From nobody Sun Feb 8 14:59:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1653672869; cv=none; d=zohomail.com; s=zohoarc; b=dz6Y42KfQ/fNq/i/1MaCz+6sUca3wdnzRBk2cj1CSE1nyy3guysaNRayiyCznLz/avPx6tvtHWclxTliFbtDRzUEKDeLZLTzQahRfN4HdM3+lLaqij2kETvsQs02pcnL0pabTq7t3qVrdVlc8LwYXz8WpLj7tCd/PZZQvCqrKQI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653672869; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=D6YdRQMv3VULE0nMONEX420nT6WznZDEwf3Hvi9gPEs=; b=ga+6QNXRj4pTqppbEGmwFgJcIryIGFq3dc+cf6jNbsX0oDau4VgX5d4buCrbX0FF/ElJUVX9vPjlwRbD9z4LqERZkIGio7bheaKARdSn+VBsmWsR32W/BpPoqUg/11zA1idyHliLmzq/43BO3If4dB4FBADDdNHAal9kt8c1+kE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1653672869587384.7836802421282; Fri, 27 May 2022 10:34:29 -0700 (PDT) Received: from localhost ([::1]:36126 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nudr2-0002rc-CV for importer@patchew.org; Fri, 27 May 2022 13:34:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33334) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nudoa-0001FX-UH for qemu-devel@nongnu.org; Fri, 27 May 2022 13:31:57 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:18390) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nudoY-0004lu-LP for qemu-devel@nongnu.org; Fri, 27 May 2022 13:31:56 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24RHAEEU024651 for ; Fri, 27 May 2022 17:31:51 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3gb2hs8fcr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 May 2022 17:31:51 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 24RHFGjE012145 for ; Fri, 27 May 2022 17:31:50 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3gb2hs8f66-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 27 May 2022 17:31:49 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 24RHCBYm014546; Fri, 27 May 2022 17:31:09 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma03dal.us.ibm.com with ESMTP id 3g93uu2j6b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 27 May 2022 17:31:09 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 24RHV89B6029950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 27 May 2022 17:31:08 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6520EB205F; Fri, 27 May 2022 17:31:08 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4DDD1B206B; Fri, 27 May 2022 17:31:08 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Fri, 27 May 2022 17:31:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=D6YdRQMv3VULE0nMONEX420nT6WznZDEwf3Hvi9gPEs=; b=WkRv7jZHznxuztGFhHcR1nPYZJ9TeB5QTujy1/0JFVW6aBKxnsER27e3gIpQtUTX+2vR kfbD1aBsXuYbEDQGIuFqrsv8ldE7DGu9x3YGe9GU8u5Id/Rk5d4liOzPjHI6rLsbiJc4 DrL9pPADPiD4NVC5NSVC8ahGWNhnygchemT7giM6F0QNhOLEN8pRmPOhBbJ9VOeaYBjf 7Q+m/omF/38sHO2KjvlqYN0y+SZvP7L65qytTHzp5NvUYiGPUb6lQsnTMdRD/zbtn7eT M5ldWfW+aQptyCSYfQGcbiQ6yMDkwiCDF71JIv0z9fUtkeU6k5jBlybyE+8A51HBkaXv DA== From: Stefan Berger To: qemu-devel@nongnu.org, marcandre.lureau@redhat.com Cc: Stefan Berger Subject: [PATCH 1/2] backends/tpm: Record the last command sent to the TPM Date: Fri, 27 May 2022 13:30:57 -0400 Message-Id: <20220527173058.226210-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220527173058.226210-1-stefanb@linux.ibm.com> References: <20220527173058.226210-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: dGtyWSWkAGwaXySSmX1R8mEUEMzOpY7s X-Proofpoint-GUID: Lq52bIE76sRrgiHJLthjZBpRH5dp3BdT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-27_05,2022-05-27_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 priorityscore=1501 bulkscore=0 phishscore=0 spamscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 mlxscore=0 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2205270085 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=stefanb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1653672870018100001 Content-Type: text/plain; charset="utf-8" Record the last command sent to the TPM. Knowing the last command sent to a TPM 2 will allow us to determine whether we need to send a TPM2_Shutdown() command when the VM is reset. Signed-off-by: Stefan Berger --- backends/tpm/tpm_emulator.c | 9 +++++++++ backends/tpm/tpm_util.c | 9 +++++++++ include/sysemu/tpm_util.h | 3 +++ 3 files changed, 21 insertions(+) diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c index 87d061e9bb..89ecb04a2a 100644 --- a/backends/tpm/tpm_emulator.c +++ b/backends/tpm/tpm_emulator.c @@ -81,6 +81,8 @@ struct TPMEmulator { unsigned int established_flag_cached:1; =20 TPMBlobBuffers state_blobs; + + uint32_t last_command; /* last command sent to TPM */ }; =20 struct tpm_error { @@ -155,6 +157,12 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_= emu, { ssize_t ret; bool is_selftest =3D false; + uint32_t command; + + command =3D tpm_util_get_ordinal(in, in_len); + if (command !=3D TPM_ORDINAL_NONE) { + tpm_emu->last_command =3D command; + } =20 if (selftest_done) { *selftest_done =3D false; @@ -910,6 +918,7 @@ static void tpm_emulator_inst_init(Object *obj) =20 tpm_emu->options =3D g_new0(TPMEmulatorOptions, 1); tpm_emu->cur_locty_number =3D ~0; + tpm_emu->last_command =3D TPM_ORDINAL_NONE; qemu_mutex_init(&tpm_emu->mutex); =20 vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, diff --git a/backends/tpm/tpm_util.c b/backends/tpm/tpm_util.c index a6e6d3e72f..28284940f0 100644 --- a/backends/tpm/tpm_util.c +++ b/backends/tpm/tpm_util.c @@ -103,6 +103,15 @@ bool tpm_util_is_selftest(const uint8_t *in, uint32_t = in_len) return false; } =20 +uint32_t tpm_util_get_ordinal(const uint8_t *in, uint32_t in_len) +{ + if (in_len >=3D sizeof(struct tpm_req_hdr)) { + return tpm_cmd_get_ordinal(in); + } + + return TPM_ORDINAL_NONE; +} + /* * Send request to a TPM device. We expect a response within one second. */ diff --git a/include/sysemu/tpm_util.h b/include/sysemu/tpm_util.h index 08f05172a7..7fc238b2a0 100644 --- a/include/sysemu/tpm_util.h +++ b/include/sysemu/tpm_util.h @@ -29,6 +29,9 @@ void tpm_util_write_fatal_error_response(uint8_t *out, ui= nt32_t out_len); =20 bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len); =20 +uint32_t tpm_util_get_ordinal(const uint8_t *in, uint32_t in_len); +#define TPM_ORDINAL_NONE 0x0 + int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version); =20 static inline uint16_t tpm_cmd_get_tag(const void *b) --=20 2.35.3 From nobody Sun Feb 8 14:59:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1653673071; cv=none; d=zohomail.com; s=zohoarc; b=FeGJjYzSQd2bBVTelIiMQZMsOWjZXtNnADkJE6MFNnpDWyqW8I9mhiArSSWeHEeX8SUSuN5Xbbj0How7k7Z5bYU4WyJMbZFC8PLgCOpTkxqYlSyV90Io7gafw0cwQCDvv1aGhDjXesJFgoMAqL+aBQTJftN3YnOrCJqXj6MUY4k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1653673071; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=EzfYsV6AlEHKAFjXxbPrdaK1EDhzGL8JEz+fWnyW/l0=; b=bOmV1fx8Uw6914OkWgZtCTHTEANogbA5/9hEPTjXlqV3kVjR/t085oX98MkWHbGqdVfnHI+LQXDxLej0rrzo60eupnaX1ciLI74XTFEJ0tBIYDsYfaYuY4V3xRzPmfsG38k2gOHSGLeiwS9fUD2i4MvpHfiYiM+VfDxmEABGJgA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1653673071501490.5979655184334; Fri, 