| Message ID | 20110330194237.138721858@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
On Wed, Mar 30, 2011 at 10:42 PM, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > The TPM interface (tpm_tis) needs to be explicitly enabled via > ./configure --enable-tpm. This restricts the building of the > TPM support to i386 and x86_64 targets since both backends I know > of, the Xen backend and the libtpms-based backend, will likely only > be available for these targets, at least initially. The list can be > easily extend. This measure prevents that one will end up with support > for a frontend but no available backend. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > > Index:qemu/Makefile.target > =================================================================== > --- > Makefile.target | 7 +++++++ > configure | 20 ++++++++++++++++++++ > 2 files changed, 27 insertions(+) > > Index: qemu-git/Makefile.target > =================================================================== > --- qemu-git.orig/Makefile.target > +++ qemu-git/Makefile.target > @@ -303,6 +303,13 @@ obj-sparc-y += cs4231.o eccmemctl.o sbi. > > # GRLIB > obj-sparc-y += grlib_gptimer.o grlib_irqmp.o grlib_apbuart.o > + > +ifeq ($(TARGET_ARCH),$(filter $(TARGET_ARCH),i386 x86_64)) The ifeq above is not needed since the line below uses obj-i386. > + > +obj-i386-$(CONFIG_TPM) += tpm_tis.o > + > +endif > + > endif > > obj-arm-y = integratorcp.o versatilepb.o arm_pic.o arm_timer.o > Index: qemu-git/configure > =================================================================== > --- qemu-git.orig/configure > +++ qemu-git/configure > @@ -175,6 +175,7 @@ trace_backend="nop" > trace_file="trace" > spice="" > rbd="" > +tpm="no" > > # parse CC options first > for opt do > @@ -708,6 +709,8 @@ for opt do > ;; > --kerneldir=*) kerneldir="$optarg" > ;; > + --enable-tpm) tpm="yes" > + ;; > --with-pkgversion=*) pkgversion=" ($optarg)" > ;; > --disable-docs) docs="no" > @@ -921,6 +924,7 @@ echo " Default > echo " --disable-spice disable spice" > echo " --enable-spice enable spice" > echo " --enable-rbd enable building the rados block device (rbd)" > +echo " --enable-tpm enables an emulated TPM" > echo "" > echo "NOTE: The object files are built at the place where configure is launched" > exit 1 > @@ -2540,6 +2544,7 @@ echo "Trace output file $trace_file-<pid > echo "spice support $spice" > echo "rbd support $rbd" > echo "xfsctl support $xfs" > +echo "TPM support $tpm" > > if test $sdl_too_old = "yes"; then > echo "-> Your SDL version is too old - please upgrade to have SDL support" > @@ -3324,6 +3329,21 @@ if test "$gprof" = "yes" ; then > fi > fi > > +if test "$linux" = "yes" && test "$tpm" = "yes"; then > + has_tpm=0 > + if test "$target_softmmu" = "yes" ; then > + case "$TARGET_BASE_ARCH" in > + i386) > + has_tpm=1 This is not a real compile test, please try to build a dummy program that depends on TPM headers like for example preadv probe. Then it is not needed to check for Linux or i386 explicitly.
On 04/01/2011 02:14 PM, Blue Swirl wrote: > On Wed, Mar 30, 2011 at 10:42 PM, Stefan Berger > <stefanb@linux.vnet.ibm.com> wrote: >> The TPM interface (tpm_tis) needs to be explicitly enabled via >> ./configure --enable-tpm. This restricts the building of the >> TPM support to i386 and x86_64 targets since both backends I know >> of, the Xen backend and the libtpms-based backend, will likely only >> be available for these targets, at least initially. The list can be >> easily extend. This measure prevents that one will end up with support >> for a frontend but no available backend. >> >> Signed-off-by: Stefan Berger<stefanb@linux.vnet.ibm.com> >> >> Index:qemu/Makefile.target >> =================================================================== >> --- >> Makefile.target | 7 +++++++ >> configure | 20 ++++++++++++++++++++ >> 2 files changed, 27 insertions(+) >> >> Index: qemu-git/Makefile.target >> =================================================================== >> --- qemu-git.orig/Makefile.target >> +++ qemu-git/Makefile.target >> @@ -303,6 +303,13 @@ obj-sparc-y += cs4231.o eccmemctl.o sbi. >> >> # GRLIB >> obj-sparc-y += grlib_gptimer.o grlib_irqmp.o grlib_apbuart.o >> + >> +ifeq ($(TARGET_ARCH),$(filter $(TARGET_ARCH),i386 x86_64)) > The ifeq above is not needed since the line below uses obj-i386. > Will remove. >> + >> +obj-i386-$(CONFIG_TPM) += tpm_tis.o >> + >> +endif >> + >> endif >> >> obj-arm-y = integratorcp.o versatilepb.o arm_pic.o arm_timer.o >> Index: qemu-git/configure >> =================================================================== >> --- qemu-git.orig/configure >> +++ qemu-git/configure >> @@ -175,6 +175,7 @@ trace_backend="nop" >> trace_file="trace" >> spice="" >> rbd="" >> +tpm="no" >> >> # parse CC options first >> for opt do >> @@ -708,6 +709,8 @@ for opt do >> ;; >> --kerneldir=*) kerneldir="$optarg" >> ;; >> + --enable-tpm) tpm="yes" >> + ;; >> --with-pkgversion=*) pkgversion=" ($optarg)" >> ;; >> --disable-docs) docs="no" >> @@ -921,6 +924,7 @@ echo " Default >> echo " --disable-spice disable spice" >> echo " --enable-spice enable spice" >> echo " --enable-rbd enable building the rados block device (rbd)" >> +echo " --enable-tpm enables an emulated TPM" >> echo "" >> echo "NOTE: The object files are built at the place where configure is launched" >> exit 1 >> @@ -2540,6 +2544,7 @@ echo "Trace output file $trace_file-<pid >> echo "spice support $spice" >> echo "rbd support $rbd" >> echo "xfsctl support $xfs" >> +echo "TPM support $tpm" >> >> if test $sdl_too_old = "yes"; then >> echo "-> Your SDL version is too old - please upgrade to have SDL support" >> @@ -3324,6 +3329,21 @@ if test "$gprof" = "yes" ; then >> fi >> fi >> >> +if test "$linux" = "yes"&& test "$tpm" = "yes"; then >> + has_tpm=0 >> + if test "$target_softmmu" = "yes" ; then >> + case "$TARGET_BASE_ARCH" in >> + i386) >> + has_tpm=1 > This is not a real compile test, please try to build a dummy program > that depends on TPM headers like for example preadv probe. Then it is > not needed to check for Linux or i386 explicitly. At this point there is no compile test needed since all code is 'there'. It's merely adding the front-end,i.e., the TPM TIS emulation to be compiled. The (libtpms-based) backend is then added later in patch [9/9]. There you then find this here: if test "$has_tpm" = "1"; then + if test -r /usr/include/libtpms/tpm_library.h ; then + echo "CONFIG_TPM_BUILTIN=y">> $config_target_mak + fi echo "CONFIG_TPM=y">> $config_host_mak fi fi So this is then trying to test for the libtpms-devel package, and if found, adds the tpm_builtin.c to the build. Now did it look wrong for patch 4 and it does make sense in combination with patch 9? Stefan
On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > On 04/01/2011 02:14 PM, Blue Swirl wrote: >> >> On Wed, Mar 30, 2011 at 10:42 PM, Stefan Berger >> <stefanb@linux.vnet.ibm.com> wrote: >>> >>> The TPM interface (tpm_tis) needs to be explicitly enabled via >>> ./configure --enable-tpm. This restricts the building of the >>> TPM support to i386 and x86_64 targets since both backends I know >>> of, the Xen backend and the libtpms-based backend, will likely only >>> be available for these targets, at least initially. The list can be >>> easily extend. This measure prevents that one will end up with support >>> for a frontend but no available backend. >>> >>> Signed-off-by: Stefan Berger<stefanb@linux.vnet.ibm.com> >>> >>> Index:qemu/Makefile.target >>> =================================================================== >>> --- >>> Makefile.target | 7 +++++++ >>> configure | 20 ++++++++++++++++++++ >>> 2 files changed, 27 insertions(+) >>> >>> Index: qemu-git/Makefile.target >>> =================================================================== >>> --- qemu-git.orig/Makefile.target >>> +++ qemu-git/Makefile.target >>> @@ -303,6 +303,13 @@ obj-sparc-y += cs4231.o eccmemctl.o sbi. >>> >>> # GRLIB >>> obj-sparc-y += grlib_gptimer.o grlib_irqmp.o grlib_apbuart.o >>> + >>> +ifeq ($(TARGET_ARCH),$(filter $(TARGET_ARCH),i386 x86_64)) >> >> The ifeq above is not needed since the line below uses obj-i386. >> > Will remove. >>> >>> + >>> +obj-i386-$(CONFIG_TPM) += tpm_tis.o >>> + >>> +endif >>> + >>> endif >>> >>> obj-arm-y = integratorcp.o versatilepb.o arm_pic.o arm_timer.o >>> Index: qemu-git/configure >>> =================================================================== >>> --- qemu-git.orig/configure >>> +++ qemu-git/configure >>> @@ -175,6 +175,7 @@ trace_backend="nop" >>> trace_file="trace" >>> spice="" >>> rbd="" >>> +tpm="no" >>> >>> # parse CC options first >>> for opt do >>> @@ -708,6 +709,8 @@ for opt do >>> ;; >>> --kerneldir=*) kerneldir="$optarg" >>> ;; >>> + --enable-tpm) tpm="yes" >>> + ;; >>> --with-pkgversion=*) pkgversion=" ($optarg)" >>> ;; >>> --disable-docs) docs="no" >>> @@ -921,6 +924,7 @@ echo " Default >>> echo " --disable-spice disable spice" >>> echo " --enable-spice enable spice" >>> echo " --enable-rbd enable building the rados block device >>> (rbd)" >>> +echo " --enable-tpm enables an emulated TPM" >>> echo "" >>> echo "NOTE: The object files are built at the place where configure is >>> launched" >>> exit 1 >>> @@ -2540,6 +2544,7 @@ echo "Trace output file $trace_file-<pid >>> echo "spice support $spice" >>> echo "rbd support $rbd" >>> echo "xfsctl support $xfs" >>> +echo "TPM support $tpm" >>> >>> if test $sdl_too_old = "yes"; then >>> echo "-> Your SDL version is too old - please upgrade to have SDL >>> support" >>> @@ -3324,6 +3329,21 @@ if test "$gprof" = "yes" ; then >>> fi >>> fi >>> >>> +if test "$linux" = "yes"&& test "$tpm" = "yes"; then >>> + has_tpm=0 >>> + if test "$target_softmmu" = "yes" ; then >>> + case "$TARGET_BASE_ARCH" in >>> + i386) >>> + has_tpm=1 >> >> This is not a real compile test, please try to build a dummy program >> that depends on TPM headers like for example preadv probe. Then it is >> not needed to check for Linux or i386 explicitly. > > At this point there is no compile test needed since all code is 'there'. > It's merely adding the front-end,i.e., the TPM TIS emulation to be compiled. If the basic device (without the tpms-devel library) can be built on any OS, the flag should go to default-configs/*86*-softmmu.mak. > The (libtpms-based) backend is then added later in patch [9/9]. There you > then find this here: > > if test "$has_tpm" = "1"; then > + if test -r /usr/include/libtpms/tpm_library.h ; then Here you make assumptions on the header file location, but it could be in /usr/local, /opt or somewhere where the cross compiler happens to find it. Please just do the compile test. > + echo "CONFIG_TPM_BUILTIN=y">> $config_target_mak > + fi > echo "CONFIG_TPM=y">> $config_host_mak > fi > fi > > > So this is then trying to test for the libtpms-devel package, and if found, > adds the tpm_builtin.c to the build. > Now did it look wrong for patch 4 and it does make sense in combination with > patch 9? The test should be added when the code which uses the library is added.
On 04/03/2011 05:20 AM, Blue Swirl wrote: > On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger > <stefanb@linux.vnet.ibm.com> wrote: >> On 04/01/2011 02:14 PM, Blue Swirl wrote: >> >> At this point there is no compile test needed since all code is 'there'. >> It's merely adding the front-end,i.e., the TPM TIS emulation to be compiled. > If the basic device (without the tpms-devel library) can be built on > any OS, the flag should go to default-configs/*86*-softmmu.mak. > It can be built on any OS, but it is of no use since the backend (libtpms) is only available on Linux and we don't support it on another OS. Unless someone else wants to port it to other OSes, I'd say that the test for Linux is useful. I'd actually also only compile the TIS if libtpms could be found, and terminate with an error message otherwise. I would add this restriction only in the last patch, so that in patch 4 at least for now the TIS can be built. Does that sound reasonable? >> The (libtpms-based) backend is then added later in patch [9/9]. There you >> then find this here: >> >> if test "$has_tpm" = "1"; then >> + if test -r /usr/include/libtpms/tpm_library.h ; then > Here you make assumptions on the header file location, but it could be > in /usr/local, /opt or somewhere where the cross compiler happens to > find it. Please just do the compile test. > Fixed that. Stefan
On Tue, Apr 5, 2011 at 5:08 AM, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > On 04/03/2011 05:20 AM, Blue Swirl wrote: >> >> On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger >> <stefanb@linux.vnet.ibm.com> wrote: >>> >>> On 04/01/2011 02:14 PM, Blue Swirl wrote: >>> >>> At this point there is no compile test needed since all code is 'there'. >>> It's merely adding the front-end,i.e., the TPM TIS emulation to be >>> compiled. >> >> If the basic device (without the tpms-devel library) can be built on >> any OS, the flag should go to default-configs/*86*-softmmu.mak. >> > It can be built on any OS, but it is of no use since the backend (libtpms) > is only available on Linux and we don't support it on another OS. Unless > someone else wants to port it to other OSes, I'd say that the test for Linux > is useful. > I'd actually also only compile the TIS if libtpms could be found, and > terminate with an error message otherwise. I would add this restriction only > in the last patch, so that in patch 4 at least for now the TIS can be built. > Does that sound reasonable? It should be possible to emulate the device (to some degree) without relying on backend. See for example the recently committed smart card device.
On 04/05/2011 01:45 PM, Blue Swirl wrote: > On Tue, Apr 5, 2011 at 5:08 AM, Stefan Berger > <stefanb@linux.vnet.ibm.com> wrote: >> On 04/03/2011 05:20 AM, Blue Swirl wrote: >>> On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger >>> <stefanb@linux.vnet.ibm.com> wrote: >>>> On 04/01/2011 02:14 PM, Blue Swirl wrote: >>>> >>>> At this point there is no compile test needed since all code is 'there'. >>>> It's merely adding the front-end,i.e., the TPM TIS emulation to be >>>> compiled. >>> If the basic device (without the tpms-devel library) can be built on >>> any OS, the flag should go to default-configs/*86*-softmmu.mak. >>> >> It can be built on any OS, but it is of no use since the backend (libtpms) >> is only available on Linux and we don't support it on another OS. Unless >> someone else wants to port it to other OSes, I'd say that the test for Linux >> is useful. >> I'd actually also only compile the TIS if libtpms could be found, and >> terminate with an error message otherwise. I would add this restriction only >> in the last patch, so that in patch 4 at least for now the TIS can be built. >> Does that sound reasonable? > It should be possible to emulate the device (to some degree) without > relying on backend. See for example the recently committed smart card > device. > In case of a TPM, the specs are huge and translate into multiple 10k lines of code. If there was to be a dummy backend, all it could send back would be error messages... Stefan
On Tue, Apr 5, 2011 at 9:33 PM, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > On 04/05/2011 01:45 PM, Blue Swirl wrote: >> >> On Tue, Apr 5, 2011 at 5:08 AM, Stefan Berger >> <stefanb@linux.vnet.ibm.com> wrote: >>> >>> On 04/03/2011 05:20 AM, Blue Swirl wrote: >>>> >>>> On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger >>>> <stefanb@linux.vnet.ibm.com> wrote: >>>>> >>>>> On 04/01/2011 02:14 PM, Blue Swirl wrote: >>>>> >>>>> At this point there is no compile test needed since all code is >>>>> 'there'. >>>>> It's merely adding the front-end,i.e., the TPM TIS emulation to be >>>>> compiled. >>>> >>>> If the basic device (without the tpms-devel library) can be built on >>>> any OS, the flag should go to default-configs/*86*-softmmu.mak. >>>> >>> It can be built on any OS, but it is of no use since the backend >>> (libtpms) >>> is only available on Linux and we don't support it on another OS. Unless >>> someone else wants to port it to other OSes, I'd say that the test for >>> Linux >>> is useful. >>> I'd actually also only compile the TIS if libtpms could be found, and >>> terminate with an error message otherwise. I would add this restriction >>> only >>> in the last patch, so that in patch 4 at least for now the TIS can be >>> built. >>> Does that sound reasonable? >> >> It should be possible to emulate the device (to some degree) without >> relying on backend. See for example the recently committed smart card >> device. >> > In case of a TPM, the specs are huge and translate into multiple 10k lines > of code. If there was to be a dummy backend, all it could send back would be > error messages... Then how about emulating the library instead so that all calls return failure? If a device is built only in special circumstances, it will be more prone to bit rot. We have a few such devices though, so it's not so big deal.
