[v1] tpm: Extend TPM with state migration support

[Qemu-devel] [PATCH v5.2 for 2.13 0/4] tpm: Extend TPM with state migration support

Posted by Stefan Berger 7 years, 7 months ago

This series of patches implements support for migrating the state of the
external 'swtpm' TPM emulator as well as that of the TIS interface. 

For testing of TPM 2 (migration) please use the following git repos and
branches:

libtpms: 
   - repo: https://github.com/stefanberger/libtpms
   - branch: tpm2-preview.rev146.v2

swtpm:
   - repo: https://github.com/stefanberger/swtpm
   - branch: tpm2-preview.rev146.v2

Regards,
  Stefan

Changes:
 v4->v5:
   - followed Marc-André's and Alan's comments where possible; some comments
     were not addressed and reasons posted to mailing list
   - converted debug statements to tracing
   - qemu_chr_fe_read_all does not return errno, so displaying expected versus
     received number of bytes rather than strerror(errno)
   - added test cases
   - added documentation for migration to docs/spec/tpm.txt

 v3->v4:
   - dropped the size limit enforcement on blobs received from the swtpm
   - the .post_load migration function requires errno's to be returned.
     -> some of the functions have been converted to return a better errno


Stefan Berger (4):
  tpm: extend TPM emulator with state migration support
  tpm: extend TPM TIS with state migration support
  docs: tpm: add VM save/restore example and troubleshooting guide
  tpm: Add test cases that uses the external swtpm with CRB interface

 docs/specs/tpm.txt         | 106 +++++++++++++++
 hw/tpm/tpm_emulator.c      | 318 +++++++++++++++++++++++++++++++++++++++++++--
 hw/tpm/tpm_tis.c           |  52 +++++++-
 hw/tpm/trace-events        |   9 +-
 tests/Makefile.include     |   3 +
 tests/tpm-crb-swtpm-test.c | 244 ++++++++++++++++++++++++++++++++++
 tests/tpm-util.c           | 143 ++++++++++++++++++++
 tests/tpm-util.h           |  36 +++++
 8 files changed, 897 insertions(+), 14 deletions(-)
 create mode 100644 tests/tpm-crb-swtpm-test.c
 create mode 100644 tests/tpm-util.c
 create mode 100644 tests/tpm-util.h

-- 
2.5.5

Re: [Qemu-devel] [PATCH v5.2 for 2.13 0/4] tpm: Extend TPM with state migration support

Posted by Dr. David Alan Gilbert 7 years, 7 months ago

* Stefan Berger (stefanb@linux.vnet.ibm.com) wrote:
> This series of patches implements support for migrating the state of the
> external 'swtpm' TPM emulator as well as that of the TIS interface. 
> 
> For testing of TPM 2 (migration) please use the following git repos and
> branches:
> 
> libtpms: 
>    - repo: https://github.com/stefanberger/libtpms
>    - branch: tpm2-preview.rev146.v2
> 
> swtpm:
>    - repo: https://github.com/stefanberger/swtpm
>    - branch: tpm2-preview.rev146.v2

I don't see that branch in the swtpm tree:
[dgilbert@dgilbert-t530 swtpm]$ git branch -a
* (HEAD detached at origin/master)
  master
  remotes/origin/HEAD -> origin/master
  remotes/origin/coverity_scan
  remotes/origin/master
  remotes/origin/master.next
  remotes/origin/tpm2-preview
  remotes/origin/tpm2-preview.v2

(I need to untangle my system libtpms from that specific version to get it to build as
well)

