xen/arch/x86/hvm/dom0_build.c | 2 +- xen/include/acpi/actbl3.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-)
Pass the TPM2 ACPI table so that the device can be found by a PVH dom0.
Otherwise dom0 shows:
tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table
tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22
TCPA is "Trusted Computing Platform Alliance table", but it is really
the table for a TPM 1.2. Use that as the comment as it's more
identifiable for readers.
While doing this, move ACPI_SIG_WPBT to alpabetize the entries.
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
---
Only TPM2 has been tested.
AIUI, a TPM 1.2 is probed without the ACPI entry, so it is usable.
But since I know the table exists, I added it.
---
xen/arch/x86/hvm/dom0_build.c | 2 +-
xen/include/acpi/actbl3.h | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c
index 5ac2cf8394..7eccadf7aa 100644
--- a/xen/arch/x86/hvm/dom0_build.c
+++ b/xen/arch/x86/hvm/dom0_build.c
@@ -1013,7 +1013,7 @@ static bool __init pvh_acpi_table_allowed(const char *sig,
ACPI_SIG_DSDT, ACPI_SIG_FADT, ACPI_SIG_FACS, ACPI_SIG_PSDT,
ACPI_SIG_SSDT, ACPI_SIG_SBST, ACPI_SIG_MCFG, ACPI_SIG_SLIC,
ACPI_SIG_MSDM, ACPI_SIG_WDAT, ACPI_SIG_FPDT, ACPI_SIG_S3PT,
- ACPI_SIG_VFCT,
+ ACPI_SIG_TCPA, ACPI_SIG_TPM2, ACPI_SIG_VFCT,
};
unsigned int i;
diff --git a/xen/include/acpi/actbl3.h b/xen/include/acpi/actbl3.h
index 6858d3e60f..b8db95a18b 100644
--- a/xen/include/acpi/actbl3.h
+++ b/xen/include/acpi/actbl3.h
@@ -78,8 +78,10 @@
#define ACPI_SIG_CSRT "CSRT" /* Core System Resources Table */
#define ACPI_SIG_MATR "MATR" /* Memory Address Translation Table */
#define ACPI_SIG_MSDM "MSDM" /* Microsoft Data Management Table */
-#define ACPI_SIG_WPBT "WPBT" /* Windows Platform Binary Table */
+#define ACPI_SIG_TCPA "TCPA" /* TPM 1.2 Table */
+#define ACPI_SIG_TPM2 "TPM2" /* TPM 2.0 Table */
#define ACPI_SIG_VFCT "VFCT" /* AMD Video BIOS */
+#define ACPI_SIG_WPBT "WPBT" /* Windows Platform Binary Table */
/*
* All tables must be byte-packed to match the ACPI specification, since
--
2.52.0On 12.12.2025 23:29, Jason Andryuk wrote: > Pass the TPM2 ACPI table so that the device can be found by a PVH dom0. > > Otherwise dom0 shows: > tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table > tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22 > > TCPA is "Trusted Computing Platform Alliance table", but it is really > the table for a TPM 1.2. Use that as the comment as it's more > identifiable for readers. Not sure about this particular aspect - this and ... > --- a/xen/include/acpi/actbl3.h > +++ b/xen/include/acpi/actbl3.h > @@ -78,8 +78,10 @@ > #define ACPI_SIG_CSRT "CSRT" /* Core System Resources Table */ > #define ACPI_SIG_MATR "MATR" /* Memory Address Translation Table */ > #define ACPI_SIG_MSDM "MSDM" /* Microsoft Data Management Table */ > -#define ACPI_SIG_WPBT "WPBT" /* Windows Platform Binary Table */ > +#define ACPI_SIG_TCPA "TCPA" /* TPM 1.2 Table */ > +#define ACPI_SIG_TPM2 "TPM2" /* TPM 2.0 Table */ ... the TPM2 comment bring us out of sync with what Linux has there. Jan > #define ACPI_SIG_VFCT "VFCT" /* AMD Video BIOS */ > +#define ACPI_SIG_WPBT "WPBT" /* Windows Platform Binary Table */ > > /* > * All tables must be byte-packed to match the ACPI specification, since
