[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH V3 0/8] Qemu Trusted Platform Module (TPM) integrati
|
From: |
Stefan Berger |
|
Subject: |
[Qemu-devel] [PATCH V3 0/8] Qemu Trusted Platform Module (TPM) integration |
|
Date: |
Tue, 12 Apr 2011 09:16:07 -0400 |
|
User-agent: |
quilt/0.48-1 |
The following series of patches adds a TPM (Trusted Platform Module)
TIS (TPM Interface Spec) interface to Qemu and with that provides
means to access a backend implementing the actual TPM functionality.
This frontend enables for example Linux's TPM TIS (tpm_tis) driver.
I am also posting the implementation of a backend implementation that is based
on a library (libtpms) providing TPM functionality. This library is currently
undergoing further testing and is not commonly available, yet.
The main purpose of me posting the libtpms-based backend patches now is to
show an example of how to integrate a backend with this TIS frontend. The
frontend is independent of the code in the backend and could be checked-in
separately, though will be of limited use as long as no backend is provided.
The backend driver for Xen, however, should be adapted to work with this
frontend's extensive interface.
My testing is all based on the libtpms-based backend that provides support for
VM suspend/resume, migration and snapshotting. It uses QCoW2 as the file
format for storing its persistent state onto, which is necessary for support
of snapshotting. Using Linux as the OS along with some recently posted patches
for the Linux TPM TIS driver, suspend/resume works fine (using 'virsh
save/restore') along with hibernation and OS suspend (ACPI S3).
Proper support for the TPM requires support in the BIOS since the BIOS
needs to initialize the TPM upon machine start or issue commands to the TPM
when it resumes from suspend (ACPI S3). It also builds and connects the
necessary ACPI tables (SSDT for TPM device, TCPA table for logging) to the
ones that are built by a BIOS. To support this I have fairly extensive
set of extensions for SeaBIOS that I posted to the SeaBIOS mailing list.
v3:
- Building a null driver at patch 5/8 that responds to all requests
with an error response; subsequently this driver is transformed to the
libtpms-based driver for real TPM functionality
- Reworked the threading; dropped the patch for qemu_thread_join; the
main thread synchronizing with the TPM thread termination may need
to write data to the block storage while waiting for the thread to
terminate; did not previously show a problem but is safer
- A lot of testing based on recent git checkout 4b4a72e5 (4/10):
- migration of i686 VM from x86_64 host to i686 host to ppc64 host while
running tests inside the VM
- tests with S3 suspend/resume
- tests with snapshots
- multiple-hour tests with VM suspend/resume (using virsh save/restore)
while running a TPM test suite inside the VM
All tests passed; [not all of them were done on the ppc64 host]
v2:
- splitting some of the patches into smaller ones for easier review
- fixes in individual patches
Regards,
Stefan
- [Qemu-devel] [PATCH V3 0/8] Qemu Trusted Platform Module (TPM) integration,
Stefan Berger <=
- [Qemu-devel] [PATCH V3 4/8] Add tpm_tis driver to build process, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 7/8] Implementation of the libtpms-based backend, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 8/8] Add block storage support for libtpms based TPM backend, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 1/8] Support for TPM command line options, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 3/8] Add persistent state handling to TPM TIS frontend driver, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 2/8] Add TPM (frontend) hardware interface (TPM TIS) to Qemu, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 5/8] Add a debug register, Stefan Berger, 2011/04/12
- [Qemu-devel] [PATCH V3 6/8] Add a TPM backend skeleton implementation, Stefan Berger, 2011/04/12