From nobody Wed May 15 02:47:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1682444923; cv=none; d=zohomail.com; s=zohoarc; b=k/MktgkOMOWEDsAj+wbqG8w6CUl0//axWea1NAU24jdt+EF8JUU/Zke3ayhHBzFKGBhQFyvcwnsBY2h0kMAs/o1htmr1w+z/YMS+hF9fNK6OsNMB9HF60upLg9PnZOCUeUokr+9ErmQUO3C+Py7Nz1ujlVVR+iI9VtHUhl69ZAA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1682444923; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=fxgJpLSyNnVi1qGWsR1jfD9dMXxQEpRQSepet3weNSk=; b=kdbHBHe4/6Prwgb/bmeoSIQ4QCTpVs/EvZsne0fI7I83fh2v0lNS8fsc9WlBClS81yFVzfupQ0D5s2a1jhqHR3TkQR/PVwnKIW+crQHPMijUChwtxR3tQlIqfBuO7soKZ60DTiusKOiDWIlvJn0oPu4lhwjsUcEJHossq5DTyTc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1682444923893327.3098020349531; Tue, 25 Apr 2023 10:48:43 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.526272.817929 (Exim 4.92) (envelope-from ) id 1prMlt-0004Y3-UF; Tue, 25 Apr 2023 17:48:09 +0000 Received: by outflank-mailman (output) from mailman id 526272.817929; Tue, 25 Apr 2023 17:48:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prMlt-0004Va-Qq; Tue, 25 Apr 2023 17:48:09 +0000 Received: by outflank-mailman (input) for mailman id 526272; Tue, 25 Apr 2023 17:48:08 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prMls-0004QK-PX for xen-devel@lists.xenproject.org; Tue, 25 Apr 2023 17:48:08 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 565722ed-e391-11ed-b223-6b7b168915f2; Tue, 25 Apr 2023 19:48:07 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 565722ed-e391-11ed-b223-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1682444887; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=iJpmjT8+u6Su+cj0ubRBWk9TtvgNO4TNYN5OVbKekIY=; b=CDb6I9NCCHFbW6lkynZmkTbzed73zFGUKijFKsophjiBr5lkMbT6fLmW GTnkdFdRHhWNXAWybF1KMg6rixG+CrxpiRTTTfx7Nz/i8Tmurx/Nc76ae tvyZq8dEtL70sk/jAPvdtRGDgzEa4fPXxEjSrQoSRbszqj0rcXb7/gO3N 0=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 107228331 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:s8ZtY6M134e3B4DvrR2sl8FynXyQoLVcMsEvi/4bfWQNrUoi0DxWy mIdWmHTMvbfN2v8eYp1bt6+8kgCscTRzdBgHAto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6jufQAOKnUoYoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9SuvPrRC9H5qyo42tE5AFmPpingXeF/5UrJMNHTU2OByOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0sFWCntWq KNBERkuMzKG3sKK4pGyUfY506zPLOGzVG8eknRpzDWfBvc6W5HTBa7N4Le03h9p2JoIR6yHI ZNEN3w2Nk+ojx5nYz/7DLo8keGuh3fyaXtYpUifqLAry2PS0BZwwP7mN9+9ltmiHJ0KxBzI/ Tmfl4j/KgMiPYS1mR+ly3mphtfzxwPHCbojLLLto5aGh3XMnzdOWXX6T2CTo/S/jE+wVsgZK 0EO8Cc0sYA59VCxXp/2WBjQiG6JuFsQVsRdF8U+6RqR0ezE7gCBHG8GQzVdLts8u6ceRzYny 1uIlNPBHiF0vfueTnf1y1uPhWrsY25PdzZEPHJaC1JfuLEPvb3fkDrob915CPPq1+TcOmzSx mmqkAodjq4M2JtjO7qAwbzXv969jsGXHlRut1iPAzLNAhBRP9D8OdHxgbTPxbMZddvCEAHc1 JQRs5LGhN3iG61hg8BkrA8lOLiyr8iIPzTH6bKEN8lwrm/9k5JPkG053d2fGKuKGpxeEdMRS