{"id":2226186,"url":"http://patchwork.ozlabs.org/api/covers/2226186/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/cover/20260422103018.123608-1-armenon@redhat.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422103018.123608-1-armenon@redhat.com>","list_archive_url":null,"date":"2026-04-22T10:30:08","name":"[v5,00/10] hw/tpm: CRB chunking capability to handle PQC","submitter":{"id":91136,"url":"http://patchwork.ozlabs.org/api/people/91136/?format=json","name":"Arun Menon","email":"armenon@redhat.com"},"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/cover/20260422103018.123608-1-armenon@redhat.com/mbox/","series":[{"id":500964,"url":"http://patchwork.ozlabs.org/api/series/500964/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=500964","date":"2026-04-22T10:30:14","name":"hw/tpm: CRB chunking capability to handle PQC","version":5,"mbox":"http://patchwork.ozlabs.org/series/500964/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2226186/comments/","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=L4BW/lD+;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=UnX9E8oO;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0wXC6svKz1y2d\n\tfor ; Wed, 22 Apr 2026 20:32:27 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wFUrR-0006k3-Rm; Wed, 22 Apr 2026 06:31:15 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wFUqv-0006fe-8p\n for qemu-devel@nongnu.org; Wed, 22 Apr 2026 06:30:47 -0400","from us-smtp-delivery-124.mimecast.com ([170.10.133.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wFUqn-0006pn-Cj\n for qemu-devel@nongnu.org; Wed, 22 Apr 2026 06:30:35 -0400","from mail-pg1-f197.google.com (mail-pg1-f197.google.com\n [209.85.215.197]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-580-NKZMwKhROJ2noztucMRg7w-1; Wed, 22 Apr 2026 06:30:29 -0400","by mail-pg1-f197.google.com with SMTP id\n 41be03b00d2f7-b630753cc38so6902063a12.1\n for ; Wed, 22 Apr 2026 03:30:29 -0700 (PDT)","from fedora.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.202])\n by smtp.gmail.com with ESMTPSA id\n 41be03b00d2f7-c7976f920e1sm12589666a12.2.2026.04.22.03.30.21\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 22 Apr 2026 03:30:27 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1776853831;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=oRhelen1kacIxF1RWgPIjOkfHyI19V8NRB1Vor6+k6g=;\n b=L4BW/lD+hB1VoT077Crgs2aRxPo7+rnJjrcd1u6nKBAdfcZJaBB0JAXhMUyhL0FUKONfis\n A0pY48P4Ws+uvKGoxH3z+UZR2NY9uErrNOzEYpNfeyZ5MnxniCFvjEfhtAIR9fhbvS0LMR\n HEjOLFebOeEZIP2DCxB/r+VtpXexOQs=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1776853828; x=1777458628; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=oRhelen1kacIxF1RWgPIjOkfHyI19V8NRB1Vor6+k6g=;\n b=UnX9E8oOa7BYEOkE7xPp2rfl4hKMADrvv4qtCKYKYi96bfYQZG+JOx96Tlj8OClzB9\n 1sq5OFTVl50cbWMT+ybHDCmnuTjDML4vsNfoVcaDaTdQqMmRDG0UnOiTyTj5a/OTKH2v\n rCeE4uueRUFBR0zPDfToq7EjZFnN/cC0ROANxouKmLFXFyBBjqJCnbQoRRDWQBW/qH5g\n HjrcNERHsjSjsuDR/gX6f1qQrdR4Yg0c5lGSXu7PYEsDfCYv0zfJBlGDHCRgaNevgapY\n T5K+YkB+GMJQ8wjcvWcYo35Kt6Xf0f62LaVdp9F/YpyjwYd/LX3zJcPhGS0u05dpH5qg\n f1Sg=="],"X-MC-Unique":"NKZMwKhROJ2noztucMRg7w-1","X-Mimecast-MFC-AGG-ID":"NKZMwKhROJ2noztucMRg7w_1776853829","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776853828; x=1777458628;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=oRhelen1kacIxF1RWgPIjOkfHyI19V8NRB1Vor6+k6g=;\n b=XrlB2G/2encNknJt6Oqp4uwXPnHLs4XrfKufGTn/84Vj5hQPZxxu+9K9QgnnZqX8Lr\n tGfWbUSaK4usfTAG7JeA+z7XBgShnRz6JEUg9pFpIaNJu4vnB7lzh+lK1VrWxZtkdLvH\n VnV4CijbRUc7W6Z8eKknF42bQBvHj3tTRTj3QAGkkgMV3QMzLxLg30hlQORkriG7HpKX\n