On 04/05/2011 02:55 PM, Blue Swirl wrote: > On Tue, Apr 5, 2011 at 9:33 PM, Stefan Berger > <stefanb@linux.vnet.ibm.com> wrote: >> On 04/05/2011 01:45 PM, Blue Swirl wrote: >>> On Tue, Apr 5, 2011 at 5:08 AM, Stefan Berger >>> <stefanb@linux.vnet.ibm.com> wrote: >>>> On 04/03/2011 05:20 AM, Blue Swirl wrote: >>>>> On Fri, Apr 1, 2011 at 10:57 PM, Stefan Berger >>>>> <stefanb@linux.vnet.ibm.com> wrote: >>>>>> On 04/01/2011 02:14 PM, Blue Swirl wrote: >>>>>> >>>>>> At this point there is no compile test needed since all code is >>>>>> 'there'. >>>>>> It's merely adding the front-end,i.e., the TPM TIS emulation to be >>>>>> compiled. >>>>> If the basic device (without the tpms-devel library) can be built on >>>>> any OS, the flag should go to default-configs/*86*-softmmu.mak. >>>>> >>>> It can be built on any OS, but it is of no use since the backend >>>> (libtpms) >>>> is only available on Linux and we don't support it on another OS. Unless >>>> someone else wants to port it to other OSes, I'd say that the test for >>>> Linux >>>> is useful. >>>> I'd actually also only compile the TIS if libtpms could be found, and >>>> terminate with an error message otherwise. I would add this restriction >>>> only >>>> in the last patch, so that in patch 4 at least for now the TIS can be >>>> built. >>>> Does that sound reasonable? >>> It should be possible to emulate the device (to some degree) without >>> relying on backend. See for example the recently committed smart card >>> device. >>> >> In case of a TPM, the specs are huge and translate into multiple 10k lines >> of code. If there was to be a dummy backend, all it could send back would be >> error messages... > Then how about emulating the library instead so that all calls return failure? That device would be of no use for a user and only serve the purpose of test-compiling it if it was for detecting bit rot. > If a device is built only in special circumstances, it will be more > prone to bit rot. We have a few such devices though, so it's not so > big deal. > I'll be following the project and there is interest to keep this device working. Stefan
=================================================================== --- Makefile.target | 7 +++++++ configure | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+) Index: qemu-git/Makefile.target =================================================================== --- qemu-git.orig/Makefile.target +++ qemu-git/Makefile.target @@ -303,6 +303,13 @@ obj-sparc-y += cs4231.o eccmemctl.o sbi. # GRLIB obj-sparc-y += grlib_gptimer.o grlib_irqmp.o grlib_apbuart.o + +ifeq ($(TARGET_ARCH),$(filter $(TARGET_ARCH),i386 x86_64)) + +obj-i386-$(CONFIG_TPM) += tpm_tis.o + +endif + endif obj-arm-y = integratorcp.o versatilepb.o arm_pic.o arm_timer.o Index: qemu-git/configure =================================================================== --- qemu-git.orig/configure +++ qemu-git/configure @@ -175,6 +175,7 @@ trace_backend="nop" trace_file="trace" spice="" rbd="" +tpm="no" # parse CC options first for opt do @@ -708,6 +709,8 @@ for opt do ;; --kerneldir=*) kerneldir="$optarg" ;; + --enable-tpm) tpm="yes" + ;; --with-pkgversion=*) pkgversion=" ($optarg)" ;; --disable-docs) docs="no" @@ -921,6 +924,7 @@ echo " Default echo " --disable-spice disable spice" echo " --enable-spice enable spice" echo " --enable-rbd enable building the rados block device (rbd)" +echo " --enable-tpm enables an emulated TPM" echo "" echo "NOTE: The object files are built at the place where configure is launched" exit 1 @@ -2540,6 +2544,7 @@ echo "Trace output file $trace_file-<pid echo "spice support $spice" echo "rbd support $rbd" echo "xfsctl support $xfs" +echo "TPM support $tpm" if test $sdl_too_old = "yes"; then echo "-> Your SDL version is too old - please upgrade to have SDL support" @@ -3324,6 +3329,21 @@ if test "$gprof" = "yes" ; then fi fi +if test "$linux" = "yes" && test "$tpm" = "yes"; then + has_tpm=0 + if test "$target_softmmu" = "yes" ; then + case "$TARGET_BASE_ARCH" in + i386) + has_tpm=1 + ;; + esac + fi + + if test "$has_tpm" = "1"; then + echo "CONFIG_TPM=y" >> $config_host_mak + fi +fi + linker_script="-Wl,-T../config-host.ld -Wl,-T,\$(SRC_PATH)/\$(ARCH).ld" if test "$target_linux_user" = "yes" -o "$target_bsd_user" = "yes" ; then case "$ARCH" in
The TPM interface (tpm_tis) needs to be explicitly enabled via ./configure --enable-tpm. This restricts the building of the TPM support to i386 and x86_64 targets since both backends I know of, the Xen backend and the libtpms-based backend, will likely only be available for these targets, at least initially. The list can be easily extend. This measure prevents that one will end up with support for a frontend but no available backend. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Index:qemu/Makefile.target