27 May 2022 10:37:51 -0700 (PDT) Received: from localhost ([::1]:38546 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nuduI-0004i5-Cw for importer@patchew.org; Fri, 27 May 2022 13:37:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34010) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nudsk-0003x1-0Y for qemu-devel@nongnu.org; Fri, 27 May 2022 13:36:14 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35022) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nudsi-0005OI-8C for qemu-devel@nongnu.org; Fri, 27 May 2022 13:36:13 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24RHEEQi025017 for ; Fri, 27 May 2022 17:36:11 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3gb2v48ba9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 May 2022 17:36:10 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 24RHWKZa017606 for ; Fri, 27 May 2022 17:36:10 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3gb2v48b9x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 27 May 2022 17:36:10 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 24RHDJtS004439; Fri, 27 May 2022 17:31:09 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma01dal.us.ibm.com with ESMTP id 3g93v9ak3t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 27 May 2022 17:31:09 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 24RHV8IU4195156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 27 May 2022 17:31:08 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 73E01B206A; Fri, 27 May 2022 17:31:08 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 668FBB2068; Fri, 27 May 2022 17:31:08 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Fri, 27 May 2022 17:31:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pp1; bh=EzfYsV6AlEHKAFjXxbPrdaK1EDhzGL8JEz+fWnyW/l0=; b=dB1zQGhbOVEUUXUnJABLOtjVV/78Ex2t/3i2YcENMalcklWhhUyAUFoOmhstem1espzs I7QKd9+0lDPFahZ/3DgF9vI5BKfBUycfRh4KdzhnQCTclyIC+bS4GCEXTJIg4QoY6IrZ Tn7cPq+htvFimN1lZZzN+saT3YhXRwC/zlkHCGYj4IMBR/c4aN6xvob3hWZwZMMwA2u4 5WxtW2iLuAT9GBZawITU/Dgp07gnWc/LutOeAAxegb6usNXC7Pd7on+y8JgwwnjlORzx MLRljDusN0NbMQPpY+vJ3ydz+1cAdoEz1FgTFPWYWD9RBzgkiW+vcr07ZKFoYBJGpUVe hw== From: Stefan Berger To: qemu-devel@nongnu.org, marcandre.lureau@redhat.com Cc: Stefan Berger Subject: [PATCH 2/2] backends/tpm: Send TPM2_Shutdown upon VM reset Date: Fri, 27 May 2022 13:30:58 -0400 Message-Id: <20220527173058.226210-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220527173058.226210-1-stefanb@linux.ibm.com> References: <20220527173058.226210-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: _Vff29IKuxb6Yyl5UxkRbZ12QPJ1L3am X-Proofpoint-GUID: JaNvN94g3Ftq9Rf21DyOkEit2qPkdyU- Content-Transfer-Encoding: quoted-printable X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-27_04,2022-05-27_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 priorityscore=1501 mlxlogscore=999 clxscore=1015 spamscore=0 mlxscore=0 phishscore=0 impostorscore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2205270085 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=stefanb@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1653673072256100001 