| Message ID | 1338838668-7544-6-git-send-email-stefanb@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
On 06/04/2012 03:37 PM, Stefan Berger wrote: >>From Andreas Niederl's original posting with adaptations where necessary: > > This patch is based of off version 9 of Stefan Berger's patch series > "Qemu Trusted Platform Module (TPM) integration" > and adds a new backend driver for it. > > This patch adds a passthrough backend driver for passing commands sent to the > emulated TPM device directly to a TPM device opened on the host machine. > > Thus it is possible to use a hardware TPM device in a system running on QEMU, > providing the ability to access a TPM in a special state (e.g. after a Trusted > Boot). > > This functionality is being used in the acTvSM Trusted Virtualization Platform > which is available on [1]. > > Usage example: > qemu-system-x86_64 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \ > -device tpm-tis,tpmdev=tpm0 \ > -cdrom test.iso -boot d > > Some notes about the host TPM: > The TPM needs to be enabled and activated. If that's not the case one > has to go through the BIOS/UEFI and enable and activate that TPM for TPM > commands to work as expected. > It may be necessary to boot the kernel using tpm_tis.force=1 in the boot > command line or 'modprobe tpm_tis force=1' in case of using it as a module. > > Regards, > Andreas Niederl, Stefan Berger > > [1] http://trustedjava.sourceforge.net/ > > Signed-off-by: Andreas Niederl <andreas.niederl@iaik.tugraz.at> > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > --- > Makefile.target | 3 +- > configure | 3 + > hw/tpm_backend.c | 58 ++++++++ > hw/tpm_backend.h | 43 ++++++ > hw/tpm_passthrough.c | 398 ++++++++++++++++++++++++++++++++++++++++++++++++++ > qemu-options.hx | 38 +++++- > tpm.c | 18 +++ > tpm.h | 33 ++++ > vl.c | 2 + > 9 files changed, 594 insertions(+), 2 deletions(-) > create mode 100644 hw/tpm_backend.c > create mode 100644 hw/tpm_backend.h > create mode 100644 hw/tpm_passthrough.c > > diff --git a/Makefile.target b/Makefile.target > index cdf108a..ef063c8 100644 > --- a/Makefile.target > +++ b/Makefile.target > @@ -193,7 +193,8 @@ obj-$(CONFIG_NO_KVM) += kvm-stub.o > obj-$(CONFIG_VGA) += vga.o > obj-y += memory.o savevm.o cputlb.o > obj-y += tpm.o > -obj-$(CONFIG_TPM) += tpm_tis.o > +obj-$(CONFIG_TPM) += tpm_tis.o tpm_backend.o > +obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o > LIBS+=-lz > > obj-i386-$(CONFIG_KVM) += hyperv.o > diff --git a/configure b/configure > index d805c20..804d8c8 100755 > --- a/configure > +++ b/configure > @@ -3918,6 +3918,9 @@ fi > > if test "$tpm" = "yes"; then > if test "$target_softmmu" = "yes" ; then > + if test "$linux" = "yes" ; then > + echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak > + fi > echo "CONFIG_TPM=y" >> $config_host_mak > fi > fi > diff --git a/hw/tpm_backend.c b/hw/tpm_backend.c > new file mode 100644 > index 0000000..4cf0809 > --- /dev/null > +++ b/hw/tpm_backend.c > @@ -0,0 +1,58 @@ > +/* > + * common TPM backend driver functions > + * > + * Copyright (c) 2012 IBM Corporation > + * Authors: > + * Stefan Berger <stefanb@us.ibm.com> > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see <http://www.gnu.org/licenses/> > + */ > + > +#include "tpm.h" > +#include "qemu-thread.h" > +#include "hw/tpm_backend.h" > + > +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt) > +{ > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD, NULL); > +} > + > +void tpm_backend_thread_create(TPMBackendThread *tbt, > + GFunc func, gpointer user_data) > +{ > + if (!tbt->pool) { > + tbt->pool = g_thread_pool_new(func, user_data, 1, TRUE, NULL); > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL); > + } > +} > + > +void tpm_backend_thread_end(TPMBackendThread *tbt) > +{ > + if (tbt->pool) { > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_END, NULL); > + g_thread_pool_free(tbt->pool, FALSE, TRUE); > + tbt->pool = NULL; > + } > +} > + > +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, > + GFunc func, gpointer user_data) > +{ > + if (!tbt->pool) { > + tpm_backend_thread_create(tbt, func, user_data); > + } else { > + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET, > + NULL); > + } > +} > diff --git a/hw/tpm_backend.h b/hw/tpm_backend.h > new file mode 100644 > index 0000000..f5fe198 > --- /dev/null > +++ b/hw/tpm_backend.h > @@ -0,0 +1,43 @@ > +/* > + * common TPM backend driver functions > + * > + * Copyright (c) 2012 IBM Corporation > + * Authors: > + * Stefan Berger <stefanb@us.ibm.com> > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see <http://www.gnu.org/licenses/> > + */ > + > +#ifndef HW_TPM_BACKEND_H > +#define HW_TPM_BACKEND_H > + > +typedef struct TPMBackendThread { > + GThreadPool *pool; > +} TPMBackendThread; > + > +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt); > +void tpm_backend_thread_create(TPMBackendThread *tbt, > + GFunc func, gpointer user_data); > +void tpm_backend_thread_end(TPMBackendThread *tbt); > +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, > + GFunc func, gpointer user_data); > + > +typedef enum TPMBackendCmd { > + TPM_BACKEND_CMD_INIT = 1, > + TPM_BACKEND_CMD_PROCESS_CMD, > + TPM_BACKEND_CMD_END, > + TPM_BACKEND_CMD_TPM_RESET, > +} TPMBackendCmd; > + > +#endif /* HW_TPM_BACKEND_H */ > diff --git a/hw/tpm_passthrough.c b/hw/tpm_passthrough.c > new file mode 100644 > index 0000000..8914705 > --- /dev/null > +++ b/hw/tpm_passthrough.c > @@ -0,0 +1,398 @@ > +/* > + * passthrough TPM driver > + * > + * Copyright (c) 2010, 2011 IBM Corporation > + * Authors: > + * Stefan Berger <stefanb@us.ibm.com> > + * > + * Copyright (C) 2011 IAIK, Graz University of Technology > + * Author: Andreas Niederl > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see <http://www.gnu.org/licenses/> > + */ > + > +#include "qemu-common.h" > +#include "qemu-error.h" > +#include "qemu_socket.h" > +#include "tpm.h" > +#include "hw/hw.h" > +#include "hw/tpm_tis.h" > +#include "hw/tpm_backend.h" > +#include "hw/pc.h" > + > +/* #define DEBUG_TPM */ > + > +#ifdef DEBUG_TPM > +#define dprintf(fmt, ...) \ > + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) > +#else > +#define dprintf(fmt, ...) \ > + do { } while (0) > +#endif > + > +/* data structures */ > + > +typedef struct TPMPassthruThreadParams { > + TPMState *tpm_state; > + > + TPMRecvDataCB *recv_data_callback; > + TPMBackend *tb; > +} TPMPassthruThreadParams; > + > +struct TPMPassthruState { > + TPMBackendThread tbt; > + > + TPMPassthruThreadParams tpm_thread_params; > + > + char *tpm_dev; > + int tpm_fd; > + bool had_startup_error; > +}; > + > +#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" > + > +/* borrowed from qemu-char.c */ > +static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len) > +{ > + return send_all(fd, buf, len); > +} > + > +static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) It would probably be useful to other parts of QEMU if you defined this function as recv_all() and put it in qemu-char.c (to correspond with send_all()). > +{ > + int ret, len1; > + uint8_t *buf1; > + > + len1 = len; > + buf1 = buf; > + while ((len1 > 0) && (ret = read(fd, buf1, len1)) != 0) { > + if (ret < 0) { > + if (errno != EINTR && errno != EAGAIN) { > + return -1; > + } > + } else { > + buf1 += ret; > + len1 -= ret; > + } > + } > + return len - len1; > +} > + > +static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf) > +{ > + return be32_to_cpu(*(uint32_t *)&buf[2]); > +} > + > +static int tpm_passthrough_unix_tx_bufs(int tpm_fd, > + const uint8_t *in, uint32_t in_len, > + uint8_t *out, uint32_t out_len) > +{ > + int ret; > + > + ret = tpm_passthrough_unix_write(tpm_fd, in, in_len); > + if (ret != in_len) { > + error_report("tpm_passthrough: error while transmitting data " > + "to TPM: %s (%i)\n", > + strerror(errno), errno); > + goto err_exit; > + } > + > + ret = tpm_passthrough_unix_read(tpm_fd, out, out_len); > + if (ret < 0) { > + error_report("tpm_passthrough: error while reading data from " > + "TPM: %s (%i)\n", > + strerror(errno), errno); > + } else if (ret < sizeof(struct tpm_resp_hdr) || > + tpm_passthrough_get_size_from_buffer(out) != ret) { > + ret = -1; > + error_report("tpm_passthrough: received invalid response " > + "packet from TPM\n"); > + } > + > +err_exit: > + if (ret < 0) { > + tpm_write_fatal_error_response(out, out_len); > + } > + > + return ret; > +} > + > +static int tpm_passthrough_unix_transfer(int tpm_fd, > + const TPMLocality *cmd_locty) > +{ > + return tpm_passthrough_unix_tx_bufs(tpm_fd, > + cmd_locty->w_buffer.buffer, > + cmd_locty->w_offset, > + cmd_locty->r_buffer.buffer, > + cmd_locty->r_buffer.size); > +} > + > +static void tpm_passthrough_worker_thread(gpointer data, > + gpointer user_data) > +{ > + TPMPassthruThreadParams *thr_parms = user_data; > + TPMPassthruState *tpm_pt = thr_parms->tb->s.tpm_pt; > + TPMBackendCmd cmd = (TPMBackendCmd)data; > + > + dprintf("tpm_passthrough: processing command type %ld\n", cmd); > + > + switch (cmd) { > + case TPM_BACKEND_CMD_PROCESS_CMD: > + tpm_passthrough_unix_transfer(tpm_pt->tpm_fd, > + thr_parms->tpm_state->cmd_locty); > + > + thr_parms->recv_data_callback(thr_parms->tpm_state, > + thr_parms->tpm_state->command_locty); > + break; > + case TPM_BACKEND_CMD_INIT: > + case TPM_BACKEND_CMD_END: > + case TPM_BACKEND_CMD_TPM_RESET: > + /* nothing to do */ > + break; > + } > +} > + > +/* > + * Start the TPM (thread). If it had been started before, then terminate > + * and start it again. > + */ > +static int tpm_passthrough_do_startup_tpm(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + /* terminate a running TPM */ > + tpm_backend_thread_end(&tpm_pt->tbt); > + > + tpm_backend_thread_create(&tpm_pt->tbt, > + tpm_passthrough_worker_thread, > + &tb->s.tpm_pt->tpm_thread_params); > + > + return 0; > +} > + > +static int tpm_passthrough_startup_tpm(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + int rc; > + > + rc = tpm_passthrough_do_startup_tpm(tb); > + if (rc) { > + tpm_pt->had_startup_error = true; tpm_passthrough_do_startup_tpm() always returns zero, so had_startup_error will never be set to true. > + } > + return rc; > +} > + > +static void tpm_passthrough_reset(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + dprintf("tpm_passthrough: CALL TO TPM_RESET!