From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44212) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fIZ62-0007xz-8x for qemu-devel@nongnu.org; Tue, 15 May 2018 08:30:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fIZ5y-0003Tg-Ay for qemu-devel@nongnu.org; Tue, 15 May 2018 08:30:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:55382) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fIZ5y-0003TI-3f for qemu-devel@nongnu.org; Tue, 15 May 2018 08:30:22 -0400 From: marcandre.lureau@redhat.com Date: Tue, 15 May 2018 14:30:03 +0200 Message-Id: <20180515123007.10164-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH 0/4] RFC: ovmf: Add support for TPM Physical Presence interface List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: edk2-devel@lists.01.org Cc: pjones@redhat.com, jiewen.yao@intel.com, stefanb@linux.vnet.ibm.com, lersek@redhat.com, qemu-devel@nongnu.org, javierm@redhat.com, =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= From: Marc-Andr=C3=A9 Lureau Hi, The following series adds basic TPM PPI 1.3 support for OVMF-on-QEMU with TPM2 (I haven't tested TPM1, for lack of interest). PPI test runs successfully with Windows 10 WHLK, despite the limited number of supported funcions (tpm2_ppi_funcs table, in particular, no function allows to manipulate Tcg2PhysicalPresenceFlags) The way it works is relatively simple: a memory region is allocated by QEMU to save PPI related variables. An ACPI interface is exposed by QEMU to let the guest manipulate those. At boot, ovmf processes and updates the PPI qemu region and request variables. I build edk2 with: $ build -DTPM2_ENABLE -DSECURE_BOOT_ENABLE I test with qemu & swtpm/libtpms (tpm2 branches, swtpm_setup.sh --tpm2 --= tpm-state tpmstatedir) $ swtpm socket --tpmstate tpmstatedir --ctrl type=3Dunixio,path=3Dtpmsock= --tpm2 & $ qemu .. -chardev socket,id=3Dchrtpm,path=3Dtpmsock -tpmdev emulator,id=3D= tpm0,chardev=3Dchrtpm -device tpm-crb,tpmdev=3Dtpm0 Github trees: https://github.com/elmarco/edk2/tree/tpm-ppi https://github.com/elmarco/qemu/tree/tpm-ppi Thanks Marc-Andr=C3=A9 Lureau (4): ovmf: add and link with Tcg2PhysicalPresenceLibNull when !TPM2_ENABLE ovmf: add QemuTpm.h header ovmf: replace SecurityPkg with OvfmPkg Tcg2PhysicalPresenceLibQemu ovmf: process TPM PPI request in AfterConsole() OvmfPkg/Include/IndustryStandard/QemuTpm.h | 67 ++ .../PlatformBootManagerLib/BdsPlatform.c | 8 + .../PlatformBootManagerLib.inf | 2 + .../DxeTcg2PhysicalPresenceLib.c | 26 + .../DxeTcg2PhysicalPresenceLib.inf | 34 + .../DxeTcg2PhysicalPresenceLib.c | 881 ++++++++++++++++++ .../DxeTcg2PhysicalPresenceLib.inf | 67 ++ .../DxeTcg2PhysicalPresenceLib.uni | 26 + .../PhysicalPresenceStrings.uni | 49 + OvmfPkg/OvmfPkgIa32.dsc | 4 +- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +- OvmfPkg/OvmfPkgX64.dsc | 4 +- 12 files changed, 1169 insertions(+), 3 deletions(-) create mode 100644 OvmfPkg/Include/IndustryStandard/QemuTpm.h create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2Ph= ysicalPresenceLib.c create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2Ph= ysicalPresenceLib.inf create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2Ph= ysicalPresenceLib.c create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2Ph= ysicalPresenceLib.inf create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2Ph= ysicalPresenceLib.uni create mode 100644 OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/PhysicalP= resenceStrings.uni --=20 2.17.0.253.g3dd125b46d