Content-Type: text/plain; charset="utf-8" Send a TPM2_Shutdown(TPM2_SU_CLEAR) command to the TPM emulator when the VM is reset. However, this is only necessary for a TPM 2 and only if the TPM2_Shutdown command has not been sent by the VM as the last command as it would do under normal circumstances. Further, it also doesn't need to be sent if the VM was just started. This fixes a bug where well-timed VM resets may trigger the TPM 2's dictionary attack lockout logic due to the TPM 2 not having received a TPM2_Shutdown command when it was reset. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=3D2087538 Signed-off-by: Stefan Berger --- backends/tpm/tpm_emulator.c | 35 +++++++++++++++++++++++++++++++++++ backends/tpm/tpm_int.h | 3 +++ backends/tpm/trace-events | 1 + 3 files changed, 39 insertions(+) diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c index 89ecb04a2a..c928d7abd1 100644 --- a/backends/tpm/tpm_emulator.c +++ b/backends/tpm/tpm_emulator.c @@ -389,8 +389,43 @@ err_exit: return -1; } =20 +static void tpm_emulator_send_tpm2_shutdown(TPMEmulator *tpm_emu) +{ + const struct tpm2_shutdown { + struct tpm_req_hdr hdr; + uint16_t shutdownType; + } tpm2_shutdown_clear =3D { + .hdr =3D { + .tag =3D cpu_to_be16(TPM2_ST_NO_SESSIONS), + .len =3D cpu_to_be32(sizeof(tpm2_shutdown_clear)), + .ordinal =3D cpu_to_be32(TPM2_CC_Shutdown), + }, + .shutdownType =3D cpu_to_be16(TPM2_SU_CLEAR), + }; + Error *local_err =3D NULL; + uint8_t result[10]; + + trace_tpm_emulator_send_tpm2_shutdown(tpm_emu->last_command); + + if (tpm_emulator_unix_tx_bufs(tpm_emu, (uint8_t *)&tpm2_shutdown_clear, + sizeof(tpm2_shutdown_clear), + result, sizeof(result), + NULL, &local_err) < 0) { + error_report_err(local_err); + } +} + static int tpm_emulator_startup_tpm(TPMBackend *tb, size_t buffersize) { + TPMEmulator *tpm_emu =3D TPM_EMULATOR(tb); + + /* In case of VM reset we may need to send a TPM2_Shutdown command */ + if (tpm_emu->tpm_version =3D=3D TPM_VERSION_2_0 && + tpm_emu->last_command !=3D TPM_ORDINAL_NONE && + tpm_emu->last_command !=3D TPM2_CC_Shutdown) { + tpm_emulator_send_tpm2_shutdown(tpm_emu); + } + return tpm_emulator_startup_tpm_resume(tb, buffersize, false); } =20 diff --git a/backends/tpm/tpm_int.h b/backends/tpm/tpm_int.h index ba6109306e..2730d4ff02 100644 --- a/backends/tpm/tpm_int.h +++ b/backends/tpm/tpm_int.h @@ -64,6 +64,7 @@ struct tpm_resp_hdr { /* TPM2 defines */ #define TPM2_ST_NO_SESSIONS 0x8001 =20 +#define TPM2_CC_Shutdown 0x00000145 #define TPM2_CC_ReadClock 0x00000181 #define TPM2_CC_GetCapability 0x0000017a =20 @@ -71,6 +72,8 @@ struct tpm_resp_hdr { =20 #define TPM2_PT_MAX_COMMAND_SIZE 0x11e =20 +#define TPM2_SU_CLEAR 0x0 + #define TPM_RC_INSUFFICIENT 0x9a #define TPM_RC_FAILURE 0x101 #define TPM_RC_LOCALITY 0x907 diff --git a/backends/tpm/trace-events b/backends/tpm/trace-events index 3298766dd7..cd16d41804 100644 --- a/backends/tpm/trace-events +++ b/backends/tpm/trace-events @@ -31,3 +31,4 @@ tpm_emulator_set_state_blobs_error(const char *msg) "erro= r while setting state b tpm_emulator_set_state_blobs_done(void) "Done setting state blobs" tpm_emulator_pre_save(void) "" tpm_emulator_inst_init(void) "" +tpm_emulator_send_tpm2_shutdown(uint32_t ord) "Sending TPM2_Shutdown(TPM2_= SU_CLEAR); last ordinal from VM was: 0x%08x" --=20 2.35.3