BWP0T69HbcKVJdQUYd5YpiqF+MhxrX6GNLuW5j8N4QeOMMvLVXXrX8yNCZ8OlwBd2B9+ZzTx L/BKZr8ZZrkIf8PIMWKqxc1juZwm3FWKZL7TpHn1RW3uYejiIquYe5dajOmN7lphJ5oVS2Jq 76zwePWkUQAOAA/CwGLmbMuwacidilnVMum+5wGL4Zu4GNOQQkcNhMY+pt5E6QNokifvr6Sl p1hcie0EGbCuEA= IronPort-HdrOrdr: A9a23:9cToN6rVnreKx2BQs2LYTuoaV5oReYIsimQD101hICG8cqSj9v xG+85rrCMc6QxhI03I9urwW5VoLUmyyXcx2/h0AV7AZniBhILLFvAB0WKK+VSJcEeSmtK1l5 0QFJSWYOeAdWSS5vyb3ODXKbgdKaG8gcWVuds= X-Talos-CUID: =?us-ascii?q?9a23=3ANYV+kWr6vCz21SQOK+7PduvmUecEeWfFkSiJGma?= =?us-ascii?q?bVERsEZ2pa3yZ47wxxg=3D=3D?= X-Talos-MUID: 9a23:nnLlyASu02I8yS5URXT+vDg6HpdNw52lDUA1rc8mh5i8BBR/bmI= X-IronPort-AV: E=Sophos;i="5.99,226,1677560400"; d="scan'208";a="107228331" From: Jennifer Herbert To: , Xen-devel CC: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jennifer Herbert Subject: [PATCH v3 1/2] acpi: Make TPM version configurable. Date: Tue, 25 Apr 2023 17:47:32 +0000 Message-ID: <20230425174733.795961-2-jennifer.herbert@citrix.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230425174733.795961-1-jennifer.herbert@citrix.com> References: <20230425174733.795961-1-jennifer.herbert@citrix.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1682444924801100003 Content-Type: text/plain; charset="utf-8" This patch makes the TPM version, for which the ACPI libary probes, configu= rable. If acpi_config.tpm_verison is set to 1, it indicates that 1.2 (TCPA) should= be probed. I have also added to hvmloader an option to allow setting this new config, = which can be triggered by setting the platform/tpm_version xenstore key. Signed-off-by: Jennifer Herbert Reviewed-by: Jason Andryuk --- docs/misc/xenstore-paths.pandoc | 9 +++++ tools/firmware/hvmloader/util.c | 19 ++++++--- tools/libacpi/build.c | 69 +++++++++++++++++++-------------- tools/libacpi/libacpi.h | 3 +- 4 files changed, 64 insertions(+), 36 deletions(-) diff --git a/docs/misc/xenstore-paths.pandoc b/docs/misc/xenstore-paths.pan= doc index 5cd5c8a3b9..e67e164855 100644 --- a/docs/misc/xenstore-paths.pandoc +++ b/docs/misc/xenstore-paths.pandoc @@ -269,6 +269,15 @@ at the guest physical address in HVM_PARAM_VM_GENERATI= ON_ID_ADDR. See Microsoft's "Virtual Machine Generation ID" specification for the circumstances where the generation ID needs to be changed. =20 + +#### ~/platform/tpm_version =3D INTEGER [HVM,INTERNAL] + +The TPM version to be probed for. + +A value of 1 indicates to probe for TPM 1.2. +A value of 0 or an invalid value will result in no TPM being probed. +If unset, a default of 1 is assumed. + ### Frontend device paths =20 Paravirtual device frontends are generally specified by their own diff --git a/tools/firmware/hvmloader/util.c b/tools/firmware/hvmloader/uti= l.c index 581b35e5cf..f39a8e584f 100644 --- a/tools/firmware/hvmloader/util.c +++ b/tools/firmware/hvmloader/util.c @@ -994,13 +994,22 @@ void hvmloader_acpi_build_tables(struct acpi_config *= config, if ( !strncmp(xenstore_read("platform/acpi_laptop_slate", "0"), "1", 1= ) ) config->table_flags |=3D ACPI_HAS_SSDT_LAPTOP_SLATE; =20 - config->table_flags |=3D (ACPI_HAS_TCPA | ACPI_HAS_IOAPIC | - ACPI_HAS_WAET | ACPI_HAS_PMTIMER | - ACPI_HAS_BUTTONS | ACPI_HAS_VGA | - ACPI_HAS_8042 | ACPI_HAS_CMOS_RTC); + config->table_flags |=3D (ACPI_HAS_IOAPIC | ACPI_HAS_WAET | + ACPI_HAS_PMTIMER | ACPI_HAS_BUTTONS | + ACPI_HAS_VGA | ACPI_HAS_8042 | + ACPI_HAS_CMOS_RTC); config->acpi_revision =3D 4; =20 - config->tis_hdr =3D (uint16_t *)ACPI_TIS_HDR_ADDRESS; + s =3D xenstore_read("platform/tpm_version", "1"); + config->tpm_version =3D strtoll(s, NULL, 0); + + switch( config->tpm_version ) + { + case 1: + config->table_flags |=3D ACPI_HAS_TPM; + config->tis_hdr =3D (uint16_t *)ACPI_TIS_HDR_ADDRESS; + break; + } =20 config->numa.nr_vmemranges =3D nr_vmemranges; config->numa.nr_vnodes =3D nr_vnodes; diff --git a/tools/libacpi/build.c b/tools/libacpi/build.c index fe2db66a62..716cb49624 100644 --- a/tools/libacpi/build.c +++ b/tools/libacpi/build.c @@ -409,38 +409,47 @@ static int construct_secondary_tables(struct acpi_ctx= t *ctxt, memcpy(ssdt, ssdt_laptop_slate, sizeof(ssdt_laptop_slate)); table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, ssdt); } - - /* TPM TCPA and SSDT. */ - if ( (config->table_flags & ACPI_HAS_TCPA) && - (config->tis_hdr[0] !=3D 0 && config->tis_hdr[0] !=3D 0xffff) && - (config->tis_hdr[1] !=3D 0 && config->tis_hdr[1] !=3D 0xffff) ) + /* TPM and its SSDT. */ + if ( config->table_flags & ACPI_HAS_TPM ) { - ssdt =3D ctxt->mem_ops.alloc(ctxt, sizeof(ssdt_tpm), 16); - if (!ssdt) return -1; - memcpy(ssdt, ssdt_tpm, sizeof(ssdt_tpm)); - table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, ssdt); - - tcpa =3D ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_tcpa), 16= ); - if (!tcpa) return -1; - memset(tcpa, 0, sizeof(*tcpa)); - table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, tcpa); - - tcpa->header.signature =3D ACPI_2_0_TCPA_SIGNATURE; - tcpa->header.length =3D sizeof(*tcpa); - tcpa->header.revision =3D ACPI_2_0_TCPA_REVISION; - fixed_strcpy(tcpa->header.oem_id, ACPI_OEM_ID); - fixed_strcpy(tcpa->header.oem_table_id, ACPI_OEM_TABLE_ID); - tcpa->header.oem_revision =3D ACPI_OEM_REVISION; - tcpa->header.creator_id =3D ACPI_CREATOR_ID; - tcpa->header.creator_revision =3D ACPI_CREATOR_REVISION; - if ( (lasa =3D ctxt->mem_ops.alloc(ctxt, ACPI_2_0_TCPA_LAML_SIZE, = 16)) !