fbd945e783
This is a documentation change for I2C TPM device support. Qemu already supports devices attached to ISA and sysbus. This drop adds support for the I2C bus attached TPM devices. Signed-off-by: Ninad Palsule <ninad@linux.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-id: 20230414220754.1191476-2-ninadpalsule@us.ibm.com
550 lines
21 KiB
ReStructuredText
550 lines
21 KiB
ReStructuredText
===============
|
|
QEMU TPM Device
|
|
===============
|
|
|
|
Guest-side hardware interface
|
|
=============================
|
|
|
|
TIS interface
|
|
-------------
|
|
|
|
The QEMU TPM emulation implements a TPM TIS hardware interface
|
|
following the Trusted Computing Group's specification "TCG PC Client
|
|
Specific TPM Interface Specification (TIS)", Specification Version
|
|
1.3, 21 March 2013. (see the `TIS specification`_, or a later version
|
|
of it).
|
|
|
|
The TIS interface makes a memory mapped IO region in the area
|
|
0xfed40000-0xfed44fff available to the guest operating system.
|
|
|
|
QEMU files related to TPM TIS interface:
|
|
- ``hw/tpm/tpm_tis_common.c``
|
|
- ``hw/tpm/tpm_tis_isa.c``
|
|
- ``hw/tpm/tpm_tis_sysbus.c``
|
|
- ``hw/tpm/tpm_tis_i2c.c``
|
|
- ``hw/tpm/tpm_tis.h``
|
|
|
|
Both an ISA device and a sysbus device are available. The former is
|
|
used with pc/q35 machine while the latter can be instantiated in the
|
|
Arm virt machine.
|
|
|
|
An I2C device support is also provided which can be instantiated in the Arm
|
|
based emulation machines. This device only supports the TPM 2 protocol.
|
|
|
|
CRB interface
|
|
-------------
|
|
|
|
QEMU also implements a TPM CRB interface following the Trusted
|
|
Computing Group's specification "TCG PC Client Platform TPM Profile
|
|
(PTP) Specification", Family "2.0", Level 00 Revision 01.03 v22, May
|
|
22, 2017. (see the `CRB specification`_, or a later version of it)
|
|
|
|
The CRB interface makes a memory mapped IO region in the area
|
|
0xfed40000-0xfed40fff (1 locality) available to the guest
|
|
operating system.
|
|
|
|
QEMU files related to TPM CRB interface:
|
|
- ``hw/tpm/tpm_crb.c``
|
|
|
|
SPAPR interface
|
|
---------------
|
|
|
|
pSeries (ppc64) machines offer a tpm-spapr device model.
|
|
|
|
QEMU files related to the SPAPR interface:
|
|
- ``hw/tpm/tpm_spapr.c``
|
|
|
|
fw_cfg interface
|
|
================
|
|
|
|
The bios/firmware may read the ``"etc/tpm/config"`` fw_cfg entry for
|
|
configuring the guest appropriately.
|
|
|
|
The entry of 6 bytes has the following content, in little-endian:
|
|
|
|
.. code-block:: c
|
|
|
|
#define TPM_VERSION_UNSPEC 0
|
|
#define TPM_VERSION_1_2 1
|
|
#define TPM_VERSION_2_0 2
|
|
|
|
#define TPM_PPI_VERSION_NONE 0
|
|
#define TPM_PPI_VERSION_1_30 1
|
|
|
|
struct FwCfgTPMConfig {
|
|
uint32_t tpmppi_address; /* PPI memory location */
|
|
uint8_t tpm_version; /* TPM version */
|
|
uint8_t tpmppi_version; /* PPI version */
|
|
};
|
|
|
|
ACPI interface
|
|
==============
|
|
|
|
The TPM device is defined with ACPI ID "PNP0C31". QEMU builds a SSDT
|
|
and passes it into the guest through the fw_cfg device. The device
|
|
description contains the base address of the TIS interface 0xfed40000
|
|
and the size of the MMIO area (0x5000). In case a TPM2 is used by
|
|
QEMU, a TPM2 ACPI table is also provided. The device is described to
|
|
be used in polling mode rather than interrupt mode primarily because
|
|
no unused IRQ could be found.
|
|
|
|
To support measurement logs to be written by the firmware,
|
|
e.g. SeaBIOS, a TCPA table is implemented. This table provides a 64kb
|
|
buffer where the firmware can write its log into. For TPM 2 only a
|
|
more recent version of the TPM2 table provides support for
|
|
measurements logs and a TCPA table does not need to be created.
