From: root <address@hidden>
The following series of patches adds TPM (Trusted Platform Module) support
to QEMU. An emulator for the TIS (TPM Interface Spec) interface is
added that provides the basis for accessing a 'backend' implementing the actual
TPM functionality. The TIS emulator serves as a 'frontend' enabling for
example Linux's TPM TIS (tpm_tis) driver.
In this series I am posting a backend implementation that makes use of the
host's TPM through a passthrough driver, which on Linux is accessed
using /dev/tpm0.
v27:
- applies to checkout of ee24aaf35 (Feb. 26)
- reverted changes to command line parameters in v26
v26:
- applies to checkout of ee24aaf35 (Feb. 26)
- addressed comments from Corey Bryant on v25
- fixed -device command line parameter to require 'id' and dropped 'tpmdev'
v25:
- applies to checkout of 7d2a929fe (Feb. 21)
- addressed comments from Corey Bryant on v24
- some build nits
v24:
- applies to checkout of 7d2a929fe (Feb. 19)
- addressed comments from Andreas Faerber on v23
- added filtering for QMP query-tpm-models/types to only show those
models and types that are active; each active model/type registers
v23:
- applies to checkout of 571f65ec2 (Feb. 14)
- addressed comments from Corey Bryant on v22
v22:
- applies to checkout of 571f65ec2 (Feb. 14)
- addressed comments from Corey Bryant and Eric Blake on v21
v21:
- applies to checkout of 70ef6a5b7 (Feb. 7)
- addressed comments from Corey Bryant and Luiz Capitulino on v20
- adapted code to new directory structure:
- split tpm.h into public part in include/tpm/tpm.h
and private part in tpm/tpm_int.h
- all TPM code is now in tpm/ directory
v20:
- applies to checkout of v1.3.0 (6d6c9f59, Dec. 3)
- addressed comments from Corey Bryant on v19
- introduced support for canceling commands
v19:
- applies to checkout of 8cc9b43 (Jun 4)
v18:
- applies to checkout of 563987d (May 1)
- removed some dead variable in 7/7
v17:
- applies to checkout of 6507470 (Apr 30)
- split up path and fd into two optional parameters
v16:
- applied to checkout of 42fe1c2 (Apr 27)
- followed Anthony's suggestions for v15
- changed qemu-options.hx and vl.c to not show anything TPM-related if
--enable-tpm-passthrough was not used on configure line
v15:
- applies to checkout of 8a22565 (Mar 27)
- replacing g_malloc's with g_new; no more checks for NULL after allocs
- introducing usage of bottom half in TIS frontend to deliver responses
- get rid of locks since global lock is held by all threads entering TIS
code
- cleanups
v14:
- applies to checkout of da5361c (Dec 12)
- implemented Anthony Liguori's suggestions
- dropping the version log on individual patches
v13:
- applies to checkout of 61a5872 (Dec 12)
- only allowing character devices as fd parameter
- fixing error path in tpm_tis_init
v12:
- applies to checkout of ebffe2a (Oct 11)
- added documentation for fd parameter
- nits
v11:
- applies to checkout of 46f3069 (Sep 28)
- some filing on the documentation
- small nits fixed
v10:
- applies to checkout of 1ce9ce6 (Sep 27)
- addressed Michael Tsirkin's comments on v9
v9:
- addressed Michael Tsirkin's and other reviewers' comments
- only posting Andreas Niederl's passthrough driver as the backend driver
v8:
- applies to checkout of f0fb8b7 (Aug 30)
- fixing compilation error pointed out by Andreas Niederl
- adding patch that allows to feed an initial state into the libtpms TPM
- following memory API changes (glib) where necessary
v7:
- applies to checkout of b9c6cbf (Aug 9)
- measuring the modules if multiboot is used
- coding style fixes
v6:
- applies to checkout of 75ef849 (July 2nd)
- some fixes and improvements to existing patches; see individual patches
- added a patch with a null driver responding to all TPM requests with
a response indicating failure; this backend has no dependencies and
can alwayy be built;
- added a patch to support the hashing of kernel, ramfs and command line
if those were passed to Qemu using -kernel, -initrd and -append
respectively. Measurements are taken, logged, and passed to SeaBIOS using
the firmware interface.