=3D NULL ) + switch ( config->tpm_version ) { - tcpa->lasa =3D ctxt->mem_ops.v2p(ctxt, lasa); - tcpa->laml =3D ACPI_2_0_TCPA_LAML_SIZE; - memset(lasa, 0, tcpa->laml); - set_checksum(tcpa, - offsetof(struct acpi_header, checksum), - tcpa->header.length); + case 0: /* Assume legacy code wanted tpm 1.2 */ + case 1: + if ( config->tis_hdr[0] =3D=3D 0 || config->tis_hdr[0] =3D=3D = 0xffff || + config->tis_hdr[1] =3D=3D 0 || config->tis_hdr[1] =3D=3D = 0xffff ) + break; + + ssdt =3D ctxt->mem_ops.alloc(ctxt, sizeof(ssdt_tpm), 16); + if (!ssdt) return -1; + memcpy(ssdt, ssdt_tpm, sizeof(ssdt_tpm)); + table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, ssdt); + + tcpa =3D ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_tcpa)= , 16); + if (!tcpa) return -1; + memset(tcpa, 0, sizeof(*tcpa)); + table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, tcpa); + + tcpa->header.signature =3D ACPI_2_0_TCPA_SIGNATURE; + tcpa->header.length =3D sizeof(*tcpa); + tcpa->header.revision =3D ACPI_2_0_TCPA_REVISION; + fixed_strcpy(tcpa->header.oem_id, ACPI_OEM_ID); + fixed_strcpy(tcpa->header.oem_table_id, ACPI_OEM_TABLE_ID); + tcpa->header.oem_revision =3D ACPI_OEM_REVISION; + tcpa->header.creator_id =3D ACPI_CREATOR_ID; + tcpa->header.creator_revision =3D ACPI_CREATOR_REVISION; + + lasa =3D ctxt->mem_ops.alloc(ctxt, ACPI_2_0_TCPA_LAML_SIZE, 16= ); + if ( lasa ) + { + tcpa->lasa =3D ctxt->mem_ops.v2p(ctxt, lasa); + tcpa->laml =3D ACPI_2_0_TCPA_LAML_SIZE; + memset(lasa, 0, tcpa->laml); + set_checksum(tcpa, + offsetof(struct acpi_header, checksum), + tcpa->header.length); + } + break; } } =20 diff --git a/tools/libacpi/libacpi.h b/tools/libacpi/libacpi.h index a2efd23b0b..f69452401f 100644 --- a/tools/libacpi/libacpi.h +++ b/tools/libacpi/libacpi.h @@ -27,7 +27,7 @@ #define ACPI_HAS_SSDT_PM (1<<4) #define ACPI_HAS_SSDT_S3 (1<<5) #define ACPI_HAS_SSDT_S4 (1<<6) -#define ACPI_HAS_TCPA (1<<7) +#define ACPI_HAS_TPM (1<<7) #define ACPI_HAS_IOAPIC (1<<8) #define ACPI_HAS_WAET (1<<9) #define ACPI_HAS_PMTIMER (1<<10) @@ -66,6 +66,7 @@ struct acpi_config { =20 uint32_t table_flags; uint8_t acpi_revision; + uint8_t tpm_version; =20 uint64_t vm_gid[2]; unsigned long vm_gid_addr; /* OUT parameter */ --=20 2.39.1 From nobody Wed May 15 02:47:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1682444922; cv=none; d=zohomail.com; s=zohoarc; b=KhpLNas0yY+Y+vUUQlmGOkWxyfoeOkqnOWSzhljC6pZ7FTti7lvi082BNSZh2Yoqv+bkz2U9Qx2+7sjCY6p2LGlwBmRdyqWu/kV9FcidVYf8IHgegPRMoHkH8b21GbRgONIqkyN+PdyxIL7QkM08POLE2gZINsR0t0so8t+iKd8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1682444922; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+UTkkSX0j0oQFlGACJa7a5Ycl+h77eqLsS6QNM9woJ4=; b=Ea5/WHyodJ4awD0ezfUkx2Seu/hQ8AsyEXj1g/elyhu/80Z1oTTy0Nlk9Ipv3ExPtEeh5tTHfJASVNF6wAzIoHeyegCuJuvq+wbKew/IYURm305Ktlcq/7yuKjSOa0tN4wzKELezJXXuSkzjv+yvUstnfYX+GfxKUeZ0IkMRLMo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1682444922975177.81376498895452; Tue, 25 Apr 2023 10:48:42 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.526270.817914 (Exim 4.92) (envelope-from ) id 1prMlp-0004Ba-9K; Tue, 25 Apr 2023 17:48:05 +0000 Received: by outflank-mailman (output) from mailman id 526270.817914; Tue, 25 Apr 2023 17:48:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prMlp-0004BT-64; Tue, 25 Apr 2023 17:48:05 +0000 Received: by outflank-mailman (input) for mailman id 526270; Tue, 25 Apr 2023 17:48:04 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prMlo-0004BN-5n for xen-devel@lists.xenproject.org; Tue, 25 Apr 2023 17:48:04 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 511b254e-e391-11ed-8611-37d641c3527e; Tue, 25 Apr 2023 19:48:01 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 511b254e-e391-11ed-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1682444881; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=rAcd38lHfyxjyo5VODfhs5oaQerCPZKZ+8xu0A03MtA=; b=htfzPCyROck2+J4gqUtnSgU+rgFJmXaJ5fttxrFBHkx2cemxrgOON64T kxX7Lt5zzKwvNmIjOYJflDQ4mKwJzxMM6zxkpDWINCXbVKEXRJwbqKc7s FxNzZN3Sa9RYMol5BA7SwUTQDkKgtyrAXz5Q9TG3hZ9PUoOT0WrWiiiwr A=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 106160674 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:FMuS3KCjaBGeqhVW/yfjw5YqxClBgxIJ4kV8jS/XYbTApDIkhTQHx 2BJWj3TMv3fM2P8etF+aojgpBwOvJKBndJlQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFuspvlDs15K6p4G9C4wRlDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw8+lNP0dC6 eQjNBtQTRTborO4y4iFY7w57igjBJGD0II3v3hhyXfSDOo8QICFSKLPjTNa9G5u3IYUR6+YP pdHL2M1N3wsYDUWUrsTIJAzmuGpiHTlNT1VsliYv7Yf6GnP1g1hlrPqNbI5f/TTHZsMwB7G+ T6uE2LRDxZFNoOV9Qe++GPy2/XJmWDHZb4YG+jtnhJtqALKnTFCYPEMbnO5rP+/i0CzQZRfJ lYe9zAyhaMz6Fa7CNL6WnWQsHOC+xIRRddUO+k78x2WjLrZ5R6DAWoJRSIHb8Yp3Oc0TzE30 l6Cn/vyGCdi9raSTBqgGqy89G3of3JPdClbOHFCFFFeizX+nG0tphvAdOhFHLKttcHeRBL0m xXboiMEuZxG2KbnyJ6HEUD7byOE/8aZFFVku12KDgpJ/SsiOtf7OtXABUzzqK8Zcd3HFgTpU G0swZD20QwYMX2aeMVhqs0pFarh2fuKOSa0bbVHT8h4rGTFF5JOkOltDNBCyKRBaJxslcfBO hO7hO+ozMY70IGWRaF2eZmtLM8h0LLtE9/oPtiNMIoUOcYoLl/Won0/DaJ144wKuBlErE3CE c3DLZbE4YgyUsyLMwZat89CiOR2l0jSNEvYRIzhzgTP7IdykEW9EO9fWHPXN7BR0U9xiFmNm zqpH5fQmko3vSyXSnW/zLP/2nhRfCRqXsCm+50OHgNBSyI/cFwc5zbq6etJU+RYc259zY8kI lnVtpdk9WfC IronPort-HdrOrdr: A9a23:H0ew0awlmu5nMriXeLKOKrPwE71zdoMgy1knxilNoNJuA7Wlfq GV7YwmPHrP4gr5N0tQ/OxoVJPwI080sKQFgrX5Xo3CYOCFghrNEGgK1+KLqAEIWRefygc379 YGT0ERMqyXMbG4t6rHCcuDfurIDOPpzElgv4nj80s= X-Talos-CUID: 9a23:al8FO2+pWIopg9AaYPCVv0cbIP4DfmHF92v7fmy8UUM4Rravd3bFrQ== X-Talos-MUID: 9a23:UB2oWglFB6sviIPeLERFdnpvM5hqvK6SNXsHgMtboc+AdhBNBz2S2WE= X-IronPort-AV: E=Sophos;i="5.99,226,1677560400"; d="scan'208";a="106160674" From: Jennifer Herbert To: , Xen-devel CC: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jennifer Herbert Subject: [PATCH v3 2/2] acpi: Add TPM2 interface definition. Date: Tue, 25 Apr 2023 17:47:33 +0000 Message-ID: <20230425174733.795961-3-jennifer.herbert@citrix.