r3GvaaJUNfVX3rt+fekug4yoJ3yZNbyr5th9F+2Bt+R8WznX3DmwoQ1Et0uZzTtcpo5d\n 0QCysthbPAHKQkPuJ6PlaYLQxYXyEwybf4Ess4AwuqJ69ZyZVkUtF2s3P5dP37Bvj88K\n lYWg==","X-Gm-Message-State":"AOJu0Yz8Hrnc/uLkBk15INKNyX1bu8rxRTBCgDfhXAKvAM1IxmmXWOC/\n dGjoYcjmsxZc4ue5dEifCFqpTUCqRBP/YhxfjvN6YvUxD3TRXqvWo5DSS1VZ1ZpGyfutosX0Lp+\n WDpixc5aHDni2SjVh5SFWQL+fasOVAPCahwrilJevhb9ruRqWsBVdqWkCC2tz541kQFpdi+wcSm\n a2v4mQDhO+hfxZLarYJrLMv5pJdgRse9Dnmg7FZMY=","X-Gm-Gg":"AeBDietQHvdNE0ySAvGz/xCKHbF8AbJinruB/Acm2uBSdj+fTseY1BQw76mt7nFH7AI\n a3TybXosZHKp5GNAGwKrOdIK+FRQdVz4Hf9KD8CmJVTihk2QGtloUOSOMTRA6P5UeTTmCeV4C1f\n 7xV+DNz1XtDJEUO9Xa6ntLAQ9Gi9vqsq6M6c+Byjaqhl4gNitOtInPExHvM2tx4ydUkOyH0TEmv\n MSqZp+RlqESsgqRZZ9YFCurdnj/tdcB0f1jFaFOQB6jgychloNkBdMybEy2yOhQ2kTzaT+PZGRY\n u0SBquAcO+i77mQRfE85coqzsFkDuUsOK43gVzDZwN53b8DvFTDFCuVdjzhbM/lwhVCnPdCGRHQ\n kvARKmssZPk6J9/s95NWoYQP//mJSIWlaMLSeGnKlfOSpqk/Oyq57PO2wuFaF6l5YcS18lizSvw\n ==","X-Received":["by 2002:a05:6300:68c1:20b0:39f:216:f3f7 with SMTP id\n adf61e73a8af0-3a08d7342bbmr16868867637.21.1776853828453;\n Wed, 22 Apr 2026 03:30:28 -0700 (PDT)","by 2002:a05:6300:68c1:20b0:39f:216:f3f7 with SMTP id\n adf61e73a8af0-3a08d7342bbmr16868804637.21.1776853827636;\n Wed, 22 Apr 2026 03:30:27 -0700 (PDT)"],"From":"Arun Menon ","To":"qemu-devel@nongnu.org","Cc":"Zhao Liu ,\n Stefan Berger ,\n Marcel Apfelbaum ,\n Laurent Vivier , Paolo Bonzini ,\n Fabiano Rosas , Igor Mammedov ,\n marcandre.lureau@redhat.com,\n =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= ,\n \"Michael S. Tsirkin\" , Yanan Wang ,\n Ani Sinha , Arun Menon ","Subject":"[PATCH v5 00/10] hw/tpm: CRB chunking capability to handle PQC","Date":"Wed, 22 Apr 2026 16:00:08 +0530","Message-ID":"<20260422103018.123608-1-armenon@redhat.com>","X-Mailer":"git-send-email 2.53.0","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=170.10.133.124; envelope-from=armenon@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"The move to Post Quantum Cryptography (PQC) changes how we manage\nmemory buffers. Unlike classic crypto algorithms like RSA or ECC which\nused small keys and signatures, PQC algorithms require larger buffers.\n\nThe new version of TCG TPM v185 (currently under review [1]) supports\nsending data/commands in chunks for the CRB (Command Response Buffer)\ninterface. This is in line with the initiative to support PQC algorithms.\n\nThis series implements the logic to send and receive data from the\nlinux guest to the TPM backend in chunks, thereby allowing the\nguest to send larger data buffers. We introduce 2 new control registers\ncalled nextChunk and crbRspRetry that will control the START. We also\nadd the CRB Interface Identifier called CapCRBChunk that is set to 1\nindicating that the device supports chunking. The default maximum\nchunk/buffer size is 3968 (4096 - 128) bytes.\n\nDuring a send operation, the guest driver places data in the CRB buffer\nand signals nextChunk for each segment until the final chunk is reached.\nUpon receiving the START signal, QEMU appends the final chunk to its\ninternal buffer and dispatches the complete command to the TPM backend.\n\nFor responses, the backend's output is buffered. The guest consumes the\nfirst chunk once the START bit is cleared. Subsequent chunks are\nretrieved by the guest toggling the nextChunk bit, which advances the\ninternal buffer offset and populates the CRB data window.\n\nFor this to work, the linux guest tpm driver will also have to\na) probe if CRB chunking is supported\nb) send data in chunks if the command length exceeds the chunk size.\nc) receive data in chunks by sending a nextChunk signal and accumulate.