Dave

> Regards,
>   Stefan
> 
> Changes:
>  v4->v5:
>    - followed Marc-André's and Alan's comments where possible; some comments
>      were not addressed and reasons posted to mailing list
>    - converted debug statements to tracing
>    - qemu_chr_fe_read_all does not return errno, so displaying expected versus
>      received number of bytes rather than strerror(errno)
>    - added test cases
>    - added documentation for migration to docs/spec/tpm.txt
> 
>  v3->v4:
>    - dropped the size limit enforcement on blobs received from the swtpm
>    - the .post_load migration function requires errno's to be returned.
>      -> some of the functions have been converted to return a better errno
> 
> 
> Stefan Berger (4):
>   tpm: extend TPM emulator with state migration support
>   tpm: extend TPM TIS with state migration support
>   docs: tpm: add VM save/restore example and troubleshooting guide
>   tpm: Add test cases that uses the external swtpm with CRB interface
> 
>  docs/specs/tpm.txt         | 106 +++++++++++++++
>  hw/tpm/tpm_emulator.c      | 318 +++++++++++++++++++++++++++++++++++++++++++--
>  hw/tpm/tpm_tis.c           |  52 +++++++-
>  hw/tpm/trace-events        |   9 +-
>  tests/Makefile.include     |   3 +
>  tests/tpm-crb-swtpm-test.c | 244 ++++++++++++++++++++++++++++++++++
>  tests/tpm-util.c           | 143 ++++++++++++++++++++
>  tests/tpm-util.h           |  36 +++++
>  8 files changed, 897 insertions(+), 14 deletions(-)
>  create mode 100644 tests/tpm-crb-swtpm-test.c
>  create mode 100644 tests/tpm-util.c
>  create mode 100644 tests/tpm-util.h
> 
> -- 
> 2.5.5
> 
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v5.2 for 2.13 0/4] tpm: Extend TPM with state migration support

Posted by Stefan Berger 7 years, 7 months ago

On 03/21/2018 04:04 PM, Dr. David Alan Gilbert wrote:
> * Stefan Berger (stefanb@linux.vnet.ibm.com) wrote:
>> This series of patches implements support for migrating the state of the
>> external 'swtpm' TPM emulator as well as that of the TIS interface.
>>
>> For testing of TPM 2 (migration) please use the following git repos and
>> branches:
>>
>> libtpms:
>>     - repo: https://github.com/stefanberger/libtpms
>>     - branch: tpm2-preview.rev146.v2
>>
>> swtpm:
>>     - repo: https://github.com/stefanberger/swtpm
>>     - branch: tpm2-preview.rev146.v2
> I don't see that branch in the swtpm tree:
> [dgilbert@dgilbert-t530 swtpm]$ git branch -a
> * (HEAD detached at origin/master)
>    master
>    remotes/origin/HEAD -> origin/master
>    remotes/origin/coverity_scan
>    remotes/origin/master
>    remotes/origin/master.next
>    remotes/origin/tpm2-preview
>    remotes/origin/tpm2-preview.v2

It's this one. Above is type.

Thanks for the reviews.

    Stefan

>
> (I need to untangle my system libtpms from that specific version to get it to build as
> well)
>
> Dave
>
>> Regards,
>>    Stefan
>>
>> Changes:
>>   v4->v5:
>>     - followed Marc-André's and Alan's comments where possible; some comments
>>       were not addressed and reasons posted to mailing list
>>     - converted debug statements to tracing
>>     - qemu_chr_fe_read_all does not return errno, so displaying expected versus
>>       received number of bytes rather than strerror(errno)
>>     - added test cases
>>     - added documentation for migration to docs/spec/tpm.txt
>>
>>   v3->v4:
>>     - dropped the size limit enforcement on blobs received from the swtpm
>>     - the .post_load migration function requires errno's to be returned.
>>       -> some of the functions have been converted to return a better errno
>>
>>
>> Stefan Berger (4):
>>    tpm: extend TPM emulator with state migration support
>>    tpm: extend TPM TIS with state migration support
>>    docs: tpm: add VM save/restore example and troubleshooting guide
>>    tpm: Add test cases that uses the external swtpm with CRB interface
>>
>>   docs/specs/tpm.txt         | 106 +++++++++++++++
>>   hw/tpm/tpm_emulator.c      | 318 +++++++++++++++++++++++++++++++++++++++++++--
>>   hw/tpm/tpm_tis.c           |  52 +++++++-
>>   hw/tpm/trace-events        |   9 +-
>>   tests/Makefile.include     |   3 +
>>   tests/tpm-crb-swtpm-test.c | 244 ++++++++++++++++++++++++++++++++++
>>   tests/tpm-util.c           | 143 ++++++++++++++++++++
>>   tests/tpm-util.h           |  36 +++++
>>   8 files changed, 897 insertions(+), 14 deletions(-)
>>   create mode 100644 tests/tpm-crb-swtpm-test.c
>>   create mode 100644 tests/tpm-util.c
>>   create mode 100644 tests/tpm-util.h
>>
>> -- 
>> 2.5.5
>>
>>
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
>