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230425174733.795961-1-jennifer.herbert@citrix.com> References: <20230425174733.795961-1-jennifer.herbert@citrix.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1682444925110100005 Content-Type: text/plain; charset="utf-8" This patch introduces an optional TPM 2 interface definition to the ACPI ta= ble, which is to be used as part of a vTPM 2 implementation. Signed-off-by: Jennifer Herbert Acked-by: Jan Beulich Reviewed-by: Jason Andryuk --- docs/misc/xenstore-paths.pandoc | 3 ++- tools/firmware/hvmloader/util.c | 9 ++++++++ tools/libacpi/Makefile | 3 ++- tools/libacpi/acpi2_0.h | 32 +++++++++++++++++++++++++++ tools/libacpi/build.c | 39 +++++++++++++++++++++++++++++++++ tools/libacpi/libacpi.h | 1 + tools/libacpi/ssdt_tpm2.asl | 36 ++++++++++++++++++++++++++++++ 7 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 tools/libacpi/ssdt_tpm2.asl diff --git a/docs/misc/xenstore-paths.pandoc b/docs/misc/xenstore-paths.pan= doc index e67e164855..bffb8ea544 100644 --- a/docs/misc/xenstore-paths.pandoc +++ b/docs/misc/xenstore-paths.pandoc @@ -274,7 +274,8 @@ circumstances where the generation ID needs to be chang= ed. =20 The TPM version to be probed for. =20 -A value of 1 indicates to probe for TPM 1.2. +A value of 1 indicates to probe for TPM 1.2, whereas a value of 2 +indicates that a TPM 2.0 using CRB should be probed. A value of 0 or an invalid value will result in no TPM being probed. If unset, a default of 1 is assumed. =20 diff --git a/tools/firmware/hvmloader/util.c b/tools/firmware/hvmloader/uti= l.c index f39a8e584f..51272530fe 100644 --- a/tools/firmware/hvmloader/util.c +++ b/tools/firmware/hvmloader/util.c @@ -1009,6 +1009,15 @@ void hvmloader_acpi_build_tables(struct acpi_config = *config, config->table_flags |=3D ACPI_HAS_TPM; config->tis_hdr =3D (uint16_t *)ACPI_TIS_HDR_ADDRESS; break; + + case 2: + config->table_flags |=3D ACPI_HAS_TPM; + config->crb_id =3D (uint16_t *)TPM_CRB_INTF_ID; + + mem_hole_populate_ram(TPM_LOG_AREA_ADDRESS >> PAGE_SHIFT, + TPM_LOG_SIZE >> PAGE_SHIFT); + memset((void *)TPM_LOG_AREA_ADDRESS, 0, TPM_LOG_SIZE); + break; } =20 config->numa.nr_vmemranges =3D nr_vmemranges; diff --git a/tools/libacpi/Makefile b/tools/libacpi/Makefile index 60860eaa00..23278f6a61 100644 --- a/tools/libacpi/Makefile +++ b/tools/libacpi/Makefile @@ -25,7 +25,8 @@ C_SRC-$(CONFIG_X86) =3D dsdt_anycpu.c dsdt_15cpu.c dsdt_a= nycpu_qemu_xen.c dsdt_pvh C_SRC-$(CONFIG_ARM_64) =3D dsdt_anycpu_arm.c DSDT_FILES ?