From nobody Mon Apr 29 05:16:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498759276568885.2979335582204; Thu, 29 Jun 2017 11:01:16 -0700 (PDT) Received: from localhost ([::1]:40663 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQdke-0003Vy-VS for importer@patchew.org; Thu, 29 Jun 2017 14:01:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34204) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQdju-0003E2-9M for qemu-devel@nongnu.org; Thu, 29 Jun 2017 14:00:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQdjr-0008C2-6u for qemu-devel@nongnu.org; Thu, 29 Jun 2017 14:00:26 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:36608) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQdjq-0008BG-U9 for qemu-devel@nongnu.org; Thu, 29 Jun 2017 14:00:23 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5THwgAD083102 for ; Thu, 29 Jun 2017 14:00:20 -0400 Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bd40j70gy-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 14:00:20 -0400 Received: from localhost by e32.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 12:00:19 -0600 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e32.co.us.ibm.com (192.168.1.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 12:00:17 -0600 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TI0Fke62455814; Thu, 29 Jun 2017 11:00:17 -0700 Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 20B2BC604F; Thu, 29 Jun 2017 12:00:17 -0600 (MDT) Received: from sbct-3.watson.ibm.com (unknown [9.2.141.158]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP id D0654C6047; Thu, 29 Jun 2017 12:00:16 -0600 (MDT) From: Stefan Berger To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 14:00:15 -0400 X-Mailer: git-send-email 2.5.5 X-TM-AS-GCONF: 00 x-cbid: 17062918-0004-0000-0000-0000127B037A X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007294; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000214; SDB=6.00880488; UDB=6.00438940; IPR=6.00660639; BA=6.00005447; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016011; XFM=3.00000015; UTC=2017-06-29 18:00:18 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062918-0005-0000-0000-00008000DAB0 Message-Id: <1498759215-25382-1-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_12:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290290 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH] specs: Describe the TPM support in QEMU X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, javierm@redhat.com, Stefan Berger Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This patch adds a description of the current TPM support in QEMU to the specs. Several public specs are referenced via their landing page on the trustedcomputinggroup.org website. Signed-off-by: Stefan Berger --- docs/specs/tpm.txt | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 98 insertions(+) create mode 100644 docs/specs/tpm.txt diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt new file mode 100644 index 0000000..6472989 --- /dev/null +++ b/docs/specs/tpm.txt @@ -0,0 +1,98 @@ + +QEMU TPM Device +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +=3D Guest-side Hardware Interface =3D + +The QEMU TPM emulation implements a TPM TIS hardware interface following +the Trusted Computing Group's specification "TCG PC Client Specific TPM +Interface Specification (TIS)", Specifcation Version 1.3, 21 March 2013. +This specification, or a later version of it, can be accessed from the +following URL: + +https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-= tpm-interface-specification-tis/ + +The TIS interface makes a memory mapped IO region in the area 0xfed40000 - +0xfed44fff available to the guest operating system. + + +QEMU files related to TPM TIS interfaceL + - hw/tpm/tpm_tis.c + - hw/tpm/tpm_tis.h + + +=3D ACPI Interface =3D + +The TPM device is defined with ACPI ID "PNP0C31". QEMU builds a SSDT and p= asses +it into the guest through the fw_cfg device. The device description contai= ns +the base address of the TIS interface 0xfed40000 and the size of the MMIO = area +(0x5000). In case a TPM2 is used by QEMU, a TPM2 ACPI table is also provid= ed. +The device is described to be used in polling mode rather than interrupt m= ode +primarily because no unused IRQ could be found. + +To support measurement logs to be written by the firmware, e.g. SeaBIOS, a= TCPA +table is implemented. This table provides a 64kb buffer where the firmware= can +write its log into. For TPM 2 only a more recent version of the TPM2 table +provides support for measurements logs and a TCPA table does not need to be +created. + +The TCPA and TPM2 ACPI tables follow the Trusted Computing Group specifica= tion +"TCG ACPI Specification" Family "1.2" and "2.0", Level 00 Revision 00.37. = This +specification, or a later version of it, can be accessed from the following +URL: + +https://trustedcomputinggroup.org/tcg-acpi-specification/ + + +QEMU files related to TPM ACPI tables: + - hw/i386/acpi-build.c + - include/hw/acpi/tpm.h + + +=3D TPM backend devices =3D + +The TPM implementation is split into two parts, frontend and backend.=20 +The frontend part is the hardware interface, such as the TPM TIS interface +described earlier, and the other part is the TPM backend interface. The +backend interfaces implement the interaction with a TPM device, +which may be a physical or an emulated device. The split between the front- +and backend devices allows a frontend to be connected with any available +backend. This enables the TIS interface to be used with the passthrough +backend or the swtpm backend. + + +QEMU file related to TPM backends: + - backends/tpm.c + - include/sysemu/tpm_backend.h + - include/sysemu/tpm_backend_int.h + + +=3D=3D The QEMU TPM passthrough device =3D=3D + +In case QEMU is run on Linux as the host operating system it is possible to +make the hardware TPM device available to a single QEMU guest. In this cas= e the +user must make sure that no other program is using the device, e.g., /dev/= tpm0, +before trying to start QEMU with it. + +The passthrough driver uses the host's TPM device for sending TPM commands +and receiving responses from. Besides that it accesses the TPM device's sy= sfs +entry for support of command cancellation. Since none of the state of a ha= rdware +TPM can be migrated between hosts, virtual machine migration is disabled w= hen +the TPM passthrough driver is used. + +Since the host's TPM device will already be initialize by the host's firmw= are, +certain commands, e.g. TPM_Startup(), sent by the virtual firmware for dev= ice +initialization, will fail. In this case the firmware should simply not use= the +TPM. + +Sharing the device with the host is generally not a recommended usage scen= ario +for a TPM device. The primary reason for this is that two operating system= s can +then access the device's single set of resources, such as platform configu= ration +registers (PCRs). Applications or kernel security subsystems, such as the +Linux Integrity Measurement Architecture (IMA), are not expecting to share= PCRs. + + +QEMU files related to TPM passthrough device: + - hw/tpm/tpm_passthrough.c + - hw/tpm/tpm_util.c + - hw/tpm/tpm_util.h --=20 2.5.5