|
|
|
|
The TCPA and TPM2 ACPI tables follow the Trusted Computing Group
|
|
specification "TCG ACPI Specification" Family "1.2" and "2.0", Level
|
|
00 Revision 00.37. (see the `ACPI specification`_, or a later version
|
|
of it)
|
|
|
|
ACPI PPI Interface
|
|
------------------
|
|
|
|
QEMU supports the Physical Presence Interface (PPI) for TPM 1.2 and
|
|
TPM 2. This interface requires ACPI and firmware support. (see the
|
|
`PPI specification`_)
|
|
|
|
PPI enables a system administrator (root) to request a modification to
|
|
the TPM upon reboot. The PPI specification defines the operation
|
|
requests and the actions the firmware has to take. The system
|
|
administrator passes the operation request number to the firmware
|
|
through an ACPI interface which writes this number to a memory
|
|
location that the firmware knows. Upon reboot, the firmware finds the
|
|
number and sends commands to the TPM. The firmware writes the TPM
|
|
result code and the operation request number to a memory location that
|
|
ACPI can read from and pass the result on to the administrator.
|
|
|
|
The PPI specification defines a set of mandatory and optional
|
|
operations for the firmware to implement. The ACPI interface also
|
|
allows an administrator to list the supported operations. In QEMU the
|
|
ACPI code is generated by QEMU, yet the firmware needs to implement
|
|
support on a per-operations basis, and different firmwares may support
|
|
a different subset. Therefore, QEMU introduces the virtual memory
|
|
device for PPI where the firmware can indicate which operations it
|
|
supports and ACPI can enable the ones that are supported and disable
|
|
all others. This interface lies in main memory and has the following
|
|
layout:
|
|
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| Field | Length | Offset | Description |
|
|
+=============+========+========+===========================================+
|
|
| ``func`` | 0x100 | 0x000 | Firmware sets values for each supported |
|
|
| | | | operation. See defined values below. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``ppin`` | 0x1 | 0x100 | SMI interrupt to use. Set by firmware. |
|
|
| | | | Not supported. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``ppip`` | 0x4 | 0x101 | ACPI function index to pass to SMM code. |
|
|
| | | | Set by ACPI. Not supported. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``pprp`` | 0x4 | 0x105 | Result of last executed operation. Set by |
|
|
| | | | firmware. See function index 5 for values.|
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``pprq`` | 0x4 | 0x109 | Operation request number to execute. See |
|
|
| | | | 'Physical Presence Interface Operation |
|
|
| | | | Summary' tables in specs. Set by ACPI. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``pprm`` | 0x4 | 0x10d | Operation request optional parameter. |
|
|
| | | | Values depend on operation. Set by ACPI. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``lppr`` | 0x4 | 0x111 | Last executed operation request number. |
|
|
| | | | Copied from pprq field by firmware. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``fret`` | 0x4 | 0x115 | Result code from SMM function. |
|
|
| | | | Not supported. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``res1`` | 0x40 | 0x119 | Reserved for future use |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
|``next_step``| 0x1 | 0x159 | Operation to execute after reboot by |
|
|
| | | | firmware. Used by firmware. |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
| ``movv`` | 0x1 | 0x15a | Memory overwrite variable |
|
|
+-------------+--------+--------+-------------------------------------------+
|
|
|
|
The following values are supported for the ``func`` field. They
|
|
correspond to the values used by ACPI function index 8.
|
|
|
|
+----------+-------------------------------------------------------------+
|
|
| Value | Description |
|
|
+==========+=============================================================+
|
|
| 0 | Operation is not implemented. |
|
|
+----------+-------------------------------------------------------------+
|
|
| 1 | Operation is only accessible through firmware. |
|
|
+----------+-------------------------------------------------------------+
|
|
| 2 | Operation is blocked for OS by firmware configuration. |
|
|
+----------+-------------------------------------------------------------+
|
|
| 3 | Operation is allowed and physically present user required. |
|
|
+----------+-------------------------------------------------------------+
|
|
| 4 | Operation is allowed and physically present user is not |
|
|
| | required. |
|
|
+----------+-------------------------------------------------------------+
|
|
|
|
The location of the table is given by the fw_cfg ``tpmppi_address``
|
|
field. The PPI memory region size is 0x400 (``TPM_PPI_ADDR_SIZE``) to
|
|
leave enough room for future updates.
