Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-27 18:47:49 +01:00
|
|
|
/*
|
|
|
|
|
* Public TPM functions
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2011-2013 IBM Corporation
|
|
|
|
|
*
|
|
|
|
|
* Authors:
|
|
|
|
|
* Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
*
|
|
|
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
|
|
|
* See the COPYING file in the top-level directory.
|
|
|
|
|
*/
|
|
|
|
|
#ifndef QEMU_TPM_H
|
|
|
|
|
#define QEMU_TPM_H
|
|
|
|
|
|
2018-02-11 10:36:01 +01:00
|
|
|
#include "qapi/qapi-types-tpm.h"
|
2017-10-24 14:20:42 +02:00
|
|
|
#include "qom/object.h"
|
Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-27 18:47:49 +01:00
|
|
|
|
2021-06-15 16:21:20 +02:00
|
|
|
#ifdef CONFIG_TPM
|
|
|
|
|
|
Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-27 18:47:49 +01:00
|
|
|
int tpm_config_parse(QemuOptsList *opts_list, const char *optarg);
|
Revert "tpm: Clean up error reporting in tpm_init_tpmdev()"
This reverts commit d10e05f15d5c3dd5e5cc59c5dfff460d89d48580.
We report some -tpmdev failures, but then continue as if all was fine.
Reproducer:
$ qemu-system-x86_64 -nodefaults -S -display none -monitor stdio -chardev null,id=tpm0 -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm: tpm-emulator: tpm chardev 'chrtpm' not found.
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm: tpm-emulator: Could not cleanly shutdown the TPM: No such file or directory
QEMU 5.0.90 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: -device tpm-tis,tpmdev=tpm0: Property 'tpm-tis.tpmdev' can't find value 'tpm0'
$ echo $?
1
This is a regression caused by commit d10e05f15d "tpm: Clean up error
reporting in tpm_init_tpmdev()". It's incomplete: be->create(opts)
continues to use error_report(), and we don't set an error when it
fails.
I figure converting the create() methods to Error would make some
sense, but I'm not sure it's worth the effort right now. Revert the
broken commit instead, and add a comment to tpm_init_tpmdev().
Straightforward conflict in tpm.c resolved.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2020-07-23 13:58:44 +02:00
|
|
|
int tpm_init(void);
|
Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-27 18:47:49 +01:00
|
|
|
void tpm_cleanup(void);
|
|
|
|
|
|
2017-11-06 19:39:15 +01:00
|
|
|
typedef enum TPMVersion {
|
2015-05-26 22:51:05 +02:00
|
|
|
TPM_VERSION_UNSPEC = 0,
|
|
|
|
|
TPM_VERSION_1_2 = 1,
|
|
|
|
|
TPM_VERSION_2_0 = 2,
|
|
|
|
|
} TPMVersion;
|
|
|
|
|
|
2017-11-06 19:38:59 +01:00
|
|
|
#define TYPE_TPM_IF "tpm-if"
|
2020-09-03 22:43:22 +02:00
|
|
|
typedef struct TPMIfClass TPMIfClass;
|
2020-08-31 23:07:33 +02:00
|
|
|
DECLARE_CLASS_CHECKERS(TPMIfClass, TPM_IF,
|
|
|
|
|
TYPE_TPM_IF)
|
2017-11-06 19:38:59 +01:00
|
|
|
#define TPM_IF(obj) \
|
|
|
|
|
INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
|
|
|
|
|
|
2018-12-04 15:20:06 +01:00
|
|
|
typedef struct TPMIf TPMIf;
|
2017-11-06 19:38:59 +01:00
|
|
|
|
2020-09-03 22:43:22 +02:00
|
|
|
struct TPMIfClass {
|
2017-11-06 19:38:59 +01:00
|
|
|
InterfaceClass parent_class;
|
|
|
|
|
|
2017-11-06 19:39:04 +01:00
|
|
|
enum TpmModel model;
|
2018-01-29 19:33:06 +01:00
|
|
|
void (*request_completed)(TPMIf *obj, int ret);
|
2017-11-06 19:39:16 +01:00
|
|
|
enum TPMVersion (*get_version)(TPMIf *obj);
|
2020-09-03 22:43:22 +02:00
|
|
|
};
|
2017-11-06 19:38:59 +01:00
|
|
|
|
2020-03-05 17:51:40 +01:00
|
|
|
#define TYPE_TPM_TIS_ISA "tpm-tis"
|
2020-03-05 17:51:44 +01:00
|
|
|
#define TYPE_TPM_TIS_SYSBUS "tpm-tis-device"
|
2018-01-29 19:33:07 +01:00
|
|
|
#define TYPE_TPM_CRB "tpm-crb"
|
2020-01-21 16:29:32 +01:00
|
|
|
#define TYPE_TPM_SPAPR "tpm-spapr"
|
tpm: Add support for TPM device over I2C bus
Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices. I2C model only supports
TPM2 protocol.