\n"); > + > + tpm_backend_thread_end(&tpm_pt->tbt); Should the thread be restarted here? > + > + tpm_pt->had_startup_error = false; > +} > + > +static int tpm_passthrough_init(TPMBackend *tb, TPMState *s, > + TPMRecvDataCB *recv_data_cb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + tpm_pt->tpm_thread_params.tpm_state = s; > + tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb; > + tpm_pt->tpm_thread_params.tb = tb; > + > + return 0; > +} > + > +static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) > +{ > + return false; Can a T/OS never be established with the passthrough backend? > +} > + > +static bool tpm_passthrough_get_startup_error(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + return tpm_pt->had_startup_error; > +} > + > +static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb) > +{ > + size_t wanted_size = 4096; /* Linux tpm.c buffer size */ > + > + if (sb->size != wanted_size) { > + sb->buffer = g_realloc(sb->buffer, wanted_size); > + sb->size = wanted_size; > + } > + return sb->size; > +} > + > +static void tpm_passthrough_deliver_request(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + tpm_backend_thread_deliver_request(&tpm_pt->tbt); > +} > + > +static const char *tpm_passthrough_create_desc(void) > +{ > + return "Passthrough TPM backend driver"; > +} > + > +/* > + * A basic test of a TPM device. We expect a well formatted response header > + * (error response is fine) within one second. > + */ > +static int tpm_passthrough_test_tpmdev(int fd) > +{ > + struct tpm_req_hdr req = { > + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), > + .len = cpu_to_be32(sizeof(req)), > + .ordinal = cpu_to_be32(TPM_ORD_GetTicks), > + }; > + struct tpm_resp_hdr *resp; > + fd_set readfds; > + int n; > + struct timeval tv = { > + .tv_sec = 1, > + .tv_usec = 0, > + }; > + unsigned char buf[1024]; > + > + n = write(fd, &req, sizeof(req)); > + if (n < 0) { > + return errno; > + } > + if (n != sizeof(req)) { > + return EFAULT; > + } > + > + FD_ZERO(&readfds); > + FD_SET(fd, &readfds); > + > + /* wait for a second */ > + n = select(fd + 1, &readfds, NULL, NULL, &tv); > + if (n != 1) { > + return errno; > + } > + > + n = read(fd, &buf, sizeof(buf)); > + if (n < sizeof(struct tpm_resp_hdr)) { > + return EFAULT; > + } > + > + resp = (struct tpm_resp_hdr *)buf; > + /* check the header */ > + if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND || > + be32_to_cpu(resp->len) != n) { > + return EBADMSG; > + } > + > + return 0; > +} > + > +static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb) > +{ > + const char *value; > + > + value = qemu_opt_get(opts, "path"); > + if (!value) { > + value = TPM_PASSTHROUGH_DEFAULT_DEVICE; > + } > + > + tb->s.tpm_pt->tpm_dev = g_strdup(value); > + > + tb->path = g_strdup(tb->s.tpm_pt->tpm_dev); > + > + tb->s.tpm_pt->tpm_fd = open(tb->s.tpm_pt->tpm_dev, O_RDWR); > + if (tb->s.tpm_pt->tpm_fd < 0) { > + error_report("Cannot access TPM device using '%s'.\n", > + tb->s.tpm_pt->tpm_dev); > + goto err_free_parameters; > + } > + > + if (tpm_passthrough_test_tpmdev(tb->s.tpm_pt->tpm_fd)) { > + error_report("'%s' is not a TPM device.\n", > + tb->s.tpm_pt->tpm_dev); > + goto err_close_tpmdev; > + } > + > + return 0; > + > + err_close_tpmdev: > + close(tb->s.tpm_pt->tpm_fd); > + tb->s.tpm_pt->tpm_fd = -1; > + > + err_free_parameters: > + g_free(tb->path); > + tb->path = NULL; > + > + g_free(tb->s.tpm_pt->tpm_dev); > + tb->s.tpm_pt->tpm_dev = NULL; > + > + return 1; > +} > + > +static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) > +{ > + TPMBackend *tb; > + > + tb = g_new0(TPMBackend, 1); > + tb->s.tpm_pt = g_new0(TPMPassthruState, 1); > + tb->id = g_strdup(id); > + > + tb->ops = &tpm_passthrough_driver; > + > + if (tpm_passthrough_handle_device_opts(opts, tb)) { > + goto err_exit; > + } > + > + return tb; > + > +err_exit: > + g_free(tb->id); > + g_free(tb->s.tpm_pt); > + g_free(tb); > + > + return NULL; > +} > + > +static void tpm_passthrough_destroy(TPMBackend *tb) > +{ > + TPMPassthruState *tpm_pt = tb->s.tpm_pt; > + > + tpm_backend_thread_end(&tpm_pt->tbt); > + > + close(tpm_pt->tpm_fd); > + > + g_free(tb->id); > + g_free(tb->path); > + g_free(tb->s.tpm_pt->tpm_dev); > + g_free(tb->s.tpm_pt); > + g_free(tb); > +} > + > +const TPMDriverOps tpm_passthrough_driver = { > + .id = "passthrough", > + .desc = tpm_passthrough_create_desc, > + .create = tpm_passthrough_create, > + .destroy = tpm_passthrough_destroy, > + .init = tpm_passthrough_init, > + .startup_tpm = tpm_passthrough_startup_tpm, > + .realloc_buffer = tpm_passthrough_realloc_buffer, > + .reset = tpm_passthrough_reset, > + .had_startup_error = tpm_passthrough_get_startup_error, > + .deliver_request = tpm_passthrough_deliver_request, > + .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag, > +}; > diff --git a/qemu-options.hx b/qemu-options.hx > index 143d92d..0b9fa0b 100644 > --- a/qemu-options.hx > +++ b/qemu-options.hx > @@ -2013,10 +2013,12 @@ ETEXI > DEFHEADING() > > #ifdef CONFIG_TPM > +# ifdef CONFIG_TPM_PASSTHROUGH > DEFHEADING(TPM device options:) > > DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ > - "-tpmdev [<type>],id=str[,option][,option][,...]