|
|
|
|
QEMU files related to TPM ACPI tables:
|
|
- ``hw/i386/acpi-build.c``
|
|
- ``include/hw/acpi/tpm.h``
|
|
|
|
TPM backend devices
|
|
===================
|
|
|
|
The TPM implementation is split into two parts, frontend and
|
|
backend. The frontend part is the hardware interface, such as the TPM
|
|
TIS interface described earlier, and the other part is the TPM backend
|
|
interface. The backend interfaces implement the interaction with a TPM
|
|
device, which may be a physical or an emulated device. The split
|
|
between the front- and backend devices allows a frontend to be
|
|
connected with any available backend. This enables the TIS interface
|
|
to be used with the passthrough backend or the swtpm backend.
|
|
|
|
QEMU files related to TPM backends:
|
|
- ``backends/tpm.c``
|
|
- ``include/sysemu/tpm.h``
|
|
- ``include/sysemu/tpm_backend.h``
|
|
|
|
The QEMU TPM passthrough device
|
|
-------------------------------
|
|
|
|
In case QEMU is run on Linux as the host operating system it is
|
|
possible to make the hardware TPM device available to a single QEMU
|
|
guest. In this case the user must make sure that no other program is
|
|
using the device, e.g., /dev/tpm0, before trying to start QEMU with
|
|
it.
|
|
|
|
The passthrough driver uses the host's TPM device for sending TPM
|
|
commands and receiving responses from. Besides that it accesses the
|
|
TPM device's sysfs entry for support of command cancellation. Since
|
|
none of the state of a hardware TPM can be migrated between hosts,
|
|
virtual machine migration is disabled when the TPM passthrough driver
|
|
is used.
|
|
|
|
Since the host's TPM device will already be initialized by the host's
|
|
firmware, certain commands, e.g. ``TPM_Startup()``, sent by the
|
|
virtual firmware for device initialization, will fail. In this case
|
|
the firmware should not use the TPM.
|
|
|
|
Sharing the device with the host is generally not a recommended usage
|
|
scenario for a TPM device. The primary reason for this is that two
|
|
operating systems can then access the device's single set of
|
|
resources, such as platform configuration registers
|
|
(PCRs). Applications or kernel security subsystems, such as the Linux
|
|
Integrity Measurement Architecture (IMA), are not expecting to share
|
|
PCRs.
|
|
|
|
QEMU files related to the TPM passthrough device:
|
|
- ``backends/tpm/tpm_passthrough.c``
|
|
- ``backends/tpm/tpm_util.c``
|
|
- ``include/sysemu/tpm_util.h``
|
|
|
|
|
|
Command line to start QEMU with the TPM passthrough device using the host's
|
|
hardware TPM ``/dev/tpm0``:
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-x86_64 -display sdl -accel kvm \
|
|
-m 1024 -boot d -bios bios-256k.bin -boot menu=on \
|
|
-tpmdev passthrough,id=tpm0,path=/dev/tpm0 \
|
|
-device tpm-tis,tpmdev=tpm0 test.img
|
|
|
|
|
|
The following commands should result in similar output inside the VM
|
|
with a Linux kernel that either has the TPM TIS driver built-in or
|
|
available as a module (assuming a TPM 2 is passed through):
|
|
|
|
.. code-block:: console
|
|
|
|
# dmesg | grep -i tpm
|
|
[ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
|
|
BXPC 0000001 BXPC 00000001)
|
|
|
|
# ls -l /dev/tpm*
|
|
crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
|
|
crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
|
|
|
|
Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
|
|
# find /sys/devices/ -type f | grep pcr-sha
|
|
...
|
|
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
|
|
...
|
|
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
|
|
...
|
|
|
|
The QEMU TPM emulator device
|
|
----------------------------
|
|
|
|
The TPM emulator device uses an external TPM emulator called 'swtpm'
|
|
for sending TPM commands to and receiving responses from. The swtpm
|
|
program must have been started before trying to access it through the
|
|
TPM emulator with QEMU.
|
|
|
|
The TPM emulator implements a command channel for transferring TPM
|
|
commands and responses as well as a control channel over which control
|
|
commands can be sent. (see the `SWTPM protocol`_ specification)
|
|
|
|
The control channel serves the purpose of resetting, initializing, and
|
|
migrating the TPM state, among other things.
