From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:46948) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QIWit-0007Mr-Eb for qemu-devel@nongnu.org; Fri, 06 May 2011 21:54:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QIWis-0007l1-AG for qemu-devel@nongnu.org; Fri, 06 May 2011 21:54:23 -0400 Received: from hrndva-omtalb.mail.rr.com ([71.74.56.122]:54404) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QIWis-0007kv-8H for qemu-devel@nongnu.org; Fri, 06 May 2011 21:54:22 -0400 Date: Fri, 6 May 2011 20:54:20 -0500 From: "Serge E. Hallyn" Message-ID: <20110507015420.GA15483@mail.hallyn.com> References: <20110506173224.278066589@linux.vnet.ibm.com> <20110506173244.772773627@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110506173244.772773627@linux.vnet.ibm.com> Subject: Re: [Qemu-devel] [PATCH V4 02/10] Add TPM (frontend) hardware interface (TPM TIS) to Qemu List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Berger Cc: serge@hallyn.com, qemu-devel@nongnu.org, andreas.niederl@iaik.tugraz.at Quoting Stefan Berger (stefanb@linux.vnet.ibm.com): > This patch adds the main code of the TPM frontend driver, the TPM TIS > interface, to Qemu. The code is largely based on my previous implementation > for Xen but has been significantly extended to meet the standard's > requirements, such as the support for changing of localities and all the > functionality of the available flags. > > Communication with the backend (i.e., for Xen or the libtpms-based one) > is cleanly separated through an interface which the backend driver needs > to implement. > > The TPM TIS driver's backend was previously chosen in the code added > to arch_init. The frontend holds a pointer to the chosen backend (interface). > > Communication with the backend is largely based on signals and conditions. > Whenever the frontend has collected a complete packet, it will signal > the backend, which then starts processing the command. Once the result > has been returned, the backend invokes a callback function > (tis_tpm_receive_cb()). > > The one tricky part is support for VM suspend while the TPM is processing > a command. In this case the frontend driver is waiting for the backend > to return the result of the last command before shutting down. It waits > on a condition for a signal from the backend, which is delivered in > tis_tpm_receive_cb(). > > Testing the proper functioning of the different flags and localities > cannot be done from user space when running in Linux for example, since > access to the address space of the TPM TIS interface is not possible. Also > the Linux driver itself does not exercise all functionality. So, for > testing there is a fairly extensive test suite as part of the SeaBIOS patches > since from within the BIOS one can have full access to all the TPM's registers. > > v3: > - prefixing functions with tis_ > - added a function to the backend interface 'early_startup_tpm' that > allows to detect the presence of the block storage and gracefully fails > Qemu if it's not available. This works with migration using shared > storage but doesn't support migration with block storage migration. > For encyrypted QCoW2 and in case of a snapshot resue the late_startup_tpm > interface function is called > > Signed-off-by: Stefan Berger Most of this is pretty foreign to me so this doesn't mean much, but Acked-by: Serge Hallyn > +/* Worth pointing out here that this is called with mutex held. > + * read a byte of response data > + */ > +static uint32_t tis_data_read(TPMState *s, uint8_t locty) > +{ > + uint32_t ret = TPM_NO_DATA_BYTE; > + uint16_t len; > + > + if ((s->loc[locty].sts & STS_DATA_AVAILABLE)) { > + len = tis_get_size_from_buffer(&s->loc[locty].r_buffer); > + > + ret = s->loc[locty].r_buffer.buffer[s->loc[locty].r_offset++]; > + if (s->loc[locty].r_offset >= len) { > + /* got last byte */ > + s->loc[locty].sts = STS_VALID;