From: Vladislav Yaroshchuk <yaroshchuk2000@gmail.com>
To: qemu-devel@nongnu.org
Cc: Vladislav Yaroshchuk <yaroshchuk2000@gmail.com>,
qemu-trivial@nongnu.org, laurent@vivier.eu, agraf@suse.de,
r.bolshakov@yadro.com, suse@csgraf.de, f4bug@amsat.org
Subject: [PATCH v4] isa-applesmc: provide OSK forwarding on Apple hosts
Date: Fri, 22 Oct 2021 19:14:48 +0300 [thread overview]
Message-ID: <20211022161448.81579-1-yaroshchuk2000@gmail.com> (raw)
On Apple hosts we can read AppleSMC OSK key directly from host's
SMC and forward this value to QEMU Guest.
Usage:
`-device isa-applesmc,hostosk=on`
Apple licence allows use and run up to two additional copies
or instances of macOS operating within virtual operating system
environments on each Apple-branded computer that is already running
the Apple Software, for purposes of:
- software development
- testing during software development
- using macOS Server
- personal, non-commercial use
Guest macOS requires AppleSMC with correct OSK. The most legal
way to pass it to the Guest is to forward the key from host SMC
without any value exposion.
Based on https://web.archive.org/web/20200103161737/osxbook.com/book/bonus/chapter7/tpmdrmmyth/
Signed-off-by: Vladislav Yaroshchuk <yaroshchuk2000@gmail.com>
---
hw/misc/applesmc.c | 155 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 154 insertions(+), 1 deletion(-)
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
index 1b9acaf1d3..6bdec0063b 100644
--- a/hw/misc/applesmc.c
+++ b/hw/misc/applesmc.c
@@ -37,6 +37,11 @@
#include "qemu/module.h"
#include "qemu/timer.h"
#include "qom/object.h"
+#include "qapi/error.h"
+
+#if defined(__APPLE__)
+#include <IOKit/IOKitLib.h>
+#endif
/* #define DEBUG_SMC */
@@ -108,6 +113,7 @@ struct AppleSMCState {
uint8_t data_len;
uint8_t data_pos;
uint8_t data[255];
+ bool hostosk_flag;
char *osk;
QLIST_HEAD(, AppleSMCData) data_def;
};
@@ -312,9 +318,136 @@ static const MemoryRegionOps applesmc_err_io_ops = {
},
};
+#if defined(__APPLE__)
+/*
+ * Based on
+ * https://web.archive.org/web/20200103161737/osxbook.com/book/bonus/chapter7/tpmdrmmyth/
+ */
+enum {
+ SMC_CLIENT_OPEN = 0,
+ SMC_CLIENT_CLOSE = 1,
+ SMC_HANDLE_EVENT = 2,
+ SMC_READ_KEY = 5
+};
+
+struct AppleSMCParam {
+ uint32_t key;
+ uint8_t pad0[22];
+ IOByteCount data_size;
+ uint8_t pad1[10];
+ uint8_t command;
+ uint32_t pad2;
+ uint8_t bytes[32];
+};
+
+static bool applesmc_read_host_osk(char **host_osk, Error **errp)
+{
+ assert(host_osk != NULL);
+
+ io_service_t hostsmc_service = IO_OBJECT_NULL;
+ io_connect_t hostsmc_connect = IO_OBJECT_NULL;
+ size_t out_size = sizeof(struct AppleSMCParam);
+ IOReturn status = kIOReturnError;
+ struct AppleSMCParam in = {0};
+ struct AppleSMCParam out = {0};
+
+ /* OSK key size + '\0' */
+ *host_osk = g_malloc0(65);
+ (*host_osk)[64] = '\0';
+
+ hostsmc_service = IOServiceGetMatchingService(kIOMasterPortDefault,
+ IOServiceMatching("AppleSMC"));
+ if (hostsmc_service == IO_OBJECT_NULL) {
+ error_setg(errp, "Unable to get host-AppleSMC service");
+ goto error_osk_buffer_free;
+ }
+
+ status = IOServiceOpen(hostsmc_service,
+ mach_task_self(),
+ 1,
+ &hostsmc_connect);
+ if (status != kIOReturnSuccess || hostsmc_connect == IO_OBJECT_NULL) {
+ error_setg(errp, "Unable to open host-AppleSMC service");
+ goto error_osk_buffer_free;
+ }
+
+ status = IOConnectCallMethod(
+ hostsmc_connect,
+ SMC_CLIENT_OPEN,
+ NULL, 0, NULL, 0, NULL, NULL, NULL, NULL
+ );
+ if (status != kIOReturnSuccess) {
+ error_setg(errp, "Unable to connect to host-AppleSMC");
+ goto error_ioservice_close;
+ }
+
+ in.key = ('OSK0');