- libtpms revision 7 now requires 83kb of block storage due to having more
NVRAM space
v5:
- applies to checkout of 1fddfba1
- adding support for split command line using the -tpmdev ... -device ...
options while keeping the -tpm option
- support for querying the device models using -tpm model=?
- support for monitor 'info tpm'
- adding documentation of command line options for man page and web page
- increasing room for ACPI tables that qemu reserves to 128kb (from 64kb)
- adding (experimental) support for block migration
- adding (experimental) support for taking measurements when kernel,
initrd and kernel command line are directly passed to Qemu
v4:
- applies to checkout of d2d979c6
- more coding style fixes
- adding patch for supporting blob encryption (in addition to the existing
QCoW2-level encryption)
- this allows for graceful termination of a migration if the target
is detected to have a wrong key
- tested with big and little endian hosts
- main thread releases mutex while checking for work to do on behalf of
backend
- introducing file locking (fcntl) on the block layer for serializing access
to shared (QCoW2) files (used during migration)
v3:
- Building a null driver at patch 5/8 that responds to all requests
with an error response; subsequently this driver is transformed to the
libtpms-based driver for real TPM functionality
- Reworked the threading; dropped the patch for qemu_thread_join; the
main thread synchronizing with the TPM thread termination may need
to write data to the block storage while waiting for the thread to
terminate; did not previously show a problem but is safer
- A lot of testing based on recent git checkout 4b4a72e5 (4/10):
- migration of i686 VM from x86_64 host to i686 host to ppc64 host while
running tests inside the VM
- tests with S3 suspend/resume
- tests with snapshots
- multiple-hour tests with VM suspend/resume (using virsh save/restore)
while running a TPM test suite inside the VM
All tests passed; [not all of them were done on the ppc64 host]
v2:
- splitting some of the patches into smaller ones for easier review
- fixes in individual patches
Regards,
Stefan
Stefan Berger (7):
Support for TPM command line options
Add TPM (frontend) hardware interface (TPM TIS) to QEMU
Add a debug register
Build the TPM frontend code
Add a TPM Passthrough backend driver implementation
Add support for cancelling of a TPM command
Build TPM passthrough for i386 and x86_64 targets
Makefile.objs | 1 +
configure | 11 +
default-configs/i386-softmmu.mak | 2 +
default-configs/x86_64-softmmu.mak | 2 +
hmp-commands.hx | 2 +
hmp.c | 44 ++
hmp.h | 1 +
include/qemu/sockets.h | 1 +
include/tpm/tpm.h | 21 +
monitor.c | 8 +
qapi-schema.json | 104 +++++
qemu-char.c | 24 +
qemu-options.hx | 74 +++
qmp-commands.hx | 18 +
tpm/Makefile.objs | 6 +
tpm/tpm.c | 357 ++++++++++++++
tpm/tpm_backend.c | 58 +++
tpm/tpm_backend.h | 45 ++
tpm/tpm_int.h | 116 +++++
tpm/tpm_passthrough.c | 530 +++++++++++++++++++++
tpm/tpm_tis.c | 929 +++++++++++++++++++++++++++++++++++++
tpm/tpm_tis.h | 80 ++++
vl.c | 42 ++
23 files changed, 2476 insertions(+)
create mode 100644 include/tpm/tpm.h
create mode 100644 tpm/Makefile.objs
create mode 100644 tpm/tpm.c
create mode 100644 tpm/tpm_backend.c
create mode 100644 tpm/tpm_backend.h
create mode 100644 tpm/tpm_int.h
create mode 100644 tpm/tpm_passthrough.c
create mode 100644 tpm/tpm_tis.c
create mode 100644 tpm/tpm_tis.h