=3D $(C_SRC-y) C_SRC =3D $(addprefix $(ACPI_BUILD_DIR)/, $(DSDT_FILES)) -H_SRC =3D $(addprefix $(ACPI_BUILD_DIR)/, ssdt_s3.h ssdt_s4.h ssdt_pm.h ss= dt_tpm.h ssdt_laptop_slate.h) +H_SRC =3D $(addprefix $(ACPI_BUILD_DIR)/, ssdt_s3.h ssdt_s4.h ssdt_pm.h) +H_SRC +=3D $(addprefix $(ACPI_BUILD_DIR)/, ssdt_tpm.h ssdt_tpm2.h ssdt_lap= top_slate.h) =20 MKDSDT_CFLAGS-$(CONFIG_ARM_64) =3D -DCONFIG_ARM_64 MKDSDT_CFLAGS-$(CONFIG_X86) =3D -DCONFIG_X86 diff --git a/tools/libacpi/acpi2_0.h b/tools/libacpi/acpi2_0.h index 2619ba32db..19a43d4b2e 100644 --- a/tools/libacpi/acpi2_0.h +++ b/tools/libacpi/acpi2_0.h @@ -121,6 +121,36 @@ struct acpi_20_tcpa { }; #define ACPI_2_0_TCPA_LAML_SIZE (64*1024) =20 +/* + * TPM2 + */ +struct acpi_20_tpm2 { + struct acpi_header header; + uint16_t platform_class; + uint16_t reserved; + uint64_t control_area_address; + uint32_t start_method; + uint8_t start_method_params[12]; + uint32_t log_area_minimum_length; + uint64_t log_area_start_address; +}; +#define TPM2_ACPI_CLASS_CLIENT 0 +#define TPM2_START_METHOD_CRB 7 + +/* TPM register I/O Mapped region, location of which defined in the + * TCG PC Client Platform TPM Profile Specification for TPM 2.0. + * See table 9 - Only Locality 0 is used here. This is emulated by QEMU. + * Definition of Register space is found in table 12. + */ +#define TPM_REGISTER_BASE 0xFED40000 +#define TPM_CRB_CTRL_REQ (TPM_REGISTER_BASE + 0x40) +#define TPM_CRB_INTF_ID (TPM_REGISTER_BASE + 0x30) + +#define TPM_LOG_AREA_ADDRESS 0xFED50000 + +#define TPM_LOG_AREA_MINIMUM_SIZE (64 << 10) +#define TPM_LOG_SIZE (64 << 10) + /* * Fixed ACPI Description Table Structure (FADT) in ACPI 1.0. */ @@ -431,6 +461,7 @@ struct acpi_20_slit { #define ACPI_2_0_RSDT_SIGNATURE ASCII32('R','S','D','T') #define ACPI_2_0_XSDT_SIGNATURE ASCII32('X','S','D','T') #define ACPI_2_0_TCPA_SIGNATURE ASCII32('T','C','P','A') +#define ACPI_2_0_TPM2_SIGNATURE ASCII32('T','P','M','2') #define ACPI_2_0_HPET_SIGNATURE ASCII32('H','P','E','T') #define ACPI_2_0_WAET_SIGNATURE ASCII32('W','A','E','T') #define ACPI_2_0_SRAT_SIGNATURE ASCII32('S','R','A','T') @@ -444,6 +475,7 @@ struct acpi_20_slit { #define ACPI_2_0_RSDT_REVISION 0x01 #define ACPI_2_0_XSDT_REVISION 0x01 #define ACPI_2_0_TCPA_REVISION 0x02 +#define ACPI_2_0_TPM2_REVISION 0x04 #define ACPI_2_0_HPET_REVISION 0x01 #define ACPI_2_0_WAET_REVISION 0x01 #define ACPI_1_0_FADT_REVISION 0x01 diff --git a/tools/libacpi/build.c b/tools/libacpi/build.c index 716cb49624..359a4dbba4 100644 --- a/tools/libacpi/build.c +++ b/tools/libacpi/build.c @@ -19,6 +19,7 @@ #include "ssdt_s3.h" #include "ssdt_s4.h" #include "ssdt_tpm.h" +#include "ssdt_tpm2.h" #include "ssdt_pm.h" #include "ssdt_laptop_slate.h" #include @@ -352,6 +353,7 @@ static int construct_secondary_tables(struct acpi_ctxt = *ctxt, struct acpi_20_tcpa *tcpa; unsigned char *ssdt; void *lasa; + struct acpi_20_tpm2 *tpm2; =20 /* MADT. */ if ( (config->hvminfo->nr_vcpus > 1) || config->hvminfo->apic_mode ) @@ -450,6 +452,43 @@ static int construct_secondary_tables(struct