+ in.data_size = sizeof(out.bytes);
+ in.command = SMC_READ_KEY;
+ status = IOConnectCallStructMethod(
+ hostsmc_connect,
+ SMC_HANDLE_EVENT,
+ &in,
+ sizeof(struct AppleSMCParam),
+ &out,
+ &out_size
+ );
+
+ if (status != kIOReturnSuccess) {
+ error_setg(errp, "Unable to read OSK0 from host-AppleSMC");
+ goto error_ioconnect_close;
+ }
+ strncpy(*host_osk, (const char *) out.bytes, 32);
+
+ in.key = ('OSK1');
+ in.data_size = sizeof(out.bytes);
+ in.command = SMC_READ_KEY;
+ status = IOConnectCallStructMethod(
+ hostsmc_connect,
+ SMC_HANDLE_EVENT,
+ &in,
+ sizeof(struct AppleSMCParam),
+ &out,
+ &out_size
+ );
+ if (status != kIOReturnSuccess) {
+ error_setg(errp, "Unable to read OSK1 from host-AppleSMC");
+ goto error_ioconnect_close;
+ }
+ strncpy((*host_osk) + 32, (const char *) out.bytes, 32);
+
+ IOConnectCallMethod(
+ hostsmc_connect,
+ SMC_CLIENT_CLOSE,
+ NULL, 0, NULL, 0, NULL, NULL, NULL, NULL);
+ IOServiceClose(hostsmc_connect);
+ return true;
+
+error_ioconnect_close:
+ IOConnectCallMethod(
+ hostsmc_connect,
+ SMC_CLIENT_CLOSE,
+ NULL, 0, NULL, 0, NULL, NULL, NULL, NULL);
+error_ioservice_close:
+ IOServiceClose(hostsmc_connect);
+
+error_osk_buffer_free:
+ g_free(*host_osk);
+ return false;
+}
+#else
+static bool applesmc_read_host_osk(char **output_key, Error **errp)
+{
+ error_setg(errp, "isa-applesmc.hostosk ignored: "
+ "unsupported on non-Apple hosts");
+ return false;
+}
+#endif
+
static void applesmc_isa_realize(DeviceState *dev, Error **errp)
{
- AppleSMCState *s = APPLE_SMC(dev);
+ AppleSMCState *s = APPLE_SMC(dev);
+ Error *err = NULL;
memory_region_init_io(&s->io_data, OBJECT(s), &applesmc_data_io_ops, s,
"applesmc-data", 1);
@@ -331,6 +464,25 @@ static void applesmc_isa_realize(DeviceState *dev, Error **errp)
isa_register_ioport(&s->parent_obj, &s->io_err,
s->iobase + APPLESMC_ERR_PORT);
+ if (s->hostosk_flag) {
+ /*
+ * Property 'hostosk' has higher priority than 'osk'
+ * and shadows it.
+ * Free user-provided 'osk' property value
+ */
+ if (s->osk) {
+ warn_report("isa-applesmc.osk is shadowed "
+ "by isa-applesmc.hostosk");
+ g_free(s->osk);
+ }
+
+ if (!applesmc_read_host_osk(&s->osk, &err)) {
+ /* On host OSK retrieval error report a warning */
+ error_report_err(err);
+ s->osk = default_osk;
+ }
+ }
+
if (!s->osk || (strlen(s->osk) != 64)) {
warn_report("Using AppleSMC with invalid key");
s->osk = default_osk;
@@ -344,6 +496,7 @@ static Property applesmc_isa_properties[] = {
DEFINE_PROP_UINT32(APPLESMC_PROP_IO_BASE, AppleSMCState, iobase,
APPLESMC_DEFAULT_IOBASE),
DEFINE_PROP_STRING("osk", AppleSMCState, osk),
+ DEFINE_PROP_BOOL("hostosk", AppleSMCState, hostosk_flag, false),
DEFINE_PROP_END_OF_LIST(),
};
--
2.23.0
next reply other threads:[~2021-10-22 16:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-22 16:14 Vladislav Yaroshchuk [this message]
2021-10-25 10:13 ` [PATCH v4] isa-applesmc: provide OSK forwarding on Apple hosts Alexander Graf
2021-10-25 14:14 ` Vladislav Yaroshchuk
2021-10-25 14:22 ` Daniel P. Berrangé
2021-10-25 14:42 ` Alexander Graf
2021-10-25 14:47 ` Daniel P. Berrangé
2021-10-25 14:53 ` Alexander Graf
2021-10-25 15:10 ` Daniel P. Berrangé
2021-10-25 19:45 ` Alexander Graf
2021-10-26 8:42 ` Daniel P. Berrangé
2021-10-26 10:41 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022161448.81579-1-yaroshchuk2000@gmail.com \
--to=yaroshchuk2000@gmail.com \
--cc=agraf@suse.de \
--cc=f4bug@amsat.org \
--cc=laurent@vivier.eu \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=r.bolshakov@yadro.com \
--cc=suse@csgraf.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).