\n", > + "-tpmdev passthrough,id=id[,path=path]\n" > + " use path to provide path to a character device; default is /dev/tpm0\n", > QEMU_ARCH_ALL) > STEXI > > @@ -2026,6 +2028,7 @@ The general form of a TPM device option is: > @item -tpmdev @var{backend} ,id=@var{id} [,@var{options}] > @findex -tpmdev > Backend type must be: > +@option{passthrough}. > > The specific backend type will determine the applicable options. > The @code{-tpmdev} options requires a @code{-device} option. > @@ -2037,12 +2040,45 @@ Use ? to print all available TPM backend types. > qemu -tpmdev ? > @end example > > +@item -tpmdev passthrough, id=@var{id}, path=@var{path} > + > +(Linux-host only) Enable access to the host's TPM using the passthrough > +driver. > + > +@option{path} specifies the path to the host's TPM device, i.e., on > +a Linux host this would be @code{/dev/tpm0}. > +@option{path} is optional and by default @code{/dev/tpm0} is used. > + > +Some notes about using the host's TPM with the passthrough driver: > + > +The TPM device accessed by the passthrough driver must not be > +used by any other application on the host. > + > +Since the host's firmware (BIOS/UEFI) has already initialized the TPM, > +the VM's firmware (BIOS/UEFI) will not be able to initialize the > +TPM again and may therefore not show a TPM-specific menu that would > +otherwise allow the user to configure the TPM, e.g., allow the user to > +enable/disable or activate/deactivate the TPM. > +Further, if TPM ownership is released from within a VM then the host's TPM > +will get disabled and deactivated. To enable and activate the > +TPM again afterwards, the host has to be rebooted and the user is > +required to enter the firmware's menu to enable and activate the TPM. > +If the TPM is left disabled and/or deactivated most TPM commands will fail. > + > +To create a passthrough TPM use the following two options: > +@example > +-tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 > +@end example > +Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by > +@code{tpmdev=tpm0} in the device option. > + > @end table > > ETEXI > > DEFHEADING() > > +# endif > #endif > > DEFHEADING(Linux/Multiboot boot specific:) > diff --git a/tpm.c b/tpm.c > index 778de42..79530c9 100644 > --- a/tpm.c > +++ b/tpm.c > @@ -24,9 +24,26 @@ static QLIST_HEAD(, TPMBackend) tpm_backends = > #ifdef CONFIG_TPM > > static const TPMDriverOps *bes[] = { > +#ifdef CONFIG_TPM_PASSTHROUGH > + &tpm_passthrough_driver, > +#endif > NULL, > }; > > +/* > + * Write an error message in the given output buffer. > + */ > +void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len) > +{ > + if (out_len >= sizeof(struct tpm_resp_hdr)) { > + struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; > + > + resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); > + resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); > + resp->errcode = cpu_to_be32(TPM_FAIL); > + } > +} > + > const TPMDriverOps *tpm_get_backend_driver(const char *id) > { > int i; > @@ -182,6 +199,7 @@ static TPMInfo *qmp_query_tpm_inst(TPMBackend *drv) > res->id = g_strdup(drv->id); > if (drv->path) { > res->path = g_strdup(drv->path); > + res->has_path = true; > } > res->type = g_strdup(drv->ops->id); > > diff --git a/tpm.h b/tpm.h > index 7fdd1db..bacaff3 100644 > --- a/tpm.h > +++ b/tpm.h > @@ -18,12 +18,18 @@ > struct TPMDriverOps; > typedef struct TPMDriverOps TPMDriverOps; > > +typedef struct TPMPassthruState TPMPassthruState; > + > typedef struct TPMBackend { > char *id; > const char *fe_model; > char *path; > const TPMDriverOps *ops; > > + union { > + TPMPassthruState *tpm_pt; > + } s; > + > QLIST_ENTRY(TPMBackend) list; > } TPMBackend; > > @@ -71,11 +77,38 @@ struct TPMDriverOps { > > #define TPM_DEFAULT_DEVICE_MODEL "tpm-tis" > > +struct tpm_req_hdr { > + uint16_t tag; > + uint32_t len; > + uint32_t ordinal; > +} __attribute__((packed)); > + > +struct tpm_resp_hdr { > + uint16_t tag; > + uint32_t len; > + uint32_t errcode; > +} __attribute__((packed)); > + > +#define TPM_TAG_RQU_COMMAND 0xc1 > +#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2 > +#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3 > + > +#define TPM_TAG_RSP_COMMAND 0xc4 > +#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5 > +#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6 > + > +#define TPM_FAIL 9 > + > +#define TPM_ORD_GetTicks 0xf1 > + > int tpm_config_parse(QemuOptsList *opts_list, const char *optarg); > int tpm_init(void); > void tpm_cleanup(void); > TPMBackend *qemu_find_tpm(const char *id); > void tpm_display_backend_drivers(void); > const TPMDriverOps *tpm_get_backend_driver(const char *id); > +void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len); > + > +extern const TPMDriverOps tpm_passthrough_driver; > > #endif /* QEMU_TPM_H */ > diff --git a/vl.c b/vl.c > index 3e784f5..6928e67 100644 > --- a/vl.c > +++ b/vl.c > @@ -2676,11 +2676,13 @@ int main(int argc, char **argv, char **envp) > break; > } > #ifdef CONFIG_TPM > +# ifdef CONFIG_TPM_PASSTHROUGH > case QEMU_OPTION_tpmdev: > if (tpm_config_parse(qemu_find_opts("tpmdev"), optarg) < 0) { > exit(1); > } > break; > +# endif > #endif > case QEMU_OPTION_mempath: > mem_path = optarg; >