On 2025-12-15 04:46, Jan Beulich wrote: > On 12.12.2025 23:29, Jason Andryuk wrote: >> Pass the TPM2 ACPI table so that the device can be found by a PVH dom0. >> >> Otherwise dom0 shows: >> tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table >> tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22 >> >> TCPA is "Trusted Computing Platform Alliance table", but it is really >> the table for a TPM 1.2. Use that as the comment as it's more >> identifiable for readers. > > Not sure about this particular aspect - this and ... > >> --- a/xen/include/acpi/actbl3.h >> +++ b/xen/include/acpi/actbl3.h >> @@ -78,8 +78,10 @@ >> #define ACPI_SIG_CSRT "CSRT" /* Core System Resources Table */ >> #define ACPI_SIG_MATR "MATR" /* Memory Address Translation Table */ >> #define ACPI_SIG_MSDM "MSDM" /* Microsoft Data Management Table */ >> -#define ACPI_SIG_WPBT "WPBT" /* Windows Platform Binary Table */ >> +#define ACPI_SIG_TCPA "TCPA" /* TPM 1.2 Table */ >> +#define ACPI_SIG_TPM2 "TPM2" /* TPM 2.0 Table */ > > ... the TPM2 comment bring us out of sync with what Linux has there. I'm fine with copying these from the Linux version to keep them in sync. I should have realized this was an imported header when adding the entries. Regards, Jason
On 12/12/2025 10:29 pm, Jason Andryuk wrote: > Pass the TPM2 ACPI table so that the device can be found by a PVH dom0. > > Otherwise dom0 shows: > tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table > tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22 > > TCPA is "Trusted Computing Platform Alliance table", but it is really > the table for a TPM 1.2. Use that as the comment as it's more > identifiable for readers. > > While doing this, move ACPI_SIG_WPBT to alpabetize the entries. It's probably worth stating that this brings PVH dom0 more in line with PV dom0. > Signed-off-by: Jason Andryuk <jason.andryuk@amd.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > Only TPM2 has been tested. > > AIUI, a TPM 1.2 is probed without the ACPI entry, so it is usable. > But since I know the table exists, I added it. Yeah - I'd have asked you to do this if you hadn't already. That said, it highlights that the Trenchboot series needs to grow the ability to hide the TPM from dom0, both the APCI tables and blind probing. I presume that tboot already does this, because I'm sure it's been tested, right...? ~Andrew
On 2025-12-12 17:38, Andrew Cooper wrote: > On 12/12/2025 10:29 pm, Jason Andryuk wrote: >> Pass the TPM2 ACPI table so that the device can be found by a PVH dom0. >> >> Otherwise dom0 shows: >> tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table >> tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22 >> >> TCPA is "Trusted Computing Platform Alliance table", but it is really >> the table for a TPM 1.2. Use that as the comment as it's more >> identifiable for readers. >> >> While doing this, move ACPI_SIG_WPBT to alpabetize the entries. > > It's probably worth stating that this brings PVH dom0 more in line with > PV dom0. "This exposes TPM event log tables on PVH dom0, bring it in line with a PV dom0." >> Signed-off-by: Jason Andryuk <jason.andryuk@amd.com> > > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Thanks! >> --- >> Only TPM2 has been tested. >> >> AIUI, a TPM 1.2 is probed without the ACPI entry, so it is usable. >> But since I know the table exists, I added it. > > Yeah - I'd have asked you to do this if you hadn't already. > > That said, it highlights that the Trenchboot series needs to grow the > ability to hide the TPM from dom0, both the APCI tables and blind probing. > > I presume that tboot already does this, because I'm sure it's been > tested, right...? Tested which way? This has *not* been tested with tboot, but I think it's orthogonal. After tboot launches Xen, tboot is dormant until Xen calls back into tboot for shutdown. Control of the TPM passes to Xen/Dom0. This is expected with DRTM and TPMs. The TPM locality differentiates TPM accesses inside and outside the measured launch environment. The TPM ACPI table specifies the location of the TPM Event Log - a reserved RAM region. There are other ACPI PNP devices to specify the TPM device itself. Those are in DSDT or SSDT (I think), so distinct from the event log table - the subject of this patch. Regards, Jason
© 2016 - 2026 Red Hat, Inc.