|
|
|
|
The swtpm program behaves like a hardware TPM and therefore needs to
|
|
be initialized by the firmware running inside the QEMU virtual
|
|
machine. One necessary step for initializing the device is to send
|
|
the TPM_Startup command to it. SeaBIOS, for example, has been
|
|
instrumented to initialize a TPM 1.2 or TPM 2 device using this
|
|
command.
|
|
|
|
QEMU files related to the TPM emulator device:
|
|
- ``backends/tpm/tpm_emulator.c``
|
|
- ``backends/tpm/tpm_util.c``
|
|
- ``include/sysemu/tpm_util.h``
|
|
|
|
The following commands start the swtpm with a UnixIO control channel over
|
|
a socket interface. They do not need to be run as root.
|
|
|
|
.. code-block:: console
|
|
|
|
mkdir /tmp/mytpm1
|
|
swtpm socket --tpmstate dir=/tmp/mytpm1 \
|
|
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
|
|
--tpm2 \
|
|
--log level=20
|
|
|
|
Command line to start QEMU with the TPM emulator device communicating
|
|
with the swtpm (x86):
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-x86_64 -display sdl -accel kvm \
|
|
-m 1024 -boot d -bios bios-256k.bin -boot menu=on \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis,tpmdev=tpm0 test.img
|
|
|
|
In case a pSeries machine is emulated, use the following command line:
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-ppc64 -display sdl -machine pseries,accel=kvm \
|
|
-m 1024 -bios slof.bin -boot menu=on \
|
|
-nodefaults -device VGA -device pci-ohci -device usb-kbd \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-spapr,tpmdev=tpm0 \
|
|
-device spapr-vscsi,id=scsi0,reg=0x00002000 \
|
|
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0 \
|
|
-drive file=test.img,format=raw,if=none,id=drive-virtio-disk0
|
|
|
|
In case an Arm virt machine is emulated, use the following command line:
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-aarch64 -machine virt,gic-version=3,accel=kvm \
|
|
-cpu host -m 4G \
|
|
-nographic -no-acpi \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis-device,tpmdev=tpm0 \
|
|
-device virtio-blk-pci,drive=drv0 \
|
|
-drive format=qcow2,file=hda.qcow2,if=none,id=drv0 \
|
|
-drive if=pflash,format=raw,file=flash0.img,readonly=on \
|
|
-drive if=pflash,format=raw,file=flash1.img
|
|
|
|
In case a ast2600-evb bmc machine is emulated and you want to use a TPM device
|
|
attached to I2C bus, use the following command line:
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-arm -M ast2600-evb -nographic \
|
|
-kernel arch/arm/boot/zImage \
|
|
-dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
|
|
-initrd rootfs.cpio \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
|
|
|
|
For testing, use this command to load the driver to the correct address
|
|
|
|
echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
|
|
|
|
In case SeaBIOS is used as firmware, it should show the TPM menu item
|
|
after entering the menu with 'ESC'.
|
|
|
|
.. code-block:: console
|
|
|
|
Select boot device:
|
|
1. DVD/CD [ata1-0: QEMU DVD-ROM ATAPI-4 DVD/CD]
|
|
[...]
|
|
5. Legacy option rom
|
|
|
|
t. TPM Configuration
|
|
|
|
The following commands should result in similar output inside the VM
|
|
with a Linux kernel that either has the TPM TIS driver built-in or
|
|
available as a module:
|
|
|
|
.. code-block:: console
|
|
|
|
# dmesg | grep -i tpm
|
|
[ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
|
|
BXPC 0000001 BXPC 00000001)
|
|
|
|
# ls -l /dev/tpm*
|
|
crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
|
|
crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
|
|
|
|
Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
|
|
# find /sys/devices/ -type f | grep pcr-sha
|
|
...
|
|
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
|
|
...
|
|
/sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
|
|
...
|
|
|
|
Migration with the TPM emulator
|
|
===============================
|
|
|
|
The TPM emulator supports the following types of virtual machine
|
|
migration:
|
|
|
|
- VM save / restore (migration into a file)
|
|
- Network migration
|
|
- Snapshotting (migration into storage like QoW2 or QED)
|
|
|
|
The following command sequences can be used to test VM save / restore.