On 09/27/2012 10:28 AM, Corey Bryant wrote: > > > On 06/04/2012 03:37 PM, Stefan Berger wrote: >> + >> +/* borrowed from qemu-char.c */ >> +static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, >> uint32_t len) >> +{ >> + return send_all(fd, buf, len); >> +} >> + >> +static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t >> len) > > It would probably be useful to other parts of QEMU if you defined this > function as recv_all() and put it in qemu-char.c (to correspond with > send_all()). > Ok. I'd keep this patch to qemu-char.c inside of this patch, though, unless someone opposes. >> + >> +static int tpm_passthrough_startup_tpm(TPMBackend *tb) >> +{ >> + TPMPassthruState *tpm_pt = tb->s.tpm_pt; >> + int rc; >> + >> + rc = tpm_passthrough_do_startup_tpm(tb); >> + if (rc) { >> + tpm_pt->had_startup_error = true; > > tpm_passthrough_do_startup_tpm() always returns zero, so > had_startup_error will never be set to true. > I am consolidating the code into tpm_passthrough_startup_tpm() but let that return an int considering that other backend drivers may return an error code. >> +static void tpm_passthrough_reset(TPMBackend *tb) >> +{ >> + TPMPassthruState *tpm_pt = tb->s.tpm_pt; >> + >> + dprintf("tpm_passthrough: CALL TO TPM_RESET!\n"); >> + >> + tpm_backend_thread_end(&tpm_pt->tbt); > > Should the thread be restarted here? > No. If the backend needs to be restarted, the frontend will invoke the startup_tpm function. >> +static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) >> +{ >> + return false; > > Can a T/OS never be established with the passthrough backend? > Following the specs, this bit is set when locality 5 is used and a hash operation is started. See part 2 of the TPM specs. The establishment bit could be read from the hardware TPM's permanent flags. The question is what it means to show this bit inside the VM. I wasn't sure, so I hardcoded it to always return false. Stefan
diff --git a/Makefile.target b/Makefile.target index cdf108a..ef063c8 100644 --- a/Makefile.target +++ b/Makefile.target @@ -193,7 +193,8 @@ obj-$(CONFIG_NO_KVM) += kvm-stub.o obj-$(CONFIG_VGA) += vga.o obj-y += memory.o savevm.o cputlb.o obj-y += tpm.o -obj-$(CONFIG_TPM) += tpm_tis.o +obj-$(CONFIG_TPM) += tpm_tis.o tpm_backend.o +obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o LIBS+=-lz obj-i386-$(CONFIG_KVM) += hyperv.o diff --git a/configure b/configure index d805c20..804d8c8 100755 --- a/configure +++ b/configure @@ -3918,6 +3918,9 @@ fi if test "$tpm" = "yes"; then if test "$target_softmmu" = "yes" ; then + if test "$linux" = "yes" ; then + echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak + fi echo "CONFIG_TPM=y" >> $config_host_mak fi fi diff --git a/hw/tpm_backend.c b/hw/tpm_backend.c new file mode 100644 index 0000000..4cf0809 --- /dev/null +++ b/hw/tpm_backend.c @@ -0,0 +1,58 @@ +/* + * common TPM backend driver functions + * + * Copyright (c) 2012 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + */ + +#include "tpm.h" +#include "qemu-thread.h" +#include "hw/tpm_backend.h" + +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt) +{ + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD, NULL); +} + +void tpm_backend_thread_create(TPMBackendThread *tbt, + GFunc func, gpointer user_data) +{ + if (!tbt->pool) { + tbt->pool = g_thread_pool_new(func, user_data, 1, TRUE, NULL); + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL); + } +} + +void tpm_backend_thread_end(TPMBackendThread *tbt) +{ + if (tbt->pool) { + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_END, NULL); + g_thread_pool_free(tbt->pool, FALSE, TRUE); + tbt->pool = NULL; + } +} + +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, + GFunc func, gpointer user_data) +{ + if (!tbt->pool) { + tpm_backend_thread_create(tbt, func, user_data); + } else { + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET, + NULL); + } +} diff --git a/hw/tpm_backend.h b/hw/tpm_backend.h new file mode 100644 index 0000000..f5fe198 --- /dev/null +++ b/hw/tpm_backend.h @@ -0,0 +1,43 @@ +/* + * common TPM backend driver functions + * + * Copyright (c) 2012 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + */ + +#ifndef HW_TPM_BACKEND_H +#define HW_TPM_BACKEND_H + +typedef struct TPMBackendThread { + GThreadPool *pool; +} TPMBackendThread; + +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt); +void tpm_backend_thread_create(TPMBackendThread *tbt, + GFunc func, gpointer user_data); +void tpm_backend_thread_end(TPMBackendThread *tbt); +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, + GFunc func, gpointer user_data); + +typedef enum TPMBackendCmd { + TPM_BACKEND_CMD_INIT = 1, + TPM_BACKEND_CMD_PROCESS_CMD, + TPM_BACKEND_CMD_END, + TPM_BACKEND_CMD_TPM_RESET, +} TPMBackendCmd; + +#endif /* HW_TPM_BACKEND_H */ diff --git a/hw/tpm_passthrough.c b/hw/tpm_passthrough.c new file mode 100644 index 0000000..8914705 --- /dev/null +++ b/hw/tpm_passthrough.c @@ -0,0 +1,398 @@ +/* + * passthrough TPM driver + * + * Copyright (c) 