Hello Stefan,
Thanks a lot for the summary, it's very informative. I've a question below.
On 06/27/2017 06:12 PM, Stefan Berger wrote:
QEMU TPM Device
===============
= Guest-side Hardware Interface =
The QEMU TPM emulation implements a TPM TIS hardware interface following
the Trusted Computing Group's specification "TCG PC Client Specific TPM
Interface Specification (TIS)", Specifcation Version 1.3, 21 March 2013.
This specification, or a later version of it, can be accessed from the
following URL:
https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
The TIS interface makes a memory mapped IO region in the area 0xfed40000 -
0xfed44fff available to the guest operating system.
Besides the TIS interface, the TPM2.0 spec defines a CRB (Command Response
Buffer Interface) as described in the "TCG PC Client Platform TPM Profile
(PTP) Specification Family 2.0, Level 00 Revision 00.43, January 26, 2015"
https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2-0-v43-150126.pdf
= TPM backend devices =
The TPM implementation is split into two parts. The one part is the hardware
interface, such as the TPM TIS interface described earlier, and the TPM backend
interface. The backend interfaces implement the interaction with a TPM device,
which may be a physical or an emulated device. The split between the front-
and backend devices allows a frontend to be connected with any available
backend. This enables the TIS interface to be used with the passthrough backend
or the (future) swtpm backend.
So we will need another TPM interface that implements the CRB interface? I
have a machine with the Intel PTT TPM2.0 (firmware-based implemented in ME)
that uses this CRB interface instead of TIS1.2 + cancel, so libvirt fails:
Error starting domain: internal error: No usable sysfs TPM cancel file could be
found
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in
cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in
newfn
ret = fn(self, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1479, in startup
self._backend.create()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1039, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: No usable sysfs TPM cancel file could be found
The Linux kernel exposes either a TIS or CRB interface depending on what is
filled in the TPM2 ACPI table "Start Method" field as specified in "TCG ACPI
Specification Family 1.2 and 2.0 Version 1.2, Revision 8 February 27, 2017"
https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification-Family-1.2-and-2.0-Ver1.2-Rev8_public-revie....pdf
Best regards,