acpi_ctxt= *ctxt, tcpa->header.length); } break; + + case 2: + /* Check VID stored in bits 37:32 (3rd 16 bit word) of CRB + * identifier register. See table 16 of TCG PC client platform + * TPM profile specification for TPM 2.0. + */ + if ( config->crb_id[2] =3D=3D 0 || config->crb_id[2] =3D=3D 0x= ffff ) + break; + + ssdt =3D ctxt->mem_ops.alloc(ctxt, sizeof(ssdt_tpm2), 16); + if (!ssdt) return -1; + memcpy(ssdt, ssdt_tpm2, sizeof(ssdt_tpm2)); + table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, ssdt); + + tpm2 =3D ctxt->mem_ops.alloc(ctxt, sizeof(struct acpi_20_tpm2)= , 16); + if (!tpm2) return -1; + memset(tpm2, 0, sizeof(*tpm2)); + table_ptrs[nr_tables++] =3D ctxt->mem_ops.v2p(ctxt, tpm2); + + tpm2->header.signature =3D ACPI_2_0_TPM2_SIGNATURE; + tpm2->header.length =3D sizeof(*tpm2); + tpm2->header.revision =3D ACPI_2_0_TPM2_REVISION; + fixed_strcpy(tpm2->header.oem_id, ACPI_OEM_ID); + fixed_strcpy(tpm2->header.oem_table_id, ACPI_OEM_TABLE_ID); + tpm2->header.oem_revision =3D ACPI_OEM_REVISION; + tpm2->header.creator_id =3D ACPI_CREATOR_ID; + tpm2->header.creator_revision =3D ACPI_CREATOR_REVISION; + tpm2->platform_class =3D TPM2_ACPI_CLASS_CLIENT; + tpm2->control_area_address =3D TPM_CRB_CTRL_REQ; + tpm2->start_method =3D TPM2_START_METHOD_CRB; + tpm2->log_area_minimum_length =3D TPM_LOG_AREA_MINIMUM_SIZE; + tpm2->log_area_start_address =3D TPM_LOG_AREA_ADDRESS; + + set_checksum(tpm2, + offsetof(struct acpi_header, checksum), + tpm2->header.length); + break; } } =20 diff --git a/tools/libacpi/libacpi.h b/tools/libacpi/libacpi.h index f69452401f..0d19f9fc4d 100644 --- a/tools/libacpi/libacpi.h +++ b/tools/libacpi/libacpi.h @@ -80,6 +80,7 @@ struct acpi_config { const struct hvm_info_table *hvminfo; =20 const uint16_t *tis_hdr; + const uint16_t *crb_id; =20 /* * Address where acpi_info should be placed. diff --git a/tools/libacpi/ssdt_tpm2.asl b/tools/libacpi/ssdt_tpm2.asl new file mode 100644 index 0000000000..1801c338df --- /dev/null +++ b/tools/libacpi/ssdt_tpm2.asl @@ -0,0 +1,36 @@ +/* + * ssdt_tpm2.asl + * + * Copyright (c) 2018-2022, Citrix Systems, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; version 2.1 only. with the special + * exception on linking described in file LICENSE. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + */ + +/* SSDT for TPM CRB Interface for Xen with Qemu device model. */ + +DefinitionBlock ("SSDT_TPM2.aml", "SSDT", 2, "Xen", "HVM", 0) +{ + Device (TPM) + { + Name (_HID, "MSFT0101" /* TPM 2.0 Security Device */) // _HID: Ha= rdware ID + Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings + { + Memory32Fixed (ReadWrite, + 0xFED40000, // Address Base + 0x00001000, // Address Length + ) + }) + Method (_STA, 0, NotSerialized) // _STA: Status + { + Return (0x0F) + } + } +} --=20 2.39.1