2010, 2011 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * Copyright (C) 2011 IAIK, Graz University of Technology + * Author: Andreas Niederl + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + */ + +#include "qemu-common.h" +#include "qemu-error.h" +#include "qemu_socket.h" +#include "tpm.h" +#include "hw/hw.h" +#include "hw/tpm_tis.h" +#include "hw/tpm_backend.h" +#include "hw/pc.h" + +/* #define DEBUG_TPM */ + +#ifdef DEBUG_TPM +#define dprintf(fmt, ...) \ + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) +#else +#define dprintf(fmt, ...) \ + do { } while (0) +#endif + +/* data structures */ + +typedef struct TPMPassthruThreadParams { + TPMState *tpm_state; + + TPMRecvDataCB *recv_data_callback; + TPMBackend *tb; +} TPMPassthruThreadParams; + +struct TPMPassthruState { + TPMBackendThread tbt; + + TPMPassthruThreadParams tpm_thread_params; + + char *tpm_dev; + int tpm_fd; + bool had_startup_error; +}; + +#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" + +/* borrowed from qemu-char.c */ +static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len) +{ + return send_all(fd, buf, len); +} + +static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) +{ + int ret, len1; + uint8_t *buf1; + + len1 = len; + buf1 = buf; + while ((len1 > 0) && (ret = read(fd, buf1, len1)) != 0) { + if (ret < 0) { + if (errno != EINTR && errno != EAGAIN) { + return -1; + } + } else { + buf1 += ret; + len1 -= ret; + } + } + return len - len1; +} + +static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf) +{ + return be32_to_cpu(*(uint32_t *)&buf[2]); +} + +static int tpm_passthrough_unix_tx_bufs(int tpm_fd, + const uint8_t *in, uint32_t in_len, + uint8_t *out, uint32_t out_len) +{ + int ret; + + ret = tpm_passthrough_unix_write(tpm_fd, in, in_len); + if (ret != in_len) { + error_report("tpm_passthrough: error while transmitting data " + "to TPM: %s (%i)\n", + strerror(errno), errno); + goto err_exit; + } + + ret = tpm_passthrough_unix_read(tpm_fd, out, out_len); + if (ret < 0) { + error_report("tpm_passthrough: error while reading data from " + "TPM: %s (%i)\n", + strerror(errno), errno); + } else if (ret < sizeof(struct tpm_resp_hdr) || + tpm_passthrough_get_size_from_buffer(out) != ret) { + ret = -1; + error_report("tpm_passthrough: received invalid response " + "packet from TPM\n"); + } + +err_exit: + if (ret < 0) { + tpm_write_fatal_error_response(out, out_len); + } + + return ret; +} + +static int tpm_passthrough_unix_transfer(int tpm_fd, + const TPMLocality *cmd_locty) +{ + return tpm_passthrough_unix_tx_bufs(tpm_fd, + cmd_locty->w_buffer.buffer, + cmd_locty->w_offset, + cmd_locty->r_buffer.buffer, + cmd_locty->r_buffer.size); +} + +static void tpm_passthrough_worker_thread(gpointer data, + gpointer user_data) +{ + TPMPassthruThreadParams *thr_parms = user_data; + TPMPassthruState *tpm_pt = thr_parms->tb->s.tpm_pt; + TPMBackendCmd cmd = (TPMBackendCmd)data; + + dprintf("tpm_passthrough: processing command type %ld\n", cmd); + + switch (cmd) { + case TPM_BACKEND_CMD_PROCESS_CMD: + tpm_passthrough_unix_transfer(tpm_pt->tpm_fd, + thr_parms->tpm_state->cmd_locty); + + thr_parms->recv_data_callback(thr_parms->tpm_state, + thr_parms->tpm_state->command_locty); + break; + case TPM_BACKEND_CMD_INIT: + case TPM_BACKEND_CMD_END: + case TPM_BACKEND_CMD_TPM_RESET: + /* nothing to do */ + break; + } +} + +/* + * Start the TPM (thread). If it had been started before, then terminate + * and start it again. + */ +static int tpm_passthrough_do_startup_tpm(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + /* terminate a running TPM */ + tpm_backend_thread_end(&tpm_pt->tbt); + + tpm_backend_thread_create(&tpm_pt->tbt, + tpm_passthrough_worker_thread, + &tb->s.tpm_pt->tpm_thread_params); + + return 0; +} + +static int tpm_passthrough_startup_tpm(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + int rc; + + rc = tpm_passthrough_do_startup_tpm(tb); + if (rc) { + tpm_pt->had_startup_error = true; + } + return rc; +} + +static void tpm_passthrough_reset(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + dprintf("tpm_passthrough: CALL TO TPM_RESET!\n"); + + tpm_backend_thread_end(&tpm_pt->tbt); + + tpm_pt->had_startup_error = false; +} + +static int tpm_passthrough_init(TPMBackend *tb, TPMState *s, + TPMRecvDataCB *recv_data_cb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + tpm_pt->tpm_thread_params.tpm_state = s; + tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb; + tpm_pt->tpm_thread_params.tb = tb; + + return 0; +} + +static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) +{ + return false; +} + +static bool tpm_passthrough_get_startup_error(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + return tpm_pt->had_startup_error; +} + +static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb) +{ + size_t wanted_size = 4096; /* Linux tpm.c buffer size */ + + if (sb->size != wanted_size) { + sb->buffer = g_realloc(sb->buffer, wanted_size); + sb->size = wanted_size; + } + return sb->size; +} + +static void tpm_passthrough_deliver_request(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + tpm_backend_thread_deliver_request(&tpm_pt->tbt); +} + +static