|
|
|
|
In a 1st terminal start an instance of a swtpm using the following command:
|
|
|
|
.. code-block:: console
|
|
|
|
mkdir /tmp/mytpm1
|
|
swtpm socket --tpmstate dir=/tmp/mytpm1 \
|
|
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
|
|
--tpm2 \
|
|
--log level=20
|
|
|
|
In a 2nd terminal start the VM:
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-x86_64 -display sdl -accel kvm \
|
|
-m 1024 -boot d -bios bios-256k.bin -boot menu=on \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis,tpmdev=tpm0 \
|
|
-monitor stdio \
|
|
test.img
|
|
|
|
Verify that the attached TPM is working as expected using applications
|
|
inside the VM.
|
|
|
|
To store the state of the VM use the following command in the QEMU
|
|
monitor in the 2nd terminal:
|
|
|
|
.. code-block:: console
|
|
|
|
(qemu) migrate "exec:cat > testvm.bin"
|
|
(qemu) quit
|
|
|
|
At this point a file called ``testvm.bin`` should exists and the swtpm
|
|
and QEMU processes should have ended.
|
|
|
|
To test 'VM restore' you have to start the swtpm with the same
|
|
parameters as before. If previously a TPM 2 [--tpm2] was saved, --tpm2
|
|
must now be passed again on the command line.
|
|
|
|
In the 1st terminal restart the swtpm with the same command line as
|
|
before:
|
|
|
|
.. code-block:: console
|
|
|
|
swtpm socket --tpmstate dir=/tmp/mytpm1 \
|
|
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
|
|
--log level=20 --tpm2
|
|
|
|
In the 2nd terminal restore the state of the VM using the additional
|
|
'-incoming' option.
|
|
|
|
.. code-block:: console
|
|
|
|
qemu-system-x86_64 -display sdl -accel kvm \
|
|
-m 1024 -boot d -bios bios-256k.bin -boot menu=on \
|
|
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
|
|
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
|
-device tpm-tis,tpmdev=tpm0 \
|
|
-incoming "exec:cat < testvm.bin" \
|
|
test.img
|
|
|
|
Troubleshooting migration
|
|
-------------------------
|
|
|
|
There are several reasons why migration may fail. In case of problems,
|
|
please ensure that the command lines adhere to the following rules
|
|
and, if possible, that identical versions of QEMU and swtpm are used
|
|
at all times.
|
|
|
|
VM save and restore:
|
|
|
|
- QEMU command line parameters should be identical apart from the
|
|
'-incoming' option on VM restore
|
|
|
|
- swtpm command line parameters should be identical
|
|
|
|
VM migration to 'localhost':
|
|
|
|
- QEMU command line parameters should be identical apart from the
|
|
'-incoming' option on the destination side
|
|
|
|
- swtpm command line parameters should point to two different
|
|
directories on the source and destination swtpm (--tpmstate dir=...)
|
|
(especially if different versions of libtpms were to be used on the
|
|
same machine).
|
|
|
|
VM migration across the network:
|
|
|
|
- QEMU command line parameters should be identical apart from the
|
|
'-incoming' option on the destination side
|
|
|
|
- swtpm command line parameters should be identical
|
|
|
|
VM Snapshotting:
|
|
- QEMU command line parameters should be identical
|
|
|
|
- swtpm command line parameters should be identical
|
|
|
|
|
|
Besides that, migration failure reasons on the swtpm level may include
|
|
the following:
|
|
|
|
- the versions of the swtpm on the source and destination sides are
|
|
incompatible
|
|
|
|
- downgrading of TPM state may not be supported
|
|
|
|
- the source and destination libtpms were compiled with different
|
|
compile-time options and the destination side refuses to accept the
|
|
state
|
|
|
|
- different migration keys are used on the source and destination side
|
|
and the destination side cannot decrypt the migrated state
|
|
(swtpm ... --migration-key ... )
|
|
|
|
|
|
.. _TIS specification:
|
|
https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
|
|
|
|
.. _CRB specification:
|
|
https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/
|
|
|
|
|
|
.. _ACPI specification:
|
|
https://trustedcomputinggroup.org/tcg-acpi-specification/
|
|
|
|
.. _PPI specification:
|
|
https://trustedcomputinggroup.org/resource/tcg-physical-presence-interface-specification/
|
|
|
|
.. _SWTPM protocol:
|
|
https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod
|