3
> + UINT32 len;
> + BOOL free_out;
> +
> +- debug("tpm_handle_command()");
> ++ debug("tpm_handle_command(%d)", locality);
> ++ if (locality != -1)
> ++ tpmData.stany.flags.localityModifier = locality;
> +
> + /* we need the whole packet at once, otherwise unmarshalling will fail */
> + if (tpm_unmarshal_TPM_REQUEST((uint8_t**)&in, &in_size, &req) != 0) {
> +diff --git a/tpm/tpm_emulator.h b/tpm/tpm_emulator.h
> +index eed749e..4c228bd 100644
> +--- a/tpm/tpm_emulator.h
> ++++ b/tpm/tpm_emulator.h
> +@@ -59,7 +59,7 @@ void tpm_emulator_shutdown(void);
> + * its usage. In case of an error, all internally allocated memory
> + * is released and the the state of out and out_size is unspecified.
> + */
> +-int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size);
> ++int tpm_handle_command(const uint8_t *in, uint32_t in_size, uint8_t **out, uint32_t *out_size, int locality);
> +
> + #endif /* _TPM_EMULATOR_H_ */
> +
> +diff --git a/tpm/tpm_emulator_extern.c b/tpm/tpm_emulator_extern.c
> +index aabe6c3..440a01b 100644
> +--- a/tpm/tpm_emulator_extern.c
> ++++ b/tpm/tpm_emulator_extern.c
> +@@ -249,7 +249,7 @@ int (*tpm_read_from_storage)(uint8_t **data, size_t *data_length) = _tpm_read_fr
> #else /* TPM_NO_EXTERN */
> -
> +
> int (*tpm_extern_init)(void) = NULL;
> -int (*tpm_extern_release)(void) = NULL;
> +void (*tpm_extern_release)(void) = NULL;
> diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
> index c33e078..dcfc3b9 100644
> --- a/stubdom/vtpm/vtpm.c
> +++ b/stubdom/vtpm/vtpm.c
> @@ -141,8 +141,6 @@ int check_ordinal(tpmcmd_t* tpmcmd) {
>
> static void main_loop(void) {
> tpmcmd_t* tpmcmd = NULL;
> - domid_t domid; /* Domid of frontend */
> - unsigned int handle; /* handle of frontend */
> int res = -1;
>
> info("VTPM Initializing\n");
> @@ -162,15 +160,7 @@ static void main_loop(void) {
> goto abort_postpcrs;
> }
>
> - /* Wait for the frontend domain to connect */
> - info("Waiting for frontend domain to connect..");
> - if(tpmback_wait_for_frontend_connect(&domid, &handle) == 0) {
> - info("VTPM attached to Frontend %u/%u", (unsigned int) domid, handle);
> - } else {
> - error("Unable to attach to a frontend");
> - }
> -
> - tpmcmd = tpmback_req(domid, handle);
> + tpmcmd = tpmback_req_any();
> while(tpmcmd) {
> /* Handle the request */
> if(tpmcmd->req_len) {
> @@ -183,7 +173,7 @@ static void main_loop(void) {
> }
> /* If not disabled, do the command */
> else {
> - if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len, &tpmcmd->resp, &tpmcmd->resp_len)) != 0) {
> + if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len, &tpmcmd->resp, &tpmcmd->resp_len, tpmcmd->locality)) != 0) {
> error("tpm_handle_command() failed");
> create_error_response(tpmcmd, TPM_FAIL);
> }
> @@ -194,7 +184,7 @@ static void main_loop(void) {
> tpmback_resp(tpmcmd);
>
> /* Wait for the next request */
> - tpmcmd = tpmback_req(domid, handle);
> + tpmcmd = tpmback_req_any();
>
> }
>
[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 1459 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2012-11-29 19:09 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-20 16:11 [PATCH RFC] stubdom: Change vTPM shared page ABI Daniel De Graaf
2012-11-20 16:16 ` Fioravante, Matthew E.
2012-11-20 18:24 ` [PATCH] drivers/tpm-xen: " Daniel De Graaf
2012-11-23 11:04 ` [PATCH RFC] stubdom: " Ian Campbell
2012-11-23 16:15 ` Daniel De Graaf
2012-11-23 16:30 ` Ian Campbell
2012-11-23 17:37 ` Samuel Thibault
2012-11-26 13:03 ` Fioravante, Matthew E.
2012-11-26 13:11 ` Fioravante, Matthew E.
2012-11-28 20:46 ` Konrad Rzeszutek Wilk
2012-11-28 22:22 ` Matthew Fioravante
2012-11-29 7:53 ` Ian Campbell
2012-11-30 16:11 ` Konrad Rzeszutek Wilk
2012-11-27 14:38 ` Matthew Fioravante
2012-11-27 15:14 ` [PATCH 0/4] stubdom/vtpm improvements Daniel De Graaf
2012-11-27 15:14 ` [PATCH 1/4] stubdom: Change vTPM shared page ABI Daniel De Graaf
2012-11-27 21:29 ` Matthew Fioravante
2012-11-27 22:08 ` Daniel De Graaf
2012-11-29 14:14 ` Matthew Fioravante
2012-12-07 21:25 ` Konrad Rzeszutek Wilk
2012-12-10 9:58 ` Ian Campbell
2012-12-10 15:03 ` Matthew Fioravante
2012-11-27 15:14 ` [PATCH 2/4] stubdom/vtpm: Add reconfiguration support Daniel De Graaf
2012-11-27 16:44 ` Samuel Thibault
2012-11-29 18:53 ` Matthew Fioravante
2012-11-29 19:28 ` Daniel De Graaf
2012-11-29 19:47 ` Matthew Fioravante
2012-11-29 21:37 ` Samuel Thibault
2012-11-30 9:59 ` Ian Campbell
2012-11-27 15:14 ` [PATCH 3/4] stubdom/grub: send kernel measurements to vTPM Daniel De Graaf
2012-11-27 16:41 ` Samuel Thibault
2012-11-27 18:08 ` Matthew Fioravante
2012-11-27 18:36 ` Samuel Thibault
2012-11-27 18:53 ` Daniel De Graaf
2012-11-27 15:14 ` [PATCH 4/4] stubdom/vtpm: Support multiple backends and locality Daniel De Graaf
2012-11-27 16:42 ` Samuel Thibault
2012-11-27 18:19 ` Matthew Fioravante
2012-11-27 19:02 ` Daniel De Graaf
2012-11-27 19:48 ` Matthew Fioravante
2012-11-27 20:04 ` Samuel Thibault
2012-11-27 20:11 ` Daniel De Graaf
2012-11-27 20:21 ` Matthew Fioravante
2012-11-27 20:30 ` Daniel De Graaf
2012-11-27 20:34 ` Matthew Fioravante
2012-11-27 20:40 ` Daniel De Graaf
2012-11-27 22:16 ` [PATCH] stubdom/vtpm: make state save operation atomic Daniel De Graaf
2012-11-29 18:07 ` Matthew Fioravante
2012-11-29 20:24 ` Daniel De Graaf
2012-11-29 20:48 ` Matthew Fioravante
2012-11-28 21:58 ` [PATCH 4/4] stubdom/vtpm: Support multiple backends and locality Samuel Thibault
2012-11-29 19:09 ` Matthew Fioravante [this message]
2012-11-29 19:20 ` Daniel De Graaf
2012-11-27 16:46 ` [PATCH 0/4] stubdom/vtpm improvements Samuel Thibault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B7B2FD.5080205@jhuapl.edu \
--to=matthew.fioravante@jhuapl.edu \
--cc=Ian.Campbell@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).