const char *tpm_passthrough_create_desc(void) +{ + return "Passthrough TPM backend driver"; +} + +/* + * A basic test of a TPM device. We expect a well formatted response header + * (error response is fine) within one second. + */ +static int tpm_passthrough_test_tpmdev(int fd) +{ + struct tpm_req_hdr req = { + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), + .len = cpu_to_be32(sizeof(req)), + .ordinal = cpu_to_be32(TPM_ORD_GetTicks), + }; + struct tpm_resp_hdr *resp; + fd_set readfds; + int n; + struct timeval tv = { + .tv_sec = 1, + .tv_usec = 0, + }; + unsigned char buf[1024]; + + n = write(fd, &req, sizeof(req)); + if (n < 0) { + return errno; + } + if (n != sizeof(req)) { + return EFAULT; + } + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + /* wait for a second */ + n = select(fd + 1, &readfds, NULL, NULL, &tv); + if (n != 1) { + return errno; + } + + n = read(fd, &buf, sizeof(buf)); + if (n < sizeof(struct tpm_resp_hdr)) { + return EFAULT; + } + + resp = (struct tpm_resp_hdr *)buf; + /* check the header */ + if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND || + be32_to_cpu(resp->len) != n) { + return EBADMSG; + } + + return 0; +} + +static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb) +{ + const char *value; + + value = qemu_opt_get(opts, "path"); + if (!value) { + value = TPM_PASSTHROUGH_DEFAULT_DEVICE; + } + + tb->s.tpm_pt->tpm_dev = g_strdup(value); + + tb->path = g_strdup(tb->s.tpm_pt->tpm_dev); + + tb->s.tpm_pt->tpm_fd = open(tb->s.tpm_pt->tpm_dev, O_RDWR); + if (tb->s.tpm_pt->tpm_fd < 0) { + error_report("Cannot access TPM device using '%s'.\n", + tb->s.tpm_pt->tpm_dev); + goto err_free_parameters; + } + + if (tpm_passthrough_test_tpmdev(tb->s.tpm_pt->tpm_fd)) { + error_report("'%s' is not a TPM device.\n", + tb->s.tpm_pt->tpm_dev); + goto err_close_tpmdev; + } + + return 0; + + err_close_tpmdev: + close(tb->s.tpm_pt->tpm_fd); + tb->s.tpm_pt->tpm_fd = -1; + + err_free_parameters: + g_free(tb->path); + tb->path = NULL; + + g_free(tb->s.tpm_pt->tpm_dev); + tb->s.tpm_pt->tpm_dev = NULL; + + return 1; +} + +static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) +{ + TPMBackend *tb; + + tb = g_new0(TPMBackend, 1); + tb->s.tpm_pt = g_new0(TPMPassthruState, 1); + tb->id = g_strdup(id); + + tb->ops = &tpm_passthrough_driver; + + if (tpm_passthrough_handle_device_opts(opts, tb)) { + goto err_exit; + } + + return tb; + +err_exit: + g_free(tb->id); + g_free(tb->s.tpm_pt); + g_free(tb); + + return NULL; +} + +static void tpm_passthrough_destroy(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = tb->s.tpm_pt; + + tpm_backend_thread_end(&tpm_pt->tbt); + + close(tpm_pt->tpm_fd); + + g_free(tb->id); + g_free(tb->path); + g_free(tb->s.tpm_pt->tpm_dev); + g_free(tb->s.tpm_pt); + g_free(tb); +} + +const TPMDriverOps tpm_passthrough_driver = { + .id = "passthrough", + .desc = tpm_passthrough_create_desc, + .create = tpm_passthrough_create, + .destroy = tpm_passthrough_destroy, + .init = tpm_passthrough_init, + .startup_tpm = tpm_passthrough_startup_tpm, + .realloc_buffer = tpm_passthrough_realloc_buffer, + .reset = tpm_passthrough_reset, + .had_startup_error = tpm_passthrough_get_startup_error, + .deliver_request = tpm_passthrough_deliver_request, + .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag, +}; diff --git a/qemu-options.hx b/qemu-options.hx index 143d92d..0b9fa0b 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2013,10 +2013,12 @@ ETEXI DEFHEADING() #ifdef CONFIG_TPM +# ifdef CONFIG_TPM_PASSTHROUGH DEFHEADING(TPM device options:) DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ - "-tpmdev [<type>],id=str[,option][,option][,...]\n", + "-tpmdev passthrough,id=id[,path=path]\n" + " use path to provide path to a character device; default is /dev/tpm0\n", QEMU_ARCH_ALL) STEXI @@ -2026,6 +2028,7 @@ The general form of a TPM device option is: @item -tpmdev @var{backend} ,id=@var{id} [,@var{options}] @findex -tpmdev Backend type must be: +@option{passthrough}. The specific backend type will determine the applicable options. The @code{-tpmdev} options requires a @code{-device} option. @@ -2037,12 +2040,45 @@ Use ? to print all available TPM backend types. qemu -tpmdev ? @end example +@item -tpmdev passthrough, id=@var{id}, path=@var{path} + +(Linux-host only) Enable access to the host's TPM using the passthrough +driver. + +@option{path} specifies the path to the host's TPM device, i.e., on +a Linux host this would be @code{/dev/tpm0}. +@option{path} is optional and by default @code{/dev/tpm0} is used. + +Some notes about using the host's TPM with the passthrough driver: + +The TPM device accessed by the passthrough driver must not be +used by any other application on the host. + +Since the host's firmware (BIOS/UEFI) has already initialized the TPM, +the VM's firmware (BIOS/UEFI) will not be able to initialize the +TPM again and may therefore not show a TPM-specific menu that would +otherwise allow the user to configure the TPM, e.g., allow the user to +enable/disable or activate/deactivate the TPM. +Further, if TPM ownership is released from within a VM then the host's TPM +will get disabled and deactivated. To enable and activate the +TPM again afterwards, the host has to be rebooted and the user is +required to enter the firmware's menu to enable and activate the TPM. +If the TPM is left disabled and/or deactivated most TPM commands will fail. + +To create a passthrough TPM use the following two options: +@example +-tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 +@end example +Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by +@code{tpmdev=tpm0} in the device option. + @end table ETEXI DEFHEADING() +# endif #endif DEFHEADING(Linux/Multiboot boot specific:) diff --git a/tpm.c b/tpm.c index 778de42..79530c9 100644 --- a/tpm.c +++ b/tpm.c @@ -24,9 +24,26 @@ static QLIST_HEAD(, TPMBackend) tpm_backends = #ifdef CONFIG_TPM static const TPMDriverOps *bes[] = { +#ifdef CONFIG_TPM_PASSTHROUGH + &tpm_passthrough_driver, +#endif NULL, }; +/* + * Write an error message in the given output buffer. + */ +void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len) +{ + if (out_len >= sizeof(struct tpm_resp_hdr)) { + struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; + + resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); + resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); + resp->errcode = cpu_to_be32(TPM_FAIL); + } +} + const TPMDriverOps *tpm_get_backend_driver(const char *id) { int i; @@ -182,6 +199,7 @@ static TPMInfo *qmp_query_tpm_inst(TPMBackend *drv) res->id = g_strdup(drv->id); if (drv->path) { res->path = g_strdup(drv->path); + res->has_path = true; } res->type = g_strdup(drv->ops->id); diff --git a/tpm.h b/tpm.h index 7fdd1db..bacaff3 100644 --- a/tpm.h +++ b/tpm.h @@ -18,12 +18,18 @@ struct TPMDriverOps; typedef struct TPMDriverOps TPMDriverOps; +typedef struct TPMPassthruState TPMPassthruState; + typedef struct TPMBackend { char *id; const char *fe_model; char *path; const TPMDriverOps *ops; + union { + TPMPassthruState *tpm_pt; + } s; + QLIST_ENTRY(TPMBackend) list; } TPMBackend; @@ -71,11 +77,38 @@ struct TPMDriverOps { #define TPM_DEFAULT_DEVICE_MODEL "tpm-tis" +struct tpm_req_hdr { + uint16_t tag; + uint32_t len; + uint32_t ordinal; +} __attribute__((packed)); + +struct tpm_resp_hdr { + uint16_t tag; + uint32_t len; + uint32_t errcode; +} __attribute__((packed)); + +#define TPM_TAG_RQU_COMMAND 0xc1 +#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2 +#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3 + +#define TPM_TAG_RSP_COMMAND 0xc4 +#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5 +#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6 + +#define TPM_FAIL 9 + +#define TPM_ORD_GetTicks 0xf1 + int tpm_config_parse(QemuOptsList *opts_list, const char *optarg); int tpm_init(void); void tpm_cleanup(void); TPMBackend *qemu_find_tpm(const char *id); void tpm_display_backend_drivers(void); const TPMDriverOps *tpm_get_backend_driver(const char *id); +void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len); + +extern const TPMDriverOps tpm_passthrough_driver; #endif /* QEMU_TPM_H */ diff --git a/vl.c b/vl.c index 3e784f5..6928e67 100644 --- a/vl.c +++ b/vl.c @@ -2676,11 +2676,13 @@ int main(int argc, char **argv, char **envp) break; } #ifdef CONFIG_TPM +# ifdef CONFIG_TPM_PASSTHROUGH case QEMU_OPTION_tpmdev: if (tpm_config_parse(qemu_find_opts("tpmdev"), optarg) < 0) { exit(1); } break; +# endif #endif case QEMU_OPTION_mempath: mem_path = optarg;
From Andreas Niederl's original posting with adaptations where necessary: This patch is based of off version 9 of Stefan Berger's patch series "Qemu Trusted Platform Module (TPM) integration" and adds a new backend driver for it. This patch adds a passthrough backend driver for passing commands sent to the emulated TPM device directly to a TPM device opened on the host machine. Thus it is possible to use a hardware TPM device in a system running on QEMU, providing the ability to access a TPM in a special state (e.g. after a Trusted Boot). This functionality is being used in the acTvSM Trusted Virtualization Platform which is available on [1]. Usage example: qemu-system-x86_64 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \ -device tpm-tis,tpmdev=tpm0 \ -cdrom test.iso -boot d Some notes about the host TPM: The TPM needs to be enabled and activated. If that's not the case one has to go through the BIOS/UEFI and enable and activate that TPM for TPM commands to work as expected. It may be necessary to boot the kernel using tpm_tis.force=1 in the boot command line or 'modprobe tpm_tis force=1' in case of using it as a module. Regards, Andreas Niederl, Stefan Berger [1] http://trustedjava.sourceforge.net/ Signed-off-by: Andreas Niederl <andreas.niederl@iaik.tugraz.at> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- Makefile.target | 3 +- configure | 3 + hw/tpm_backend.c | 58 ++++++++ hw/tpm_backend.h | 43 ++++++ hw/tpm_passthrough.c | 398 ++++++++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 38 +++++- tpm.c | 18 +++ tpm.h | 33 ++++ vl.c | 2 + 9 files changed, 594 insertions(+), 2 deletions(-) create mode 100644 hw/tpm_backend.c create mode 100644 hw/tpm_backend.h create mode 100644 hw/tpm_passthrough.c