\nThese patches are posted upstream:\nhttps://lore.kernel.org/lkml/20260324181244.17741-1-armenon@redhat.com/\n\nDependencies:\nThis series has a hard dependency on the following patches currently on\nthe mailing list. They must be applied first for this series to function\ncorrectly:\n1. [PATCH 1/2] migration/vmstate: Add VMState support for GByteArray\n Link: https://lore.kernel.org/all/20260422082214.10390-2-armenon@redhat.com/\n2. [PATCH for-11.1] hw: add compat machines for 11.1\n Link: https://lore.kernel.org/all/20260331140347.653404-1-cohuck@redhat.com/\n\n[1] https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p07_rc1_121225.pdf\n\nv5\n--\n- Expose cap-chunk only if the binary is run with the new machine type\n (>11.1). Remove migrate-buffers as this property is not needed.\n- Add x-allow-chunk-migration internal property that will help in\n blocking migration from a source with 11.1 binary and pre 11.1 machine\n type to pre 11.1 binary and pre 11.1 machine type.\n In this case, the source supports cap-chunk, but the destination binary\n is unaware of the new buffers.\n- Add post_load_errp hook, to validate the buffers before the VM is\n started at the destination.\n- Check if cap-chunk is true before processing nextChunk and crbRspRetry\n from the guest. Patches 01, 04 and 06 have undergone changes.\n\nv4\n--\n- Add migration blocker to prevent data loss and new hw_compat property\n called cap_chunk. The chunking feature is now only visible to machine\n type 11.1 and higher.\n- Rename invoke to Start, to comply with the TCG TPM specification.\n- Use g_clear_pointer for safety.\n\nv3\n--\nPatches 1-6\n- Fix the issue with subsequent nextChunk signal from the guest while\n the TPM backend is not done processing the previous request.\n- Add tpm_crb_unrealize() to clear buffers\n- Update hw_compat to 11.1.\n- Use newly introduced GByteArray VMStateInfo for migration.\nPatches 7-10\n- Add Stefan Berger's patches for swtpm profile support, TPM TIS\n migration support with extended buffer and related tests.\n NOTE: I have removed the \"WIP\" prefix and the \"TODO\" regarding dynamic\n allocation from Stefan's final patch, as the static 8192-byte limit is\n sufficient for the current requirements and passes all local testing.\n\nv2\n--\n- Add the VM migration support.\n- Increase the TIS TPM interface max buffer size to 8192.\n\nBased-on: <20260331140347.653404-1-cohuck@redhat.com>\nBased-on: <20260422082214.10390-2-armenon@redhat.com>\n\nArun Menon (6):\n hw/tpm: Add TPM CRB chunking fields\n hw/tpm: Refactor CRB_CTRL_START register access\n hw/tpm: Add internal buffer state for chunking\n hw/tpm: Implement TPM CRB chunking logic\n test/qtest: Add test for tpm crb chunking\n hw/tpm: Add support for VM migration with TPM CRB chunking\n\nStefan Berger (4):\n qtests: Enable starting swtpm with a given profile\n tests: Use ML-DSA-87 operations to caused large TPM transfers with CRB\n tpm: Extend TPM TIS buffer size to 8192 bytes\n tests: Use ML-DSA-87 operations to caused large TPM transfers with TIS\n\n hw/core/machine.c | 5 +-\n hw/tpm/tpm_crb.c | 266 ++++++++++++++++++++++++++++---\n hw/tpm/tpm_tis.h | 2 +\n hw/tpm/tpm_tis_common.c | 23 +++\n hw/tpm/tpm_tis_i2c.c | 24 ++-\n hw/tpm/tpm_tis_isa.c | 24 ++-\n hw/tpm/tpm_tis_sysbus.c | 24 ++-\n include/hw/acpi/tpm.h | 5 +-\n tests/qtest/tpm-crb-swtpm-test.c | 11 ++\n tests/qtest/tpm-tests.c | 102 +++++++++++-\n tests/qtest/tpm-tests.h | 4 +\n tests/qtest/tpm-tis-swtpm-test.c | 11 ++\n tests/qtest/tpm-util.c | 156 ++++++++++++++++--\n tests/qtest/tpm-util.h | 10 +-\n 14 files changed, 620 insertions(+), 47 deletions(-)"}