This commit includes changes for the common code.
- Added I2C emulation model. Logic was added in the model to temporarily
cache the data as I2C interface works per byte basis.
- New tpm type "tpm-tis-i2c" added for I2C support. The user has to
provide this string on command line.
Testing:
TPM I2C device module is tested using SWTPM (software based TPM
package). Qemu uses the rainier machine and is connected to swtpm over
the socket interface.
The command to start swtpm is as follows:
$ swtpm socket --tpmstate dir=/tmp/mytpm1 \
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
--tpm2 --log level=100
The command to start qemu is as follows:
$ qemu-system-arm -M rainier-bmc -nographic \
-kernel ${IMAGEPATH}/fitImage-linux.bin \
-dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
-initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
-drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2 \
-net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443 \
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Tested-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230414220754.1191476-4-ninadpalsule@us.ibm.com
2023-04-15 00:07:54 +02:00
|
|
|
#define TYPE_TPM_TIS_I2C "tpm-tis-i2c"
|
2014-08-11 22:33:36 +02:00
|
|
|
|
2020-03-05 17:51:40 +01:00
|
|
|
#define TPM_IS_TIS_ISA(chr) \
|
|
|
|
|
object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS_ISA)
|
2020-06-01 11:57:36 +02:00
|
|
|
#define TPM_IS_TIS_SYSBUS(chr) \
|
|
|
|
|
object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS_SYSBUS)
|
2018-01-29 19:33:07 +01:00
|
|
|
#define TPM_IS_CRB(chr) \
|
|
|
|
|
object_dynamic_cast(OBJECT(chr), TYPE_TPM_CRB)
|
2020-01-21 16:29:32 +01:00
|
|
|
#define TPM_IS_SPAPR(chr) \
|
|
|
|
|
object_dynamic_cast(OBJECT(chr), TYPE_TPM_SPAPR)
|
tpm: Add support for TPM device over I2C bus
Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices. I2C model only supports
TPM2 protocol.
This commit includes changes for the common code.
- Added I2C emulation model. Logic was added in the model to temporarily
cache the data as I2C interface works per byte basis.
- New tpm type "tpm-tis-i2c" added for I2C support. The user has to
provide this string on command line.
Testing:
TPM I2C device module is tested using SWTPM (software based TPM
package). Qemu uses the rainier machine and is connected to swtpm over
the socket interface.
The command to start swtpm is as follows:
$ swtpm socket --tpmstate dir=/tmp/mytpm1 \
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
--tpm2 --log level=100
The command to start qemu is as follows:
$ qemu-system-arm -M rainier-bmc -nographic \
-kernel ${IMAGEPATH}/fitImage-linux.bin \
-dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
-initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
-drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2 \
-net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443 \
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Tested-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230414220754.1191476-4-ninadpalsule@us.ibm.com
2023-04-15 00:07:54 +02:00
|
|
|
#define TPM_IS_TIS_I2C(chr) \
|
|
|
|
|
object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS_I2C)
|
2017-11-06 19:39:18 +01:00
|
|
|
|
2017-11-06 19:39:15 +01:00
|
|
|
/* returns NULL unless there is exactly one TPM device */
|
|
|
|
|
static inline TPMIf *tpm_find(void)
|
2014-08-11 22:33:36 +02:00
|
|
|
{
|
2017-11-06 19:39:15 +01:00
|
|
|
Object *obj = object_resolve_path_type("", TYPE_TPM_IF, NULL);
|
|
|
|
|
|
|
|
|
|
return TPM_IF(obj);
|
|
|
|
|
}
|
2015-05-26 22:51:07 +02:00
|
|
|
|
2017-11-06 19:39:15 +01:00
|
|
|
static inline TPMVersion tpm_get_version(TPMIf *ti)
|
|
|
|
|
{
|
|
|
|
|
if (!ti) {
|
|
|
|
|
return TPM_VERSION_UNSPEC;
|
2015-05-26 22:51:07 +02:00
|
|
|
}
|
2017-11-06 19:39:15 +01:00
|
|
|
|
2017-11-06 19:39:16 +01:00
|
|
|
return TPM_IF_GET_CLASS(ti)->get_version(ti);
|
2014-08-11 22:33:36 +02:00
|
|
|
}
|
|
|
|
|
|
2021-06-15 16:21:20 +02:00
|
|
|
#else /* CONFIG_TPM */
|
|
|
|
|
|
|
|
|
|
#define tpm_init() (0)
|
|
|
|
|
#define tpm_cleanup()
|
|
|
|
|
|
2022-05-06 15:25:09 +02:00
|
|
|
/* needed for an alignment check in non-tpm code */
|
|
|
|
|
static inline Object *TPM_IS_CRB(Object *obj)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-15 16:21:20 +02:00
|
|
|
#endif /* CONFIG_TPM */
|
|
|
|
|
|
Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-27 18:47:49 +01:00
|
|
|
#endif /* QEMU_TPM_H */
|