OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

docs: Update TPM documentation for usage of a TPM 2 

Update the TPM documentation for usage of a TPM 2 rather than a TPM 1.2.
Adjust the command lines and expected outputs inside the VM accordingly.
Update the command line to start a TPM 2 with swtpm.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220927122146.2787854-1-stefanb@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
This commit is contained in:
Stefan Berger 2022-09-27 08:21:46 -04:00 committed by Laurent Vivier
parent c5e8d51824
commit 4a4a74bf43
1 changed files with 24 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
docs/specs/tpm.rst
View File

@ -250,24 +250,25 @@ hardware TPM ``/dev/tpm0``:
The following commands should result in similar output inside the VM
with a Linux kernel that either has the TPM TIS driver built-in or
available as a module:
available as a module (assuming a TPM 2 is passed through):
.. code-block:: console
# dmesg | grep -i tpm
[ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
# dmesg | grep TCPA
[ 0.000000] ACPI: TCPA 0x0000000003FFD191C 000032 (v02 BOCHS \
BXPCTCPA 0000001 BXPC 00000001)
[ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
BXPC 0000001 BXPC 00000001)
# ls -l /dev/tpm*
crw-------. 1 root root 10, 224 Jul 11 10:11 /dev/tpm0
crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
# find /sys/devices/ | grep pcrs$ | xargs cat
PCR-00: 35 4E 3B CE 23 9F 38 59 ...
Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
# find /sys/devices/ -type f | grep pcr-sha
...
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
...
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
...
PCR-23: 00 00 00 00 00 00 00 00 ...
The QEMU TPM emulator device
----------------------------
@ -304,6 +305,7 @@ a socket interface. They do not need to be run as root.
mkdir /tmp/mytpm1
swtpm socket --tpmstate dir=/tmp/mytpm1 \
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
--tpm2 \
--log level=20
Command line to start QEMU with the TPM emulator device communicating
@ -365,19 +367,20 @@ available as a module:
.. code-block:: console
# dmesg | grep -i tpm
[ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
# dmesg | grep TCPA
[ 0.000000] ACPI: TCPA 0x0000000003FFD191C 000032 (v02 BOCHS \
BXPCTCPA 0000001 BXPC 00000001)
[ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
BXPC 0000001 BXPC 00000001)
# ls -l /dev/tpm*
crw-------. 1 root root 10, 224 Jul 11 10:11 /dev/tpm0
crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
# find /sys/devices/ | grep pcrs$ | xargs cat
PCR-00: 35 4E 3B CE 23 9F 38 59 ...
Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
# find /sys/devices/ -type f | grep pcr-sha
...
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
...
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
...
PCR-23: 00 00 00 00 00 00 00 00 ...
Migration with the TPM emulator
===============================
@ -398,7 +401,8 @@ In a 1st terminal start an instance of a swtpm using the following command:
mkdir /tmp/mytpm1
swtpm socket --tpmstate dir=/tmp/mytpm1 \
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
--log level=20 --tpm2
--tpm2 \
--log level=20
In a 2nd terminal start the VM: