* [PATCH v7 0/3] Add support for TPM devices over I2C bus
@ 2023-03-26 22:44 Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 1/3] docs: " Ninad Palsule
` (3 more replies)
0 siblings, 4 replies; 24+ messages in thread
From: Ninad Palsule @ 2023-03-26 22:44 UTC (permalink / raw)
To: qemu-devel; +Cc: Ninad Palsule, joel, andrew, stefanb, clg
Hello,
I have incorporated review comments from Stefan. Please review.
This drop adds support for the TPM devices attached to the I2C bus. It
only supports the TPM2 protocol. You need to run it with the external
TPM emulator like swtpm. I have tested it with swtpm.
I have refered to the work done by zhdaniel@meta.com but at the core
level out implementation is different.
https://github.com/theopolis/qemu/commit/2e2e57cde9e419c36af8071bb85392ad1ed70966
Based-on: $MESSAGE_ID
Ninad Palsule (3):
docs: Add support for TPM devices over I2C bus
tpm: Extend common APIs to support TPM TIS I2C
tpm: Add support for TPM device over I2C bus
docs/specs/tpm.rst | 32 +++
hw/arm/Kconfig | 1 +
hw/tpm/Kconfig | 7 +
hw/tpm/meson.build | 1 +
hw/tpm/tpm_tis.h | 3 +
hw/tpm/tpm_tis_common.c | 36 ++-
hw/tpm/tpm_tis_i2c.c | 540 ++++++++++++++++++++++++++++++++++++++++
hw/tpm/trace-events | 6 +
include/hw/acpi/tpm.h | 31 +++
include/sysemu/tpm.h | 3 +
10 files changed, 652 insertions(+), 8 deletions(-)
create mode 100644 hw/tpm/tpm_tis_i2c.c
--
2.37.2
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-26 22:44 [PATCH v7 0/3] Add support for TPM devices over I2C bus Ninad Palsule
@ 2023-03-26 22:44 ` Ninad Palsule
2023-03-27 7:47 ` Joel Stanley
2023-03-26 22:44 ` [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C Ninad Palsule
` (2 subsequent siblings)
3 siblings, 1 reply; 24+ messages in thread
From: Ninad Palsule @ 2023-03-26 22:44 UTC (permalink / raw)
To: qemu-devel; +Cc: Ninad Palsule, joel, andrew, stefanb, clg
This is a documentation change for I2C TPM device support.
Qemu already supports devices attached to ISA and sysbus.
This drop adds support for the I2C bus attached TPM devices.
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
---
V2:
Incorporated Stephen's review comments
- Added example in the document.
---
V4:
Incorporate Cedric & Stefan's comments
- Added example for ast2600-evb
- Corrected statement about arm virtual machine.
---
V6:
Incorporated review comments from Stefan.
---
docs/specs/tpm.rst | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
index 535912a92b..590e670a9a 100644
--- a/docs/specs/tpm.rst
+++ b/docs/specs/tpm.rst
@@ -21,12 +21,16 @@ QEMU files related to TPM TIS interface:
- ``hw/tpm/tpm_tis_common.c``
- ``hw/tpm/tpm_tis_isa.c``
- ``hw/tpm/tpm_tis_sysbus.c``
+ - ``hw/tpm/tpm_tis_i2c.c``
- ``hw/tpm/tpm_tis.h``
Both an ISA device and a sysbus device are available. The former is
used with pc/q35 machine while the latter can be instantiated in the
Arm virt machine.
+An I2C device support is also provided which can be instantiated in the Arm
+based emulation machines. This device only supports the TPM 2 protocol.
+
CRB interface
-------------
@@ -348,6 +352,34 @@ In case an Arm virt machine is emulated, use the following command line:
-drive if=pflash,format=raw,file=flash0.img,readonly=on \
-drive if=pflash,format=raw,file=flash1.img
+In case a ast2600-evb bmc machine is emulated and want to use TPM device
+attached to I2C bus, use the following command line:
+
+.. code-block:: console
+
+ qemu-system-arm -M ast2600-evb -nographic \
+ -kernel arch/arm/boot/zImage \
+ -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
+ -initrd rootfs.cpio \
+ -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm \
+ -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
+
+In case a Rainier bmc machine is emulated and want to use TPM device
+attached to I2C bus, use the following command line:
+
+.. code-block:: console
+
+ qemu-system-arm -M rainier-bmc -nographic \
+ -kernel ${IMAGEPATH}/fitImage-linux.bin \
+ -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
+ -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
+ -drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2\
+ -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443\
+ -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm \
+ -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
+
In case SeaBIOS is used as firmware, it should show the TPM menu item
after entering the menu with 'ESC'.
--
2.37.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C
2023-03-26 22:44 [PATCH v7 0/3] Add support for TPM devices over I2C bus Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 1/3] docs: " Ninad Palsule
@ 2023-03-26 22:44 ` Ninad Palsule
2023-03-27 0:14 ` Stefan Berger
2023-03-26 22:44 ` [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus Ninad Palsule
2023-03-27 1:05 ` [PATCH v7 0/3] Add support for TPM devices " Joel Stanley
3 siblings, 1 reply; 24+ messages in thread
From: Ninad Palsule @ 2023-03-26 22:44 UTC (permalink / raw)
To: qemu-devel; +Cc: Ninad Palsule, joel, andrew, stefanb, clg
Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices.
This commit includes changes for the common code.
- Added support for the new checksum registers which are required for
the I2C support. The checksum calculation is handled in the qemu
common code.
- Added wrapper function for read and write data so that I2C code can
call it without MMIO interface.
The TPM TIS I2C spec describes in the table in section "Interface Locality
Usage per Register" that the TPM_INT_ENABLE and TPM_INT_STATUS registers
must be writable for any locality even if the locality is not the active
locality. Therefore, remove the checks whether the writing locality is the
active locality for these registers.
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
V2:
Incorporated Stephen's comments.
- Removed checksum enable and checksum get registers.
- Added checksum calculation function which can be called from
i2c layer.
---
V3:
Incorporated review comments from Cedric and Stefan.
- Pass locality to the checksum calculation function and cleanup
- Moved I2C related definations in the acpi/tpm.h
---
V4:
Incorporated review comments by Stefan
- Remove the check for locality while calculating checksum
- Use bswap16 instead of cpu_ti_be16.
- Rename TPM_I2C register by dropping _TIS_ from it.
---
V7:
Incorporated review comments from Stefan.
- Removed locality check from INT_ENABLE and INT_STATUS registers write
path.
- Moved TPM_DATA_CSUM_ENABLED define in the tpm.h
---
hw/tpm/tpm_tis.h | 3 +++
hw/tpm/tpm_tis_common.c | 36 ++++++++++++++++++++++++++++--------
include/hw/acpi/tpm.h | 31 +++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+), 8 deletions(-)
diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index f6b5872ba6..6f29a508dd 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -86,5 +86,8 @@ int tpm_tis_pre_save(TPMState *s);
void tpm_tis_reset(TPMState *s);
enum TPMVersion tpm_tis_get_tpm_version(TPMState *s);
void tpm_tis_request_completed(TPMState *s, int ret);
+uint32_t tpm_tis_read_data(TPMState *s, hwaddr addr, unsigned size);
+void tpm_tis_write_data(TPMState *s, hwaddr addr, uint64_t val, uint32_t size);
+uint16_t tpm_tis_get_checksum(TPMState *s);
#endif /* TPM_TPM_TIS_H */
diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
index 503be2a541..c07c179dbc 100644
--- a/hw/tpm/tpm_tis_common.c
+++ b/hw/tpm/tpm_tis_common.c
@@ -26,6 +26,8 @@
#include "hw/irq.h"
#include "hw/isa/isa.h"
#include "qapi/error.h"
+#include "qemu/bswap.h"
+#include "qemu/crc-ccitt.h"
#include "qemu/module.h"
#include "hw/acpi/tpm.h"
@@ -447,6 +449,23 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
return val;
}
+/*
+ * A wrapper read function so that it can be directly called without
+ * mmio.
+ */
+uint32_t tpm_tis_read_data(TPMState *s, hwaddr addr, unsigned size)
+{
+ return tpm_tis_mmio_read(s, addr, size);
+}
+
+/*
+ * Calculate current data buffer checksum
+ */
+uint16_t tpm_tis_get_checksum(TPMState *s)
+{
+ return bswap16(crc_ccitt(0, s->buffer, s->rw_offset));
+}
+
/*
* Write a value to a register of the TIS interface
* See specs pages 33-63 for description of the registers
@@ -588,10 +607,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
break;
case TPM_TIS_REG_INT_ENABLE:
- if (s->active_locty != locty) {
- break;
- }
-
s->loc[locty].inte &= mask;
s->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
TPM_TIS_INT_POLARITY_MASK |
@@ -601,10 +616,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
/* hard wired -- ignore */
break;
case TPM_TIS_REG_INT_STATUS:
- if (s->active_locty != locty) {
- break;
- }
-
/* clearing of interrupt flags */
if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
(s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
@@ -767,6 +778,15 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
}
}
+/*
+ * A wrapper write function so that it can be directly called without
+ * mmio.
+ */
+void tpm_tis_write_data(TPMState *s, hwaddr addr, uint64_t val, uint32_t size)
+{
+ tpm_tis_mmio_write(s, addr, val, size);
+}
+
const MemoryRegionOps tpm_tis_memory_ops = {
.read = tpm_tis_mmio_read,
.write = tpm_tis_mmio_write,
diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
index 559ba6906c..39f1300aa0 100644
--- a/include/hw/acpi/tpm.h
+++ b/include/hw/acpi/tpm.h
@@ -93,6 +93,7 @@
#define TPM_TIS_CAP_DATA_TRANSFER_64B (3 << 9)
#define TPM_TIS_CAP_DATA_TRANSFER_LEGACY (0 << 9)
#define TPM_TIS_CAP_BURST_COUNT_DYNAMIC (0 << 8)
+#define TPM_TIS_CAP_BURST_COUNT_STATIC (1 << 8)
#define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */
#define TPM_TIS_CAPABILITIES_SUPPORTED1_3 \
(TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
@@ -209,6 +210,36 @@ REG32(CRB_DATA_BUFFER, 0x80)
#define TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ (4 << 0)
#define TPM_PPI_FUNC_MASK (7 << 0)
+/* TPM TIS I2C registers */
+#define TPM_I2C_REG_LOC_SEL 0x00
+#define TPM_I2C_REG_ACCESS 0x04
+#define TPM_I2C_REG_INT_ENABLE 0x08
+#define TPM_I2C_REG_INT_CAPABILITY 0x14
+#define TPM_I2C_REG_STS 0x18
+#define TPM_I2C_REG_DATA_FIFO 0x24
+#define TPM_I2C_REG_INTF_CAPABILITY 0x30
+#define TPM_I2C_REG_I2C_DEV_ADDRESS 0x38
+#define TPM_I2C_REG_DATA_CSUM_ENABLE 0x40
+#define TPM_I2C_REG_DATA_CSUM_GET 0x44
+#define TPM_I2C_REG_DID_VID 0x48
+#define TPM_I2C_REG_RID 0x4c
+#define TPM_I2C_REG_UNKNOWN 0xff
+
+/* I2C specific interface capabilities */
+#define TPM_I2C_CAP_INTERFACE_TYPE (0x2 << 0) /* FIFO interface */
+#define TPM_I2C_CAP_INTERFACE_VER (0x0 << 4) /* TCG I2C intf 1.0 */
+#define TPM_I2C_CAP_TPM2_FAMILY (0x1 << 7) /* TPM 2.0 family. */
+#define TPM_I2C_CAP_DEV_ADDR_CHANGE (0x0 << 27) /* No dev addr chng */
+#define TPM_I2C_CAP_BURST_COUNT_STATIC (0x1 << 29) /* Burst count static */
+#define TPM_I2C_CAP_LOCALITY_CAP (0x1 << 25) /* 0-5 locality */
+#define TPM_I2C_CAP_BUS_SPEED (3 << 21) /* std and fast mode */
+
+/* TPM_STS mask for read bits 31:26 must be zero */
+#define TPM_I2C_STS_READ_MASK 0x03ffffff
+
+/* Checksum enabled. */
+#define TPM_DATA_CSUM_ENABLED 0x1
+
void tpm_build_ppi_acpi(TPMIf *tpm, Aml *dev);
#endif /* CONFIG_TPM */
--
2.37.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus
2023-03-26 22:44 [PATCH v7 0/3] Add support for TPM devices over I2C bus Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 1/3] docs: " Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C Ninad Palsule
@ 2023-03-26 22:44 ` Ninad Palsule
2023-03-27 13:40 ` Stefan Berger
2023-03-27 1:05 ` [PATCH v7 0/3] Add support for TPM devices " Joel Stanley
3 siblings, 1 reply; 24+ messages in thread
From: Ninad Palsule @ 2023-03-26 22:44 UTC (permalink / raw)
To: qemu-devel; +Cc: Ninad Palsule, joel, andrew, stefanb, clg
Qemu already supports devices attached to ISA and sysbus. This drop adds
support for the I2C bus attached TPM devices. I2C model only supports
TPM2 protocol.
This commit includes changes for the common code.
- Added I2C emulation model. Logic was added in the model to temporarily
cache the data as I2C interface works per byte basis.
- New tpm type "tpm-tis-i2c" added for I2C support. The user has to
provide this string on command line.
Testing:
TPM I2C device module is tested using SWTPM (software based TPM
package). Qemu uses the rainier machine and is connected to swtpm over
the socket interface.
The command to start swtpm is as follows:
$ swtpm socket --tpmstate dir=/tmp/mytpm1 \
--ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
--tpm2 --log level=100
The command to start qemu is as follows:
$ qemu-system-arm -M rainier-bmc -nographic \
-kernel ${IMAGEPATH}/fitImage-linux.bin \
-dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
-initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
-drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2 \
-net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443 \
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
---
V2:
Incorporated Stephen's review comments.
- Handled checksum related register in I2C layer
- Defined I2C interface capabilities and return those instead of
capabilities from TPM TIS. Add required capabilities from TIS.
- Do not cache FIFO data in the I2C layer.
- Make sure that Device address change register is not passed to I2C
layer as capability indicate that it is not supported.
- Added boundary checks.
- Make sure that bits 26-31 are zeroed for the TPM_STS register on read
- Updated Kconfig files for new define.
---
V3:
- Moved processing of register TPM_I2C_LOC_SEL in the I2C. So I2C layer
remembers the locality and pass it to TIS on each read/write.
- The write data is no more cached in the I2C layer so the buffer size
is reduced to 16 bytes.
- Checksum registers are now managed by the I2C layer. Added new
function in TIS layer to return the checksum and used that to process
the request.
- Now 2-4 byte register value will be passed to TIS layer in a single
write call instead of 1 byte at a time. Added functions to convert
between little endian stream of bytes to single 32 bit unsigned
integer. Similarly 32 bit integer to stream of bytes.
- Added restriction on device change register.
- Replace few if-else statement with switch statement for clarity.
- Log warning when unknown register is received.
- Moved all register definations to acpi/tmp.h
---
V4:
Incorporated review comments from Cedric and Stefan.
- Reduced data[] size from 16 byte to 5 bytes.
- Added register name in the mapping table which can be used for
tracing.
- Removed the endian conversion functions instead used simple logic
provided by Stefan.
- Rename I2C registers to reduce the length.
- Added traces for send, recv and event functions. You can turn on trace
on command line by using "-trace "tpm_tis_i2c*" option.
---
V5:
Fixed issues reported by Stefan's test.
- Added mask for the INT_ENABLE register.
- Use correct TIS register for reading interrupt capability.
- Cleanup how register is converted from I2C to TIS and also saved
information like tis_addr and register name in the i2cst so that we
can only convert it once on i2c_send.
- Trace register number for unknown registers.
---
V6:
Fixed review comments from Stefan.
- Fixed some variable size.
- Removed unused variables.
- Added vmstat backin to handle migration.
- Added post load phase to reload tis address and register name.
---
V7:
Incorporated review comments from Stefan.
- Added tpm_tis_i2c_initfn function
- Set the device catagory DEVICE_CATEGORY_MISC.
- Corrected default locality selection.
- Other cleanup. Include file cleanup.
---
hw/arm/Kconfig | 1 +
hw/tpm/Kconfig | 7 +
hw/tpm/meson.build | 1 +
hw/tpm/tpm_tis_i2c.c | 540 +++++++++++++++++++++++++++++++++++++++++++
hw/tpm/trace-events | 6 +
include/sysemu/tpm.h | 3 +
6 files changed, 558 insertions(+)
create mode 100644 hw/tpm/tpm_tis_i2c.c
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index b5aed4aff5..05d6ef1a31 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -6,6 +6,7 @@ config ARM_VIRT
imply VFIO_PLATFORM
imply VFIO_XGMAC
imply TPM_TIS_SYSBUS
+ imply TPM_TIS_I2C
imply NVDIMM
select ARM_GIC
select ACPI
diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig
index 29e82f3c92..a46663288c 100644
--- a/hw/tpm/Kconfig
+++ b/hw/tpm/Kconfig
@@ -1,3 +1,10 @@
+config TPM_TIS_I2C
+ bool
+ depends on TPM
+ select TPM_BACKEND
+ select I2C
+ select TPM_TIS
+
config TPM_TIS_ISA
bool
depends on TPM && ISA_BUS
diff --git a/hw/tpm/meson.build b/hw/tpm/meson.build
index 7abc2d794a..76fe3cb098 100644
--- a/hw/tpm/meson.build
+++ b/hw/tpm/meson.build
@@ -1,6 +1,7 @@
softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true: files('tpm_tis_common.c'))
softmmu_ss.add(when: 'CONFIG_TPM_TIS_ISA', if_true: files('tpm_tis_isa.c'))
softmmu_ss.add(when: 'CONFIG_TPM_TIS_SYSBUS', if_true: files('tpm_tis_sysbus.c'))
+softmmu_ss.add(when: 'CONFIG_TPM_TIS_I2C', if_true: files('tpm_tis_i2c.c'))
softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_crb.c'))
softmmu_ss.add(when: 'CONFIG_TPM_TIS', if_true: files('tpm_ppi.c'))
softmmu_ss.add(when: 'CONFIG_TPM_CRB', if_true: files('tpm_ppi.c'))
diff --git a/hw/tpm/tpm_tis_i2c.c b/hw/tpm/tpm_tis_i2c.c
new file mode 100644
index 0000000000..9346185dce
--- /dev/null
+++ b/hw/tpm/tpm_tis_i2c.c
@@ -0,0 +1,540 @@
+/*
+ * tpm_tis_i2c.c - QEMU's TPM TIS I2C Device
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Implementation of the TIS interface according to specs found at
+ * http://www.trustedcomputinggroup.org. This implementation currently
+ * supports version 1.3, 21 March 2013
+ * In the developers menu choose the PC Client section then find the TIS
+ * specification.
+ *
+ * TPM TIS for TPM 2 implementation following TCG PC Client Platform
+ * TPM Profile (PTP) Specification, Familiy 2.0, Revision 00.43
+ *
+ * TPM I2C implementation follows TCG TPM I2c Interface specification,
+ * Family 2.0, Level 00, Revision 1.00
+ */
+
+#include "qemu/osdep.h"
+#include "hw/i2c/i2c.h"
+#include "hw/sysbus.h"
+#include "hw/acpi/tpm.h"
+#include "migration/vmstate.h"
+#include "tpm_prop.h"
+#include "qemu/log.h"
+#include "trace.h"
+#include "tpm_tis.h"
+
+/* TPM_STS mask for read bits 31:26 must be zero */
+#define TPM_I2C_STS_READ_MASK 0x03ffffff
+
+/* TPM_I2C_INT_ENABLE mask */
+#define TPM_I2C_INT_ENABLE_MASK (TPM_TIS_INT_ENABLED | \
+ TPM_TIS_INT_DATA_AVAILABLE | \
+ TPM_TIS_INT_STS_VALID | \
+ TPM_TIS_INT_LOCALITY_CHANGED | \
+ TPM_TIS_INT_COMMAND_READY)
+
+/* Operations */
+#define OP_SEND 1
+#define OP_RECV 2
+
+typedef struct TPMStateI2C {
+ /*< private >*/
+ I2CSlave parent_obj;
+
+ uint8_t offset; /* offset into data[] */
+ uint8_t operation; /* OP_SEND & OP_RECV */
+ uint8_t data[5]; /* Data */
+
+ /* i2c registers */
+ uint8_t loc_sel; /* Current locality */
+ uint8_t csum_enable; /* Is checksum enabled */
+
+ /* Derived from the above */
+ const char *reg_name; /* Register name */
+ uint32_t tis_addr; /* Converted tis address including locty */
+
+ /*< public >*/
+ TPMState state; /* not a QOM object */
+
+} TPMStateI2C;
+
+DECLARE_INSTANCE_CHECKER(TPMStateI2C, TPM_TIS_I2C,
+ TYPE_TPM_TIS_I2C)
+
+/* Prototype */
+static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst, uint8_t i2c_reg);
+
+/* Register map */
+typedef struct regMap {
+ uint8_t i2c_reg; /* I2C register */
+ uint16_t tis_reg; /* TIS register */
+ const char *reg_name; /* Register name */
+} I2CRegMap;
+
+/*
+ * The register values in the common code is different than the latest
+ * register numbers as per the spec hence add the conversion map
+ */
+static const I2CRegMap tpm_tis_reg_map[] = {
+ /*
+ * These registers are sent to TIS layer. The register with UNKNOWN
+ * mapping are not sent to TIS layer and handled in I2c layer.
+ * NOTE: Adding frequently used registers at the start
+ */
+ { TPM_I2C_REG_DATA_FIFO, TPM_TIS_REG_DATA_FIFO, "FIFO", },
+ { TPM_I2C_REG_STS, TPM_TIS_REG_STS, "STS", },
+ { TPM_I2C_REG_DATA_CSUM_GET, TPM_I2C_REG_UNKNOWN, "CSUM_GET", },
+ { TPM_I2C_REG_LOC_SEL, TPM_I2C_REG_UNKNOWN, "LOC_SEL", },
+ { TPM_I2C_REG_ACCESS, TPM_TIS_REG_ACCESS, "ACCESS", },
+ { TPM_I2C_REG_INT_ENABLE, TPM_TIS_REG_INT_ENABLE, "INTR_ENABLE",},
+ { TPM_I2C_REG_INT_CAPABILITY, TPM_TIS_REG_INT_ENABLE, "INTR_CAP", },
+ { TPM_I2C_REG_INTF_CAPABILITY, TPM_TIS_REG_INTF_CAPABILITY, "INTF_CAP", },
+ { TPM_I2C_REG_DID_VID, TPM_TIS_REG_DID_VID, "DID_VID", },
+ { TPM_I2C_REG_RID, TPM_TIS_REG_RID, "RID", },
+ { TPM_I2C_REG_I2C_DEV_ADDRESS, TPM_I2C_REG_UNKNOWN, "DEV_ADDRESS",},
+ { TPM_I2C_REG_DATA_CSUM_ENABLE, TPM_I2C_REG_UNKNOWN, "CSUM_ENABLE",},
+};
+
+static int tpm_tis_i2c_pre_save(void *opaque)
+{
+ TPMStateI2C *i2cst = opaque;
+
+ return tpm_tis_pre_save(&i2cst->state);
+}
+
+static int tpm_tis_i2c_post_load(void *opaque, int version_id)
+{
+ TPMStateI2C *i2cst = opaque;
+
+ if (i2cst->offset >= 1) {
+ tpm_tis_i2c_to_tis_reg(i2cst, i2cst->data[0]);
+ }
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_tpm_tis_i2c = {
+ .name = "tpm-tis-i2c",
+ .version_id = 0,
+ .pre_save = tpm_tis_i2c_pre_save,
+ .post_load = tpm_tis_i2c_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_BUFFER(state.buffer, TPMStateI2C),
+ VMSTATE_UINT16(state.rw_offset, TPMStateI2C),
+ VMSTATE_UINT8(state.active_locty, TPMStateI2C),
+ VMSTATE_UINT8(state.aborting_locty, TPMStateI2C),
+ VMSTATE_UINT8(state.next_locty, TPMStateI2C),
+
+ VMSTATE_STRUCT_ARRAY(state.loc, TPMStateI2C, TPM_TIS_NUM_LOCALITIES, 0,
+ vmstate_locty, TPMLocality),
+
+ /* i2c specifics */
+ VMSTATE_UINT8(offset, TPMStateI2C),
+ VMSTATE_UINT8(operation, TPMStateI2C),
+ VMSTATE_BUFFER(data, TPMStateI2C),
+ VMSTATE_UINT8(loc_sel, TPMStateI2C),
+ VMSTATE_UINT8(csum_enable, TPMStateI2C),
+
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+/*
+ * Generate interface capability based on what is returned by TIS and what is
+ * expected by I2C. Save the capability in the data array overwriting the TIS
+ * capability.
+ */
+static uint32_t tpm_i2c_interface_capability(TPMStateI2C *i2cst,
+ uint32_t tis_cap)
+{
+ uint32_t i2c_cap;
+
+ /* Now generate i2c capability */
+ i2c_cap = (TPM_I2C_CAP_INTERFACE_TYPE |
+ TPM_I2C_CAP_INTERFACE_VER |
+ TPM_I2C_CAP_TPM2_FAMILY |
+ TPM_I2C_CAP_LOCALITY_CAP |
+ TPM_I2C_CAP_BUS_SPEED |
+ TPM_I2C_CAP_DEV_ADDR_CHANGE);
+
+ /* Now check the TIS and set some capabilities */
+
+ /* Static burst count set */
+ if (tis_cap & TPM_TIS_CAP_BURST_COUNT_STATIC) {
+ i2c_cap |= TPM_I2C_CAP_BURST_COUNT_STATIC;
+ }
+
+ return i2c_cap;
+}
+
+/* Convert I2C register to TIS address and returns the name of the register */
+static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst, uint8_t i2c_reg)
+{
+ const I2CRegMap *reg_map;
+ int i;
+
+ i2cst->tis_addr = 0xffffffff;
+
+ for (i = 0; i < ARRAY_SIZE(tpm_tis_reg_map); i++) {
+ reg_map = &tpm_tis_reg_map[i];
+ if (reg_map->i2c_reg == i2c_reg) {
+ i2cst->reg_name = reg_map->reg_name;
+ i2cst->tis_addr = reg_map->tis_reg;
+ if (i2cst->loc_sel != TPM_TIS_NO_LOCALITY) {
+ /* Include the locality in the address. */
+ i2cst->tis_addr += (i2cst->loc_sel << TPM_TIS_LOCALITY_SHIFT);
+ }
+ break;
+ }
+ }
+
+ if (i2cst->tis_addr == 0xffffffff) {
+ qemu_log_mask(LOG_UNIMP, "%s: Could not convert i2c register: 0x%X\n",
+ __func__, i2cst->data[0]);
+ }
+}
+
+/* Clear some fields from the structure. */
+static inline void tpm_tis_i2c_clear_data(TPMStateI2C *i2cst)
+{
+ /* Clear operation and offset */
+ i2cst->operation = 0;
+ i2cst->offset = 0;
+ i2cst->tis_addr = 0xffffffff;
+ i2cst->reg_name = NULL;
+ memset(i2cst->data, 0, sizeof(i2cst->data));
+
+ return;
+}
+
+/* Send data to TPM */
+static inline void tpm_tis_i2c_tpm_send(TPMStateI2C *i2cst)
+{
+ uint32_t data;
+
+ if ((i2cst->operation == OP_SEND) && (i2cst->offset > 1)) {
+
+ switch (i2cst->data[0]) {
+ case TPM_I2C_REG_DATA_CSUM_ENABLE:
+ /*
+ * Checksum is not handled by TIS code hence we will consume the
+ * register here.
+ */
+ i2cst->csum_enable = TPM_DATA_CSUM_ENABLED;
+ break;
+ case TPM_I2C_REG_DATA_FIFO:
+ /* Handled in the main i2c_send function */
+ break;
+ case TPM_I2C_REG_LOC_SEL:
+ /*
+ * This register is not handled by TIS so save the locality
+ * locally
+ */
+ i2cst->loc_sel = i2cst->data[1];
+ break;
+ default:
+ /* We handle non-FIFO here */
+
+ /* Index 0 is a register. Convert byte stream to uint32_t */
+ data = i2cst->data[1];
+ data |= i2cst->data[2] << 8;
+ data |= i2cst->data[3] << 16;
+ data |= i2cst->data[4] << 24;
+
+ /* Add register specific masking */
+ switch (i2cst->data[0]) {
+ case TPM_I2C_REG_INT_ENABLE:
+ data &= TPM_I2C_INT_ENABLE_MASK;
+ break;
+ }
+
+ tpm_tis_write_data(&i2cst->state, i2cst->tis_addr, data, 4);
+ break;
+ }
+
+ tpm_tis_i2c_clear_data(i2cst);
+ }
+
+ return;
+}
+
+/* Callback from TPM to indicate that response is copied */
+static void tpm_tis_i2c_request_completed(TPMIf *ti, int ret)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(ti);
+ TPMState *s = &i2cst->state;
+
+ /* Inform the common code. */
+ tpm_tis_request_completed(s, ret);
+}
+
+static enum TPMVersion tpm_tis_i2c_get_tpm_version(TPMIf *ti)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(ti);
+ TPMState *s = &i2cst->state;
+
+ return tpm_tis_get_tpm_version(s);
+}
+
+static int tpm_tis_i2c_event(I2CSlave *i2c, enum i2c_event event)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
+ int ret = 0;
+
+ switch (event) {
+ case I2C_START_RECV:
+ trace_tpm_tis_i2c_event("START_RECV");
+ break;
+ case I2C_START_SEND:
+ trace_tpm_tis_i2c_event("START_SEND");
+ tpm_tis_i2c_clear_data(i2cst);
+ break;
+ case I2C_FINISH:
+ trace_tpm_tis_i2c_event("FINISH");
+ if (i2cst->operation == OP_SEND) {
+ tpm_tis_i2c_tpm_send(i2cst);
+ } else {
+ tpm_tis_i2c_clear_data(i2cst);
+ }
+ break;
+ default:
+ break;
+ }
+
+ return ret;
+}
+
+/*
+ * If data is for FIFO then it is received from tpm_tis_common buffer
+ * otherwise it will be handled using single call to common code and
+ * cached in the local buffer.
+ */
+static uint8_t tpm_tis_i2c_recv(I2CSlave *i2c)
+{
+ int ret = 0;
+ uint32_t data_read;
+ TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
+ TPMState *s = &i2cst->state;
+ uint16_t i2c_reg = i2cst->data[0];
+
+ if (i2cst->operation == OP_RECV) {
+
+ /* Do not cache FIFO data. */
+ if (i2cst->data[0] == TPM_I2C_REG_DATA_FIFO) {
+ data_read = tpm_tis_read_data(s, i2cst->tis_addr, 1);
+ ret = (data_read & 0xff);
+ } else if (i2cst->offset < sizeof(i2cst->data)) {
+ ret = i2cst->data[i2cst->offset++];
+ }
+
+ } else if ((i2cst->operation == OP_SEND) && (i2cst->offset < 2)) {
+ /* First receive call after send */
+
+ i2cst->operation = OP_RECV;
+
+ switch (i2c_reg) {
+ case TPM_I2C_REG_LOC_SEL:
+ /* Location selection register is managed by i2c */
+ i2cst->data[1] = i2cst->loc_sel;
+ break;
+ case TPM_I2C_REG_DATA_FIFO:
+ /* FIFO data is directly read from TPM TIS */
+ data_read = tpm_tis_read_data(s, i2cst->tis_addr, 1);
+ i2cst->data[1] = (data_read & 0xff);
+ break;
+ case TPM_I2C_REG_DATA_CSUM_ENABLE:
+ i2cst->data[1] = i2cst->csum_enable;
+ break;
+ case TPM_I2C_REG_DATA_CSUM_GET:
+ /*
+ * Checksum registers are not supported by common code hence
+ * call a common code to get the checksum.
+ */
+ data_read = tpm_tis_get_checksum(s);
+
+ /* Save the byte stream in data field */
+ i2cst->data[1] = (data_read & 0xff);
+ i2cst->data[2] = ((data_read >> 8) & 0xff);
+ break;
+ default:
+ data_read = tpm_tis_read_data(s, i2cst->tis_addr, 4);
+
+ switch (i2c_reg) {
+ case TPM_I2C_REG_INTF_CAPABILITY:
+ /* Prepare the capabilities as per I2C interface */
+ data_read = tpm_i2c_interface_capability(i2cst,
+ data_read);
+ break;
+ case TPM_I2C_REG_STS:
+ /*
+ * As per specs, STS bit 31:26 are reserved and must
+ * be set to 0
+ */
+ data_read &= TPM_I2C_STS_READ_MASK;
+ break;
+ }
+
+ /* Save byte stream in data[] */
+ i2cst->data[1] = data_read;
+ i2cst->data[2] = data_read >> 8;
+ i2cst->data[3] = data_read >> 16;
+ i2cst->data[4] = data_read >> 24;
+ break;
+ }
+
+ /* Return first byte with this call */
+ i2cst->offset = 1; /* keep the register value intact for debug */
+ ret = i2cst->data[i2cst->offset++];
+ } else {
+ i2cst->operation = OP_RECV;
+ }
+
+ trace_tpm_tis_i2c_recv(ret);
+
+ return ret;
+}
+
+/*
+ * Send function only remembers data in the buffer and then calls
+ * TPM TIS common code during FINISH event.
+ */
+static int tpm_tis_i2c_send(I2CSlave *i2c, uint8_t data)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
+
+ /* Reject non-supported registers. */
+ if (i2cst->offset == 0) {
+ /* Convert I2C register to TIS register */
+ tpm_tis_i2c_to_tis_reg(i2cst, data);
+ if (i2cst->tis_addr == 0xffffffff) {
+ return 0xffffffff;
+ }
+
+ trace_tpm_tis_i2c_send_reg(i2cst->reg_name, data);
+
+ /* We do not support device address change */
+ if (data == TPM_I2C_REG_I2C_DEV_ADDRESS) {
+ qemu_log_mask(LOG_UNIMP, "%s: Device address change "
+ "is not supported.\n", __func__);
+ return 0xffffffff;
+ }
+ } else {
+ trace_tpm_tis_i2c_send(data);
+ }
+
+ if (i2cst->offset < sizeof(i2cst->data)) {
+ i2cst->operation = OP_SEND;
+
+ /* Remember data locally for non-FIFO registers */
+ if ((i2cst->offset == 0) ||
+ (i2cst->data[0] != TPM_I2C_REG_DATA_FIFO)) {
+ i2cst->data[i2cst->offset++] = data;
+ } else {
+ tpm_tis_write_data(&i2cst->state, i2cst->tis_addr, data, 1);
+ }
+
+ return 0;
+
+ }
+
+ /* Return non-zero to indicate NAK */
+ return 1;
+}
+
+static Property tpm_tis_i2c_properties[] = {
+ DEFINE_PROP_UINT32("irq", TPMStateI2C, state.irq_num, TPM_TIS_IRQ),
+ DEFINE_PROP_TPMBE("tpmdev", TPMStateI2C, state.be_driver),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void tpm_tis_i2c_realizefn(DeviceState *dev, Error **errp)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
+ TPMState *s = &i2cst->state;
+
+ if (!tpm_find()) {
+ error_setg(errp, "at most one TPM device is permitted");
+ return;
+ }
+
+ /*
+ * Get the backend pointer. It is not initialized propery during
+ * device_class_set_props
+ */
+ s->be_driver = qemu_find_tpm_be("tpm0");
+
+ if (!s->be_driver) {
+ error_setg(errp, "'tpmdev' property is required");
+ return;
+ }
+ if (s->irq_num > 15) {
+ error_setg(errp, "IRQ %d is outside valid range of 0 to 15",
+ s->irq_num);
+ return;
+ }
+}
+
+static void tpm_tis_i2c_reset(DeviceState *dev)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
+ TPMState *s = &i2cst->state;
+
+ tpm_tis_i2c_clear_data(i2cst);
+
+ i2cst->csum_enable = 0;
+ i2cst->loc_sel = 0x00;
+
+ return tpm_tis_reset(s);
+}
+
+static void tpm_tis_i2c_initfn(Object *obj)
+{
+ TPMStateI2C *i2cst = TPM_TIS_I2C(obj);
+ TPMState *s = &i2cst->state;
+
+ sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
+}
+
+static void tpm_tis_i2c_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
+ TPMIfClass *tc = TPM_IF_CLASS(klass);
+
+ dc->realize = tpm_tis_i2c_realizefn;
+ dc->reset = tpm_tis_i2c_reset;
+ dc->vmsd = &vmstate_tpm_tis_i2c;
+ device_class_set_props(dc, tpm_tis_i2c_properties);
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+
+ k->event = tpm_tis_i2c_event;
+ k->recv = tpm_tis_i2c_recv;
+ k->send = tpm_tis_i2c_send;
+
+ tc->model = TPM_MODEL_TPM_TIS;
+ tc->request_completed = tpm_tis_i2c_request_completed;
+ tc->get_version = tpm_tis_i2c_get_tpm_version;
+}
+
+static const TypeInfo tpm_tis_i2c_info = {
+ .name = TYPE_TPM_TIS_I2C,
+ .parent = TYPE_I2C_SLAVE,
+ .instance_size = sizeof(TPMStateI2C),
+ .instance_init = tpm_tis_i2c_initfn,
+ .class_init = tpm_tis_i2c_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_TPM_IF },
+ { }
+ }
+};
+
+static void tpm_tis_i2c_register_types(void)
+{
+ type_register_static(&tpm_tis_i2c_info);
+}
+
+type_init(tpm_tis_i2c_register_types)
diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events
index f17110458e..fa882dfefe 100644
--- a/hw/tpm/trace-events
+++ b/hw/tpm/trace-events
@@ -36,3 +36,9 @@ tpm_spapr_do_crq_unknown_msg_type(uint8_t type) "Unknown message type 0x%02x"
tpm_spapr_do_crq_unknown_crq(uint8_t raw1, uint8_t raw2) "unknown CRQ 0x%02x 0x%02x ..."
tpm_spapr_post_load(void) "Delivering TPM response after resume"
tpm_spapr_caught_response(uint32_t v) "Caught response to deliver after resume: %u bytes"
+
+# tpm_tis_i2c.c
+tpm_tis_i2c_recv(uint8_t data) "TPM I2C read: 0x%X"
+tpm_tis_i2c_send(uint8_t data) "TPM I2C write: 0x%X"
+tpm_tis_i2c_event(const char *event) "TPM I2C event: %s"
+tpm_tis_i2c_send_reg(const char *name, int reg) "TPM I2C write register: %s(0x%X)"
diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h
index fb40e30ff6..66e3b45f30 100644
--- a/include/sysemu/tpm.h
+++ b/include/sysemu/tpm.h
@@ -48,6 +48,7 @@ struct TPMIfClass {
#define TYPE_TPM_TIS_SYSBUS "tpm-tis-device"
#define TYPE_TPM_CRB "tpm-crb"
#define TYPE_TPM_SPAPR "tpm-spapr"
+#define TYPE_TPM_TIS_I2C "tpm-tis-i2c"
#define TPM_IS_TIS_ISA(chr) \
object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS_ISA)
@@ -57,6 +58,8 @@ struct TPMIfClass {
object_dynamic_cast(OBJECT(chr), TYPE_TPM_CRB)
#define TPM_IS_SPAPR(chr) \
object_dynamic_cast(OBJECT(chr), TYPE_TPM_SPAPR)
+#define TPM_IS_TIS_I2C(chr) \
+ object_dynamic_cast(OBJECT(chr), TYPE_TPM_TIS_I2C)
/* returns NULL unless there is exactly one TPM device */
static inline TPMIf *tpm_find(void)
--
2.37.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C
2023-03-26 22:44 ` [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C Ninad Palsule
@ 2023-03-27 0:14 ` Stefan Berger
0 siblings, 0 replies; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 0:14 UTC (permalink / raw)
To: Ninad Palsule, qemu-devel; +Cc: joel, andrew, clg
On 3/26/23 18:44, Ninad Palsule wrote:
> Qemu already supports devices attached to ISA and sysbus. This drop adds
> support for the I2C bus attached TPM devices.
>
> This commit includes changes for the common code.
> - Added support for the new checksum registers which are required for
> the I2C support. The checksum calculation is handled in the qemu
> common code.
> - Added wrapper function for read and write data so that I2C code can
> call it without MMIO interface.
>
> The TPM TIS I2C spec describes in the table in section "Interface Locality
> Usage per Register" that the TPM_INT_ENABLE and TPM_INT_STATUS registers
> must be writable for any locality even if the locality is not the active
> locality. Therefore, remove the checks whether the writing locality is the
> active locality for these registers.
>
> Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> V2:
>
> Incorporated Stephen's comments.
>
> - Removed checksum enable and checksum get registers.
> - Added checksum calculation function which can be called from
> i2c layer.
>
> ---
> V3:
> Incorporated review comments from Cedric and Stefan.
>
> - Pass locality to the checksum calculation function and cleanup
> - Moved I2C related definations in the acpi/tpm.h
>
> ---
> V4:
>
> Incorporated review comments by Stefan
>
> - Remove the check for locality while calculating checksum
> - Use bswap16 instead of cpu_ti_be16.
> - Rename TPM_I2C register by dropping _TIS_ from it.
>
> ---
> V7:
>
> Incorporated review comments from Stefan.
>
> - Removed locality check from INT_ENABLE and INT_STATUS registers write
> path.
> - Moved TPM_DATA_CSUM_ENABLED define in the tpm.h
> ---
> hw/tpm/tpm_tis.h | 3 +++
> hw/tpm/tpm_tis_common.c | 36 ++++++++++++++++++++++++++++--------
> include/hw/acpi/tpm.h | 31 +++++++++++++++++++++++++++++++
> 3 files changed, 62 insertions(+), 8 deletions(-)
>
> diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
> index f6b5872ba6..6f29a508dd 100644
> --- a/hw/tpm/tpm_tis.h
> +++ b/hw/tpm/tpm_tis.h
> @@ -86,5 +86,8 @@ int tpm_tis_pre_save(TPMState *s);
> void tpm_tis_reset(TPMState *s);
> enum TPMVersion tpm_tis_get_tpm_version(TPMState *s);
> void tpm_tis_request_completed(TPMState *s, int ret);
> +uint32_t tpm_tis_read_data(TPMState *s, hwaddr addr, unsigned size);
> +void tpm_tis_write_data(TPMState *s, hwaddr addr, uint64_t val, uint32_t size);
> +uint16_t tpm_tis_get_checksum(TPMState *s);
>
> #endif /* TPM_TPM_TIS_H */
> diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
> index 503be2a541..c07c179dbc 100644
> --- a/hw/tpm/tpm_tis_common.c
> +++ b/hw/tpm/tpm_tis_common.c
> @@ -26,6 +26,8 @@
> #include "hw/irq.h"
> #include "hw/isa/isa.h"
> #include "qapi/error.h"
> +#include "qemu/bswap.h"
> +#include "qemu/crc-ccitt.h"
> #include "qemu/module.h"
>
> #include "hw/acpi/tpm.h"
> @@ -447,6 +449,23 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,
> return val;
> }
>
> +/*
> + * A wrapper read function so that it can be directly called without
> + * mmio.
> + */
> +uint32_t tpm_tis_read_data(TPMState *s, hwaddr addr, unsigned size)
> +{
> + return tpm_tis_mmio_read(s, addr, size);
> +}
> +
> +/*
> + * Calculate current data buffer checksum
> + */
> +uint16_t tpm_tis_get_checksum(TPMState *s)
> +{
> + return bswap16(crc_ccitt(0, s->buffer, s->rw_offset));
> +}
> +
> /*
> * Write a value to a register of the TIS interface
> * See specs pages 33-63 for description of the registers
> @@ -588,10 +607,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>
> break;
> case TPM_TIS_REG_INT_ENABLE:
> - if (s->active_locty != locty) {
> - break;
> - }
> -
> s->loc[locty].inte &= mask;
> s->loc[locty].inte |= (val & (TPM_TIS_INT_ENABLED |
> TPM_TIS_INT_POLARITY_MASK |
> @@ -601,10 +616,6 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
> /* hard wired -- ignore */
> break;
> case TPM_TIS_REG_INT_STATUS:
> - if (s->active_locty != locty) {
> - break;
> - }
> -
> /* clearing of interrupt flags */
> if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) &&
> (s->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) {
> @@ -767,6 +778,15 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
> }
> }
>
> +/*
> + * A wrapper write function so that it can be directly called without
> + * mmio.
> + */
> +void tpm_tis_write_data(TPMState *s, hwaddr addr, uint64_t val, uint32_t size)
> +{
> + tpm_tis_mmio_write(s, addr, val, size);
> +}
> +
> const MemoryRegionOps tpm_tis_memory_ops = {
> .read = tpm_tis_mmio_read,
> .write = tpm_tis_mmio_write,
> diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
> index 559ba6906c..39f1300aa0 100644
> --- a/include/hw/acpi/tpm.h
> +++ b/include/hw/acpi/tpm.h
> @@ -93,6 +93,7 @@
> #define TPM_TIS_CAP_DATA_TRANSFER_64B (3 << 9)
> #define TPM_TIS_CAP_DATA_TRANSFER_LEGACY (0 << 9)
> #define TPM_TIS_CAP_BURST_COUNT_DYNAMIC (0 << 8)
> +#define TPM_TIS_CAP_BURST_COUNT_STATIC (1 << 8)
> #define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */
> #define TPM_TIS_CAPABILITIES_SUPPORTED1_3 \
> (TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
> @@ -209,6 +210,36 @@ REG32(CRB_DATA_BUFFER, 0x80)
> #define TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ (4 << 0)
> #define TPM_PPI_FUNC_MASK (7 << 0)
>
> +/* TPM TIS I2C registers */
> +#define TPM_I2C_REG_LOC_SEL 0x00
> +#define TPM_I2C_REG_ACCESS 0x04
> +#define TPM_I2C_REG_INT_ENABLE 0x08
> +#define TPM_I2C_REG_INT_CAPABILITY 0x14
> +#define TPM_I2C_REG_STS 0x18
> +#define TPM_I2C_REG_DATA_FIFO 0x24
> +#define TPM_I2C_REG_INTF_CAPABILITY 0x30
> +#define TPM_I2C_REG_I2C_DEV_ADDRESS 0x38
> +#define TPM_I2C_REG_DATA_CSUM_ENABLE 0x40
> +#define TPM_I2C_REG_DATA_CSUM_GET 0x44
> +#define TPM_I2C_REG_DID_VID 0x48
> +#define TPM_I2C_REG_RID 0x4c
> +#define TPM_I2C_REG_UNKNOWN 0xff
> +
> +/* I2C specific interface capabilities */
> +#define TPM_I2C_CAP_INTERFACE_TYPE (0x2 << 0) /* FIFO interface */
> +#define TPM_I2C_CAP_INTERFACE_VER (0x0 << 4) /* TCG I2C intf 1.0 */
> +#define TPM_I2C_CAP_TPM2_FAMILY (0x1 << 7) /* TPM 2.0 family. */
> +#define TPM_I2C_CAP_DEV_ADDR_CHANGE (0x0 << 27) /* No dev addr chng */
> +#define TPM_I2C_CAP_BURST_COUNT_STATIC (0x1 << 29) /* Burst count static */
> +#define TPM_I2C_CAP_LOCALITY_CAP (0x1 << 25) /* 0-5 locality */
> +#define TPM_I2C_CAP_BUS_SPEED (3 << 21) /* std and fast mode */
> +
> +/* TPM_STS mask for read bits 31:26 must be zero */
> +#define TPM_I2C_STS_READ_MASK 0x03ffffff
> +
> +/* Checksum enabled. */
> +#define TPM_DATA_CSUM_ENABLED 0x1
> +
> void tpm_build_ppi_acpi(TPMIf *tpm, Aml *dev);
>
> #endif /* CONFIG_TPM */
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-26 22:44 [PATCH v7 0/3] Add support for TPM devices over I2C bus Ninad Palsule
` (2 preceding siblings ...)
2023-03-26 22:44 ` [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus Ninad Palsule
@ 2023-03-27 1:05 ` Joel Stanley
2023-03-27 3:52 ` Ninad Palsule
2023-03-27 11:11 ` Stefan Berger
3 siblings, 2 replies; 24+ messages in thread
From: Joel Stanley @ 2023-03-27 1:05 UTC (permalink / raw)
To: Ninad Palsule; +Cc: qemu-devel, andrew, stefanb, clg
Hi Ninad,
On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>
> Hello,
>
> I have incorporated review comments from Stefan. Please review.
>
> This drop adds support for the TPM devices attached to the I2C bus. It
> only supports the TPM2 protocol. You need to run it with the external
> TPM emulator like swtpm. I have tested it with swtpm.
Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
the rainier machine and the openbmc dev-6.1 kernel.
We get this message when booting from a kernel:
[ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 0.586623] tpm tpm0: starting up the TPM manually
Do we understand why the error appears?
# grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/1:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/2:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/3:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/4:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/5:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/6:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/7:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/8:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/9:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
If I boot through the openbmc u-boot for the p10bmc machine, which
measures things into the PCRs:
[ 0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
/ # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
/sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
/sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
/sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
/sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
However on a clean boot into the TPM, the u-boot tpm commands fail:
ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
ast# tpINTERRUPT>
ast# tpm init
ast# tpm info
tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
ast# tpm pcr_read 0 0x81000000
Error: 256
ast# md.l 0x81000000 16
81000000: 00000000 00000000 00000000 00000000 ................
81000010: 00000000 00000000 00000000 00000000 ................
81000020: 00000000 00000000 00000000 00000000 ................
81000030: 00000000 00000000 00000000 00000000 ................
81000040: 00000000 00000000 00000000 00000000 ................
81000050: 00000000 00000000 ........
This doesn't need to block merging into qemu, as the model works fine
for pcr measurement and accessing under Linux. However it would be
good to work though these issues in case there's a modelling
discrepancy.
>
> I have refered to the work done by zhdaniel@meta.com but at the core
> level out implementation is different.
> https://github.com/theopolis/qemu/commit/2e2e57cde9e419c36af8071bb85392ad1ed70966
>
> Based-on: $MESSAGE_ID
>
>
> Ninad Palsule (3):
> docs: Add support for TPM devices over I2C bus
> tpm: Extend common APIs to support TPM TIS I2C
> tpm: Add support for TPM device over I2C bus
>
> docs/specs/tpm.rst | 32 +++
> hw/arm/Kconfig | 1 +
> hw/tpm/Kconfig | 7 +
> hw/tpm/meson.build | 1 +
> hw/tpm/tpm_tis.h | 3 +
> hw/tpm/tpm_tis_common.c | 36 ++-
> hw/tpm/tpm_tis_i2c.c | 540 ++++++++++++++++++++++++++++++++++++++++
> hw/tpm/trace-events | 6 +
> include/hw/acpi/tpm.h | 31 +++
> include/sysemu/tpm.h | 3 +
> 10 files changed, 652 insertions(+), 8 deletions(-)
> create mode 100644 hw/tpm/tpm_tis_i2c.c
>
> --
> 2.37.2
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 1:05 ` [PATCH v7 0/3] Add support for TPM devices " Joel Stanley
@ 2023-03-27 3:52 ` Ninad Palsule
2023-03-27 8:04 ` Joel Stanley
2023-03-27 11:11 ` Stefan Berger
1 sibling, 1 reply; 24+ messages in thread
From: Ninad Palsule @ 2023-03-27 3:52 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, stefanb, clg
Hi Joel,
On 3/26/23 8:05 PM, Joel Stanley wrote:
> Hi Ninad,
>
> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>> Hello,
>>
>> I have incorporated review comments from Stefan. Please review.
>>
>> This drop adds support for the TPM devices attached to the I2C bus. It
>> only supports the TPM2 protocol. You need to run it with the external
>> TPM emulator like swtpm. I have tested it with swtpm.
> Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> the rainier machine and the openbmc dev-6.1 kernel.
>
> We get this message when booting from a kernel:
>
> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> [ 0.586623] tpm tpm0: starting up the TPM manually
>
> Do we understand why the error appears?
Yes, As per kernel code this is an expected error for some emulators.
On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not
initialized. I searched it in swtpm and it indicated that selftest
requested before it is initialized. I meant to ask Stefan but busy with
the review comments.
This function comment in the driver mentioned below indicate that this
case possible with emulators.
/**
* tpm2_startup - turn on the TPM
* @chip: TPM chip to use
*
* Normally the firmware should start the TPM. This function is
provided as a
* workaround if this does not happen. A legal case for this could be for
* example when a TPM emulator is used.
*
* Return: same as tpm_transmit_cmd()
*/
static int tpm2_startup(struct tpm_chip *chip)
>
> # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> /sys/class/tpm/tpm0/pcr-sha256/0:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/1:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/2:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/3:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/4:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/5:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/6:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/7:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/8:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/9:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
>
> If I boot through the openbmc u-boot for the p10bmc machine, which
> measures things into the PCRs:
>
> [ 0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>
> / # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> /sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
> /sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
> /sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
> /sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
> /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
Great thanks. I could not try it.
>
> However on a clean boot into the TPM, the u-boot tpm commands fail:
>
> ast# tpm info
> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> ast# tpINTERRUPT>
> ast# tpm init
> ast# tpm info
> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> ast# tpm pcr_read 0 0x81000000
> Error: 256
> ast# md.l 0x81000000 16
> 81000000: 00000000 00000000 00000000 00000000 ................
> 81000010: 00000000 00000000 00000000 00000000 ................
> 81000020: 00000000 00000000 00000000 00000000 ................
> 81000030: 00000000 00000000 00000000 00000000 ................
> 81000040: 00000000 00000000 00000000 00000000 ................
> 81000050: 00000000 00000000 ........
>
> This doesn't need to block merging into qemu, as the model works fine
> for pcr measurement and accessing under Linux. However it would be
> good to work though these issues in case there's a modelling
> discrepancy.
Yes, Please provide me details on how to reproduce it. I will take a look.
Thanks for the review.
Ninad
>
>
>
>> I have refered to the work done by zhdaniel@meta.com but at the core
>> level out implementation is different.
>> https://github.com/theopolis/qemu/commit/2e2e57cde9e419c36af8071bb85392ad1ed70966
>>
>> Based-on: $MESSAGE_ID
>>
>>
>> Ninad Palsule (3):
>> docs: Add support for TPM devices over I2C bus
>> tpm: Extend common APIs to support TPM TIS I2C
>> tpm: Add support for TPM device over I2C bus
>>
>> docs/specs/tpm.rst | 32 +++
>> hw/arm/Kconfig | 1 +
>> hw/tpm/Kconfig | 7 +
>> hw/tpm/meson.build | 1 +
>> hw/tpm/tpm_tis.h | 3 +
>> hw/tpm/tpm_tis_common.c | 36 ++-
>> hw/tpm/tpm_tis_i2c.c | 540 ++++++++++++++++++++++++++++++++++++++++
>> hw/tpm/trace-events | 6 +
>> include/hw/acpi/tpm.h | 31 +++
>> include/sysemu/tpm.h | 3 +
>> 10 files changed, 652 insertions(+), 8 deletions(-)
>> create mode 100644 hw/tpm/tpm_tis_i2c.c
>>
>> --
>> 2.37.2
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-26 22:44 ` [PATCH v7 1/3] docs: " Ninad Palsule
@ 2023-03-27 7:47 ` Joel Stanley
2023-03-27 7:52 ` Cédric Le Goater
2023-03-27 13:04 ` Ninad Palsule
0 siblings, 2 replies; 24+ messages in thread
From: Joel Stanley @ 2023-03-27 7:47 UTC (permalink / raw)
To: Ninad Palsule; +Cc: qemu-devel, andrew, stefanb, clg
On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>
> This is a documentation change for I2C TPM device support.
>
> Qemu already supports devices attached to ISA and sysbus.
> This drop adds support for the I2C bus attached TPM devices.
>
> Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
>
> ---
> V2:
>
> Incorporated Stephen's review comments
> - Added example in the document.
>
> ---
> V4:
> Incorporate Cedric & Stefan's comments
>
> - Added example for ast2600-evb
> - Corrected statement about arm virtual machine.
>
> ---
> V6:
> Incorporated review comments from Stefan.
> ---
> docs/specs/tpm.rst | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>
> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
> index 535912a92b..590e670a9a 100644
> --- a/docs/specs/tpm.rst
> +++ b/docs/specs/tpm.rst
> @@ -21,12 +21,16 @@ QEMU files related to TPM TIS interface:
> - ``hw/tpm/tpm_tis_common.c``
> - ``hw/tpm/tpm_tis_isa.c``
> - ``hw/tpm/tpm_tis_sysbus.c``
> + - ``hw/tpm/tpm_tis_i2c.c``
> - ``hw/tpm/tpm_tis.h``
>
> Both an ISA device and a sysbus device are available. The former is
> used with pc/q35 machine while the latter can be instantiated in the
> Arm virt machine.
>
> +An I2C device support is also provided which can be instantiated in the Arm
> +based emulation machines. This device only supports the TPM 2 protocol.
> +
> CRB interface
> -------------
>
> @@ -348,6 +352,34 @@ In case an Arm virt machine is emulated, use the following command line:
> -drive if=pflash,format=raw,file=flash0.img,readonly=on \
> -drive if=pflash,format=raw,file=flash1.img
>
> +In case a ast2600-evb bmc machine is emulated and want to use TPM device
> +attached to I2C bus, use the following command line:
> +
> +.. code-block:: console
> +
> + qemu-system-arm -M ast2600-evb -nographic \
> + -kernel arch/arm/boot/zImage \
> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
> + -initrd rootfs.cpio \
> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
For testing, use this command to load the driver to the correct address:
echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
(I don't know how specific we want to make the instructions, but
adding a line like above would help others from having to re-discover
the command).
> +
> +In case a Rainier bmc machine is emulated and want to use TPM device
> +attached to I2C bus, use the following command line:
> +
> +.. code-block:: console
> +
> + qemu-system-arm -M rainier-bmc -nographic \
> + -kernel ${IMAGEPATH}/fitImage-linux.bin \
> + -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
> + -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
> + -drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2\
> + -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443\
> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
> +
I'd drop this example, the above one is enough.
> In case SeaBIOS is used as firmware, it should show the TPM menu item
> after entering the menu with 'ESC'.
>
> --
> 2.37.2
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-27 7:47 ` Joel Stanley
@ 2023-03-27 7:52 ` Cédric Le Goater
2023-03-27 14:48 ` Ninad Palsule
2023-03-27 13:04 ` Ninad Palsule
1 sibling, 1 reply; 24+ messages in thread
From: Cédric Le Goater @ 2023-03-27 7:52 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, stefanb
On 3/27/23 09:47, Joel Stanley wrote:
> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>>
>> This is a documentation change for I2C TPM device support.
>>
>> Qemu already supports devices attached to ISA and sysbus.
>> This drop adds support for the I2C bus attached TPM devices.
>>
>> Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
>>
>> ---
>> V2:
>>
>> Incorporated Stephen's review comments
>> - Added example in the document.
>>
>> ---
>> V4:
>> Incorporate Cedric & Stefan's comments
>>
>> - Added example for ast2600-evb
>> - Corrected statement about arm virtual machine.
>>
>> ---
>> V6:
>> Incorporated review comments from Stefan.
>> ---
>> docs/specs/tpm.rst | 32 ++++++++++++++++++++++++++++++++
>> 1 file changed, 32 insertions(+)
>>
>> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
>> index 535912a92b..590e670a9a 100644
>> --- a/docs/specs/tpm.rst
>> +++ b/docs/specs/tpm.rst
>> @@ -21,12 +21,16 @@ QEMU files related to TPM TIS interface:
>> - ``hw/tpm/tpm_tis_common.c``
>> - ``hw/tpm/tpm_tis_isa.c``
>> - ``hw/tpm/tpm_tis_sysbus.c``
>> + - ``hw/tpm/tpm_tis_i2c.c``
>> - ``hw/tpm/tpm_tis.h``
>>
>> Both an ISA device and a sysbus device are available. The former is
>> used with pc/q35 machine while the latter can be instantiated in the
>> Arm virt machine.
>>
>> +An I2C device support is also provided which can be instantiated in the Arm
>> +based emulation machines. This device only supports the TPM 2 protocol.
>> +
>> CRB interface
>> -------------
>>
>> @@ -348,6 +352,34 @@ In case an Arm virt machine is emulated, use the following command line:
>> -drive if=pflash,format=raw,file=flash0.img,readonly=on \
>> -drive if=pflash,format=raw,file=flash1.img
>>
>> +In case a ast2600-evb bmc machine is emulated and want to use TPM device
>> +attached to I2C bus, use the following command line:
>> +
>> +.. code-block:: console
>> +
>> + qemu-system-arm -M ast2600-evb -nographic \
>> + -kernel arch/arm/boot/zImage \
>> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
>> + -initrd rootfs.cpio \
>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>
> For testing, use this command to load the driver to the correct address:
>
> echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>
> (I don't know how specific we want to make the instructions, but
> adding a line like above would help others from having to re-discover
> the command).
or/and add an avocado test for it. See tests/avocado/machine_aspeed.py.
The avocado framework is a bit fragile when reading from the console but
we hope to fix that.
Thanks
C.
>
>> +
>> +In case a Rainier bmc machine is emulated and want to use TPM device
>> +attached to I2C bus, use the following command line:
>> +
>> +.. code-block:: console
>> +
>> + qemu-system-arm -M rainier-bmc -nographic \
>> + -kernel ${IMAGEPATH}/fitImage-linux.bin \
>> + -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
>> + -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
>> + -drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2\
>> + -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443\
>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>> +
>
> I'd drop this example, the above one is enough.
>
>> In case SeaBIOS is used as firmware, it should show the TPM menu item
>> after entering the menu with 'ESC'.
>>
>> --
>> 2.37.2
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 3:52 ` Ninad Palsule
@ 2023-03-27 8:04 ` Joel Stanley
2023-03-27 8:20 ` Cédric Le Goater
2023-03-27 11:17 ` Stefan Berger
0 siblings, 2 replies; 24+ messages in thread
From: Joel Stanley @ 2023-03-27 8:04 UTC (permalink / raw)
To: Ninad Palsule; +Cc: Ninad Palsule, qemu-devel, andrew, stefanb, clg
On Mon, 27 Mar 2023 at 03:52, Ninad Palsule <ninad@linux.vnet.ibm.com> wrote:
>
> Hi Joel,
>
> On 3/26/23 8:05 PM, Joel Stanley wrote:
> > Hi Ninad,
> >
> > On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
> >> Hello,
> >>
> >> I have incorporated review comments from Stefan. Please review.
> >>
> >> This drop adds support for the TPM devices attached to the I2C bus. It
> >> only supports the TPM2 protocol. You need to run it with the external
> >> TPM emulator like swtpm. I have tested it with swtpm.
> > Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> > the rainier machine and the openbmc dev-6.1 kernel.
> >
> > We get this message when booting from a kernel:
> >
> > [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> > [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> > [ 0.586623] tpm tpm0: starting up the TPM manually
> >
> > Do we understand why the error appears?
>
>
> Yes, As per kernel code this is an expected error for some emulators.
>
> On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not
> initialized. I searched it in swtpm and it indicated that selftest
> requested before it is initialized. I meant to ask Stefan but busy with
> the review comments.
The swtpm man page mentions some flags we can set. Perhaps they would help?
--flags [not-need-init]
[,startup-clear|startup-state|startup-deactivated|startup-none]
>
> This function comment in the driver mentioned below indicate that this
> case possible with emulators.
>
> /**
> * tpm2_startup - turn on the TPM
> * @chip: TPM chip to use
> *
> * Normally the firmware should start the TPM. This function is
> provided as a
> * workaround if this does not happen. A legal case for this could be for
> * example when a TPM emulator is used.
> *
> * Return: same as tpm_transmit_cmd()
> */
>
> static int tpm2_startup(struct tpm_chip *chip)
>
> > However on a clean boot into the TPM, the u-boot tpm commands fail:
> >
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> > ast# tpINTERRUPT>
> > ast# tpm init
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> > ast# tpm pcr_read 0 0x81000000
> > Error: 256
> > ast# md.l 0x81000000 16
> > 81000000: 00000000 00000000 00000000 00000000 ................
> > 81000010: 00000000 00000000 00000000 00000000 ................
> > 81000020: 00000000 00000000 00000000 00000000 ................
> > 81000030: 00000000 00000000 00000000 00000000 ................
> > 81000040: 00000000 00000000 00000000 00000000 ................
> > 81000050: 00000000 00000000 ........
> >
> > This doesn't need to block merging into qemu, as the model works fine
> > for pcr measurement and accessing under Linux. However it would be
> > good to work though these issues in case there's a modelling
> > discrepancy.
>
>
> Yes, Please provide me details on how to reproduce it. I will take a look.
This is the buildroot tree I've been using for testing:
https://github.com/shenki/buildroot/commits/ast2600-tpm
git clone https://github.com/shenki/buildroot -b ast2600-tpm
cd buildroot
make O=ast2600evb aspeed_ast2600evb_defconfig
I launch it with this qemu commandline:
swtpm socket --tpmstate dir=$XDG_RUNTIME_DIR --ctrl
type=unixio,path=$XDG_RUNTIME_DIR/swtpm-socket --tpm2
qemu-system-arm -M ast2600-evb -nographic -drive
file=ast2600evb/images/flash.img,if=mtd,format=raw -chardev
socket,id=chrtpm,path=$XDG_RUNTIME_DIR/swtpm-socket -tpmdev
emulator,id=tpm0,chardev=chrtpm -device
tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
If you want to reproduce the u-boot behaviour, press any key to
interrupt the boot.
Booting this way, you can also test the u-boot behaviour. Once you're
in userspace:
# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[ 13.637081] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
[ 13.665239] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
# cat /sys/class/tpm/tpm0/pcr-sha256/0
FE9A732EAA7842D77DEECFC1DC610EBEA9414BFC39BEEBC8D2F071CF030FA592
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 8:04 ` Joel Stanley
@ 2023-03-27 8:20 ` Cédric Le Goater
2023-03-27 10:49 ` Joel Stanley
2023-03-27 11:17 ` Stefan Berger
1 sibling, 1 reply; 24+ messages in thread
From: Cédric Le Goater @ 2023-03-27 8:20 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: Ninad Palsule, qemu-devel, andrew, stefanb
>>> However on a clean boot into the TPM, the u-boot tpm commands fail:
>>>
>>> ast# tpm info
>>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
>>> ast# tpINTERRUPT>
>>> ast# tpm init
>>> ast# tpm info
>>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
>>> ast# tpm pcr_read 0 0x81000000
>>> Error: 256
>>> ast# md.l 0x81000000 16
>>> 81000000: 00000000 00000000 00000000 00000000 ................
>>> 81000010: 00000000 00000000 00000000 00000000 ................
>>> 81000020: 00000000 00000000 00000000 00000000 ................
>>> 81000030: 00000000 00000000 00000000 00000000 ................
>>> 81000040: 00000000 00000000 00000000 00000000 ................
>>> 81000050: 00000000 00000000 ........
>>>
>>> This doesn't need to block merging into qemu, as the model works fine
>>> for pcr measurement and accessing under Linux. However it would be
>>> good to work though these issues in case there's a modelling
>>> discrepancy.
>>
>>
>> Yes, Please provide me details on how to reproduce it. I will take a look.
>
> This is the buildroot tree I've been using for testing:
>
> https://github.com/shenki/buildroot/commits/ast2600-tpm
>
> git clone https://github.com/shenki/buildroot -b ast2600-tpm
> cd buildroot
> make O=ast2600evb aspeed_ast2600evb_defconfig
I have pushed binaries here also :
https://github.com/legoater/qemu-aspeed-boot/tree/master/images/ast2600-evb/buildroot-2023.02-tpm
Cheers,
C.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 8:20 ` Cédric Le Goater
@ 2023-03-27 10:49 ` Joel Stanley
0 siblings, 0 replies; 24+ messages in thread
From: Joel Stanley @ 2023-03-27 10:49 UTC (permalink / raw)
To: Cédric Le Goater
Cc: Ninad Palsule, Ninad Palsule, qemu-devel, andrew, stefanb
On Mon, 27 Mar 2023 at 08:21, Cédric Le Goater <clg@kaod.org> wrote:
>
> >>> However on a clean boot into the TPM, the u-boot tpm commands fail:
> >>>
> >>> ast# tpm info
> >>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> >>> ast# tpINTERRUPT>
> >>> ast# tpm init
> >>> ast# tpm info
> >>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> >>> ast# tpm pcr_read 0 0x81000000
> >>> Error: 256
> >>> ast# md.l 0x81000000 16
> >>> 81000000: 00000000 00000000 00000000 00000000 ................
> >>> 81000010: 00000000 00000000 00000000 00000000 ................
> >>> 81000020: 00000000 00000000 00000000 00000000 ................
> >>> 81000030: 00000000 00000000 00000000 00000000 ................
> >>> 81000040: 00000000 00000000 00000000 00000000 ................
> >>> 81000050: 00000000 00000000 ........
> >>>
> >>> This doesn't need to block merging into qemu, as the model works fine
> >>> for pcr measurement and accessing under Linux. However it would be
> >>> good to work though these issues in case there's a modelling
> >>> discrepancy.
> >>
> >>
> >> Yes, Please provide me details on how to reproduce it. I will take a look.
> >
> > This is the buildroot tree I've been using for testing:
> >
> > https://github.com/shenki/buildroot/commits/ast2600-tpm
> >
> > git clone https://github.com/shenki/buildroot -b ast2600-tpm
> > cd buildroot
> > make O=ast2600evb aspeed_ast2600evb_defconfig
>
> I have pushed binaries here also :
>
> https://github.com/legoater/qemu-aspeed-boot/tree/master/images/ast2600-evb/buildroot-2023.02-tpm
Thank you!
The non-zero PCRs I see with this are:
# grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
/sys/class/tpm/tpm0/pcr-sha256/0:B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0
/sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
/sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
/sys/class/tpm/tpm0/pcr-sha256/8:C840364040A0F98631A48A4C401C567226BFE5A2A30B958F1800E4849A140F69
/sys/class/tpm/tpm0/pcr-sha256/9:9D00428C528120A3F2D0D8CB0EB5D036D87C0D0F8D2990B8C1F12DEFAE3890C7
They seem to be stable across boots, which is good! We could use these
images and that pcr0 value for an avocado test.
Perhaps we could add an init script that binds the driver and prints
the value to the console to save having to log in.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 1:05 ` [PATCH v7 0/3] Add support for TPM devices " Joel Stanley
2023-03-27 3:52 ` Ninad Palsule
@ 2023-03-27 11:11 ` Stefan Berger
2023-03-27 11:18 ` Joel Stanley
2023-03-27 12:31 ` Stefan Berger
1 sibling, 2 replies; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 11:11 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, clg
On 3/26/23 21:05, Joel Stanley wrote:
> Hi Ninad,
>
> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>>
>> Hello,
>>
>> I have incorporated review comments from Stefan. Please review.
>>
>> This drop adds support for the TPM devices attached to the I2C bus. It
>> only supports the TPM2 protocol. You need to run it with the external
>> TPM emulator like swtpm. I have tested it with swtpm.
>
> Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> the rainier machine and the openbmc dev-6.1 kernel.
>
> We get this message when booting from a kernel:
>
> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> [ 0.586623] tpm tpm0: starting up the TPM manually
>
> Do we understand why the error appears?
The firmware did not initialize the TPM 2.
>
> # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> /sys/class/tpm/tpm0/pcr-sha256/0:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/1:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/2:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/3:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/4:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/5:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/6:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/7:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/8:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/9:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
>
> If I boot through the openbmc u-boot for the p10bmc machine, which
> measures things into the PCRs:
>
> [ 0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
In this case the firmware started up the TPM 2. Also the PCRs have been touched by the firmware in this case.
>
> / # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> /sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
> /sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
> /sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> /sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
> /sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
> /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
>
> However on a clean boot into the TPM, the u-boot tpm commands fail:
>
> ast# tpm info
> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> ast# tpINTERRUPT>
Is this normal output? Is it an indication of some sort of IRQ?
> ast# tpm init
> ast# tpm info
> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> ast# tpm pcr_read 0 0x81000000
> Error: 256
> ast# md.l 0x81000000 16
> 81000000: 00000000 00000000 00000000 00000000 ................
> 81000010: 00000000 00000000 00000000 00000000 ................
> 81000020: 00000000 00000000 00000000 00000000 ................
> 81000030: 00000000 00000000 00000000 00000000 ................
> 81000040: 00000000 00000000 00000000 00000000 ................
> 81000050: 00000000 00000000 ........
>
> This doesn't need to block merging into qemu, as the model works fine
> for pcr measurement and accessing under Linux. However it would be
> good to work though these issues in case there's a modelling
> discrepancy.
It reads the didvid and rid registers just fine and per the touched PCRs it knows how to talk to the TPM 2 to extend the PCRs.
So this is strange. What is the 0x81000000 parameter in this command? Is it some memory location?
Stefan
>
>
>
>>
>> I have refered to the work done by zhdaniel@meta.com but at the core
>> level out implementation is different.
>> https://github.com/theopolis/qemu/commit/2e2e57cde9e419c36af8071bb85392ad1ed70966
>>
>> Based-on: $MESSAGE_ID
>>
>>
>> Ninad Palsule (3):
>> docs: Add support for TPM devices over I2C bus
>> tpm: Extend common APIs to support TPM TIS I2C
>> tpm: Add support for TPM device over I2C bus
>>
>> docs/specs/tpm.rst | 32 +++
>> hw/arm/Kconfig | 1 +
>> hw/tpm/Kconfig | 7 +
>> hw/tpm/meson.build | 1 +
>> hw/tpm/tpm_tis.h | 3 +
>> hw/tpm/tpm_tis_common.c | 36 ++-
>> hw/tpm/tpm_tis_i2c.c | 540 ++++++++++++++++++++++++++++++++++++++++
>> hw/tpm/trace-events | 6 +
>> include/hw/acpi/tpm.h | 31 +++
>> include/sysemu/tpm.h | 3 +
>> 10 files changed, 652 insertions(+), 8 deletions(-)
>> create mode 100644 hw/tpm/tpm_tis_i2c.c
>>
>> --
>> 2.37.2
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 8:04 ` Joel Stanley
2023-03-27 8:20 ` Cédric Le Goater
@ 2023-03-27 11:17 ` Stefan Berger
1 sibling, 0 replies; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 11:17 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: Ninad Palsule, qemu-devel, andrew, clg
On 3/27/23 04:04, Joel Stanley wrote:
> On Mon, 27 Mar 2023 at 03:52, Ninad Palsule <ninad@linux.vnet.ibm.com> wrote:
>>
>> Hi Joel,
>>
>> On 3/26/23 8:05 PM, Joel Stanley wrote:
>>> Hi Ninad,
>>>
>>> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>>>> Hello,
>>>>
>>>> I have incorporated review comments from Stefan. Please review.
>>>>
>>>> This drop adds support for the TPM devices attached to the I2C bus. It
>>>> only supports the TPM2 protocol. You need to run it with the external
>>>> TPM emulator like swtpm. I have tested it with swtpm.
>>> Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
>>> the rainier machine and the openbmc dev-6.1 kernel.
>>>
>>> We get this message when booting from a kernel:
>>>
>>> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>>> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
>>> [ 0.586623] tpm tpm0: starting up the TPM manually
>>>
>>> Do we understand why the error appears?
>>
>>
>> Yes, As per kernel code this is an expected error for some emulators.
>>
>> On swtpm emulator, It returns TPM2_RC_INITIALIZE if emulator is not
>> initialized. I searched it in swtpm and it indicated that selftest
>> requested before it is initialized. I meant to ask Stefan but busy with
>> the review comments.
>
> The swtpm man page mentions some flags we can set. Perhaps they would help?
>
> --flags [not-need-init]
> [,startup-clear|startup-state|startup-deactivated|startup-none]
With firmware initializing the TPM 2 neither of these options is necessary.
If firmware doesn't initialize the TPM 2 then Linux will show that error message and initialize it.
Stefan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 11:11 ` Stefan Berger
@ 2023-03-27 11:18 ` Joel Stanley
2023-03-27 11:24 ` Stefan Berger
2023-03-27 12:31 ` Stefan Berger
1 sibling, 1 reply; 24+ messages in thread
From: Joel Stanley @ 2023-03-27 11:18 UTC (permalink / raw)
To: Stefan Berger; +Cc: Ninad Palsule, qemu-devel, andrew, clg
On Mon, 27 Mar 2023 at 11:11, Stefan Berger <stefanb@linux.ibm.com> wrote:
>
>
>
> On 3/26/23 21:05, Joel Stanley wrote:
> > Hi Ninad,
> >
> > On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
> >>
> >> Hello,
> >>
> >> I have incorporated review comments from Stefan. Please review.
> >>
> >> This drop adds support for the TPM devices attached to the I2C bus. It
> >> only supports the TPM2 protocol. You need to run it with the external
> >> TPM emulator like swtpm. I have tested it with swtpm.
> >
> > Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
> > the rainier machine and the openbmc dev-6.1 kernel.
> >
> > We get this message when booting from a kernel:
> >
> > [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
> > [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
> > [ 0.586623] tpm tpm0: starting up the TPM manually
> >
> > Do we understand why the error appears?
>
> The firmware did not initialize the TPM 2.
Which firmware are we talking about here?
In the case of these systems, we (u-boot+linux) are what would
traditionally be referred to as firmware.
> > # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> > /sys/class/tpm/tpm0/pcr-sha256/0:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/1:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/2:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/3:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/4:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/5:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/6:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/7:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/8:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/9:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
> >
> > If I boot through the openbmc u-boot for the p10bmc machine, which
> > measures things into the PCRs:
> >
> > [ 0.556713] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>
> In this case the firmware started up the TPM 2. Also the PCRs have been touched by the firmware in this case.
>
> >
> > / # grep -r . /sys/class/tpm/tpm0/pcr-sha256/ | sort -n -k 7 -t /
> > /sys/class/tpm/tpm0/pcr-sha256/0:AFA13691EFC7BC6E189E92347F20676FB4523302CB957DA9A65C3430C45E8BCC
> > /sys/class/tpm/tpm0/pcr-sha256/1:37F0F710A5502FAE6DB7433B36001FEE1CBF15BA2A7D6923207FF56888584714
> > /sys/class/tpm/tpm0/pcr-sha256/2:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/3:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/4:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/5:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/6:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/7:E21B703EE69C77476BCCB43EC0336A9A1B2914B378944F7B00A10214CA8FEA93
> > /sys/class/tpm/tpm0/pcr-sha256/8:AE67485BD01E8D6FE0208C46C473940173F66E9C6F43C75ABB404375787E9705
> > /sys/class/tpm/tpm0/pcr-sha256/9:DB99D92EADBB446894CB0C062AEB673F60DDAFBC62BC2A9CA561A13B31E5357C
> > /sys/class/tpm/tpm0/pcr-sha256/10:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/11:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/12:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/13:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/14:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/15:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/16:0000000000000000000000000000000000000000000000000000000000000000
> > /sys/class/tpm/tpm0/pcr-sha256/17:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/18:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/19:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/20:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/21:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/22:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > /sys/class/tpm/tpm0/pcr-sha256/23:0000000000000000000000000000000000000000000000000000000000000000
> > However on a clean boot into the TPM, the u-boot tpm commands fail:
> >
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
> > ast# tpINTERRUPT>
>
> Is this normal output? Is it an indication of some sort of IRQ?
Ignore that line, that was me using ctrl+c to cancel the input. I
should have trimmed it from the email before sending.
>
> > ast# tpm init
> > ast# tpm info
> > tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
> > ast# tpm pcr_read 0 0x81000000
> > Error: 256
> > ast# md.l 0x81000000 16
> > 81000000: 00000000 00000000 00000000 00000000 ................
> > 81000010: 00000000 00000000 00000000 00000000 ................
> > 81000020: 00000000 00000000 00000000 00000000 ................
> > 81000030: 00000000 00000000 00000000 00000000 ................
> > 81000040: 00000000 00000000 00000000 00000000 ................
> > 81000050: 00000000 00000000 ........
> >
> > This doesn't need to block merging into qemu, as the model works fine
> > for pcr measurement and accessing under Linux. However it would be
> > good to work though these issues in case there's a modelling
> > discrepancy.
>
>
> It reads the didvid and rid registers just fine and per the touched PCRs it knows how to talk to the TPM 2 to extend the PCRs.
It hasn't done so in this case; the boot step that extends the PCRs
hasn't been executed.
> So this is strange. What is the 0x81000000 parameter in this command? Is it some memory location?
Yes, it's an arbitrary DRAM location that we've asked u-boot to place
the contents of the PCR.
Cheers,
Joel
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 11:18 ` Joel Stanley
@ 2023-03-27 11:24 ` Stefan Berger
0 siblings, 0 replies; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 11:24 UTC (permalink / raw)
To: Joel Stanley; +Cc: Ninad Palsule, qemu-devel, andrew, clg
On 3/27/23 07:18, Joel Stanley wrote:
> On Mon, 27 Mar 2023 at 11:11, Stefan Berger <stefanb@linux.ibm.com> wrote:
>>
>>
>>
>> On 3/26/23 21:05, Joel Stanley wrote:
>>> Hi Ninad,
>>>
>>> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>>>>
>>>> Hello,
>>>>
>>>> I have incorporated review comments from Stefan. Please review.
>>>>
>>>> This drop adds support for the TPM devices attached to the I2C bus. It
>>>> only supports the TPM2 protocol. You need to run it with the external
>>>> TPM emulator like swtpm. I have tested it with swtpm.
>>>
>>> Nice work. I tested these stop cedric's aspeed-8.0 qemu tree, using
>>> the rainier machine and the openbmc dev-6.1 kernel.
>>>
>>> We get this message when booting from a kernel:
>>>
>>> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>>> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
>>> [ 0.586623] tpm tpm0: starting up the TPM manually
>>>
>>> Do we understand why the error appears?
>>
>> The firmware did not initialize the TPM 2.
>
> Which firmware are we talking about here?
This happens if either no firmware is used or the firmware doesn't know how to talk to the TPM 2.
Linux detects that the TPM 2 wasn't initialized (TPM2_Startup was not sent).
Stefan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 11:11 ` Stefan Berger
2023-03-27 11:18 ` Joel Stanley
@ 2023-03-27 12:31 ` Stefan Berger
2023-03-27 13:09 ` Stefan Berger
1 sibling, 1 reply; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 12:31 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, clg
On 3/27/23 07:11, Stefan Berger wrote:
>
>
>> We get this message when booting from a kernel:
>>
>> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
>> [ 0.586623] tpm tpm0: starting up the TPM manually
>>
>> Do we understand why the error appears?
>
> The firmware did not initialize the TPM 2.
>
>> However on a clean boot into the TPM, the u-boot tpm commands fail:
>>
>> ast# tpm info
>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
>> ast# tpINTERRUPT>
>
> Is this normal output? Is it an indication of some sort of IRQ?
>
>> ast# tpm init
>> ast# tpm info
>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
>> ast# tpm pcr_read 0 0x81000000
>> Error: 256
If this is an error from the TPM 2 , then the 256 error code is the same as reported by Linux above:
$ tssreturncode 0x100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized
I will try to reproduce this today. u-boot should have a sent TPM2_Startup as part of 'tpm init' command above or even before on its own.
Stefan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-27 7:47 ` Joel Stanley
2023-03-27 7:52 ` Cédric Le Goater
@ 2023-03-27 13:04 ` Ninad Palsule
1 sibling, 0 replies; 24+ messages in thread
From: Ninad Palsule @ 2023-03-27 13:04 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, stefanb, clg
Hi Joel,
On 3/27/23 2:47 AM, Joel Stanley wrote:
> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>> This is a documentation change for I2C TPM device support.
>>
>> Qemu already supports devices attached to ISA and sysbus.
>> This drop adds support for the I2C bus attached TPM devices.
>>
>> Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
>>
>> ---
>> V2:
>>
>> Incorporated Stephen's review comments
>> - Added example in the document.
>>
>> ---
>> V4:
>> Incorporate Cedric & Stefan's comments
>>
>> - Added example for ast2600-evb
>> - Corrected statement about arm virtual machine.
>>
>> ---
>> V6:
>> Incorporated review comments from Stefan.
>> ---
>> docs/specs/tpm.rst | 32 ++++++++++++++++++++++++++++++++
>> 1 file changed, 32 insertions(+)
>>
>> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
>> index 535912a92b..590e670a9a 100644
>> --- a/docs/specs/tpm.rst
>> +++ b/docs/specs/tpm.rst
>> @@ -21,12 +21,16 @@ QEMU files related to TPM TIS interface:
>> - ``hw/tpm/tpm_tis_common.c``
>> - ``hw/tpm/tpm_tis_isa.c``
>> - ``hw/tpm/tpm_tis_sysbus.c``
>> + - ``hw/tpm/tpm_tis_i2c.c``
>> - ``hw/tpm/tpm_tis.h``
>>
>> Both an ISA device and a sysbus device are available. The former is
>> used with pc/q35 machine while the latter can be instantiated in the
>> Arm virt machine.
>>
>> +An I2C device support is also provided which can be instantiated in the Arm
>> +based emulation machines. This device only supports the TPM 2 protocol.
>> +
>> CRB interface
>> -------------
>>
>> @@ -348,6 +352,34 @@ In case an Arm virt machine is emulated, use the following command line:
>> -drive if=pflash,format=raw,file=flash0.img,readonly=on \
>> -drive if=pflash,format=raw,file=flash1.img
>>
>> +In case a ast2600-evb bmc machine is emulated and want to use TPM device
>> +attached to I2C bus, use the following command line:
>> +
>> +.. code-block:: console
>> +
>> + qemu-system-arm -M ast2600-evb -nographic \
>> + -kernel arch/arm/boot/zImage \
>> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
>> + -initrd rootfs.cpio \
>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
> For testing, use this command to load the driver to the correct address:
>
> echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>
> (I don't know how specific we want to make the instructions, but
> adding a line like above would help others from having to re-discover
> the command).
Make sense. Added.
>
>> +
>> +In case a Rainier bmc machine is emulated and want to use TPM device
>> +attached to I2C bus, use the following command line:
>> +
>> +.. code-block:: console
>> +
>> + qemu-system-arm -M rainier-bmc -nographic \
>> + -kernel ${IMAGEPATH}/fitImage-linux.bin \
>> + -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
>> + -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
>> + -drive file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2\
>> + -net nic -net user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443\
>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>> +
> I'd drop this example, the above one is enough.
Removed.
>
>> In case SeaBIOS is used as firmware, it should show the TPM menu item
>> after entering the menu with 'ESC'.
>>
>> --
>> 2.37.2
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 0/3] Add support for TPM devices over I2C bus
2023-03-27 12:31 ` Stefan Berger
@ 2023-03-27 13:09 ` Stefan Berger
0 siblings, 0 replies; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 13:09 UTC (permalink / raw)
To: Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, clg
On 3/27/23 08:31, Stefan Berger wrote:
>
>
> On 3/27/23 07:11, Stefan Berger wrote:
>>
>>
>
>>> We get this message when booting from a kernel:
>>>
>>> [ 0.582699] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)
>>> [ 0.586361] tpm tpm0: A TPM error (256) occurred attempting the self test
>>> [ 0.586623] tpm tpm0: starting up the TPM manually
>>>
>>> Do we understand why the error appears?
>>
>> The firmware did not initialize the TPM 2.
>>
>
>>> However on a clean boot into the TPM, the u-boot tpm commands fail:
>>>
>>> ast# tpm info
>>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [closed]
>>> ast# tpINTERRUPT>
>>
>> Is this normal output? Is it an indication of some sort of IRQ?
>>
>>> ast# tpm init
>>> ast# tpm info
>>> tpm@2e v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]
>>> ast# tpm pcr_read 0 0x81000000
>>> Error: 256
>
> If this is an error from the TPM 2 , then the 256 error code is the same as reported by Linux above:
>
> $ tssreturncode 0x100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized
>
>
> I will try to reproduce this today. u-boot should have a sent TPM2_Startup as part of 'tpm init' command above or even before on its own.
One needs to do this here:
ast# tpm2 startup TPM2_SU_CLEAR
ast# tpm2 pcr_read 0 0x81000000
PCR #0 content (332 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Stefan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus
2023-03-26 22:44 ` [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus Ninad Palsule
@ 2023-03-27 13:40 ` Stefan Berger
2023-03-27 15:54 ` Ninad Palsule
0 siblings, 1 reply; 24+ messages in thread
From: Stefan Berger @ 2023-03-27 13:40 UTC (permalink / raw)
To: Ninad Palsule, qemu-devel; +Cc: joel, andrew, clg
On 3/26/23 18:44, Ninad Palsule wrote:
> Qemu already supports devices attached to ISA and sysbus. This drop adds
> support for the I2C bus attached TPM devices. I2C model only supports
> TPM2 protocol.
>
> --- /dev/null
> +++ b/hw/tpm/tpm_tis_i2c.c
> @@ -0,0 +1,540 @@
> +/*
> + * tpm_tis_i2c.c - QEMU's TPM TIS I2C Device
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + * Implementation of the TIS interface according to specs found at
> + * http://www.trustedcomputinggroup.org. This implementation currently
> + * supports version 1.3, 21 March 2013
> + * In the developers menu choose the PC Client section then find the TIS
> + * specification.
> + *
> + * TPM TIS for TPM 2 implementation following TCG PC Client Platform
> + * TPM Profile (PTP) Specification, Familiy 2.0, Revision 00.43
> + *
> + * TPM I2C implementation follows TCG TPM I2c Interface specification,
> + * Family 2.0, Level 00, Revision 1.00
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/i2c/i2c.h"
> +#include "hw/sysbus.h"
> +#include "hw/acpi/tpm.h"
> +#include "migration/vmstate.h"
> +#include "tpm_prop.h"
> +#include "qemu/log.h"
> +#include "trace.h"
> +#include "tpm_tis.h"
> +
> +/* TPM_STS mask for read bits 31:26 must be zero */
> +#define TPM_I2C_STS_READ_MASK 0x03ffffff
> +
> +/* TPM_I2C_INT_ENABLE mask */
> +#define TPM_I2C_INT_ENABLE_MASK (TPM_TIS_INT_ENABLED | \
> + TPM_TIS_INT_DATA_AVAILABLE | \
> + TPM_TIS_INT_STS_VALID | \
> + TPM_TIS_INT_LOCALITY_CHANGED | \
> + TPM_TIS_INT_COMMAND_READY)
Since we cannot test interrupts with Linux since the driver doesn't support it,
can you set this mask to 0 and move it into the public header file. Please also
apply the mask to vthe alue returned from reading to the TPM_INT_CAPABILITY register.
> +
> +/* Operations */
> +#define OP_SEND 1
> +#define OP_RECV 2
> +
> +typedef struct TPMStateI2C {
> + /*< private >*/
> + I2CSlave parent_obj;
> +
> + uint8_t offset; /* offset into data[] */
> + uint8_t operation; /* OP_SEND & OP_RECV */
> + uint8_t data[5]; /* Data */
> +
> + /* i2c registers */
> + uint8_t loc_sel; /* Current locality */
> + uint8_t csum_enable; /* Is checksum enabled */
> +
> + /* Derived from the above */
> + const char *reg_name; /* Register name */
> + uint32_t tis_addr; /* Converted tis address including locty */
> +
> + /*< public >*/
> + TPMState state; /* not a QOM object */
> +
> +} TPMStateI2C;
> +
> +DECLARE_INSTANCE_CHECKER(TPMStateI2C, TPM_TIS_I2C,
> + TYPE_TPM_TIS_I2C)
> +
> +/* Prototype */
> +static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst, uint8_t i2c_reg);
> +
> +/* Register map */
> +typedef struct regMap {
> + uint8_t i2c_reg; /* I2C register */
> + uint16_t tis_reg; /* TIS register */
> + const char *reg_name; /* Register name */
> +} I2CRegMap;
> +
> +/*
> + * The register values in the common code is different than the latest
> + * register numbers as per the spec hence add the conversion map
> + */
> +static const I2CRegMap tpm_tis_reg_map[] = {
> + /*
> + * These registers are sent to TIS layer. The register with UNKNOWN
> + * mapping are not sent to TIS layer and handled in I2c layer.
> + * NOTE: Adding frequently used registers at the start
> + */
> + { TPM_I2C_REG_DATA_FIFO, TPM_TIS_REG_DATA_FIFO, "FIFO", },
> + { TPM_I2C_REG_STS, TPM_TIS_REG_STS, "STS", },
> + { TPM_I2C_REG_DATA_CSUM_GET, TPM_I2C_REG_UNKNOWN, "CSUM_GET", },
> + { TPM_I2C_REG_LOC_SEL, TPM_I2C_REG_UNKNOWN, "LOC_SEL", },
> + { TPM_I2C_REG_ACCESS, TPM_TIS_REG_ACCESS, "ACCESS", },
> + { TPM_I2C_REG_INT_ENABLE, TPM_TIS_REG_INT_ENABLE, "INTR_ENABLE",},
> + { TPM_I2C_REG_INT_CAPABILITY, TPM_TIS_REG_INT_ENABLE, "INTR_CAP", },
This mapping here is wrong. It should map to TPM_TIS_REG_INT_CAPABILITY.
> + { TPM_I2C_REG_INTF_CAPABILITY, TPM_TIS_REG_INTF_CAPABILITY, "INTF_CAP", },
> + { TPM_I2C_REG_DID_VID, TPM_TIS_REG_DID_VID, "DID_VID", },
> + { TPM_I2C_REG_RID, TPM_TIS_REG_RID, "RID", },
> + { TPM_I2C_REG_I2C_DEV_ADDRESS, TPM_I2C_REG_UNKNOWN, "DEV_ADDRESS",},
> + { TPM_I2C_REG_DATA_CSUM_ENABLE, TPM_I2C_REG_UNKNOWN, "CSUM_ENABLE",},
> +};
> +
> +/*
> + * Send function only remembers data in the buffer and then calls
> + * TPM TIS common code during FINISH event.
> + */
> +static int tpm_tis_i2c_send(I2CSlave *i2c, uint8_t data)
> +{
> + TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
> +
> + /* Reject non-supported registers. */
> + if (i2cst->offset == 0) {
> + /* Convert I2C register to TIS register */
> + tpm_tis_i2c_to_tis_reg(i2cst, data);
> + if (i2cst->tis_addr == 0xffffffff) {
> + return 0xffffffff;
> + }
> +
> + trace_tpm_tis_i2c_send_reg(i2cst->reg_name, data);
> +
> + /* We do not support device address change */
> + if (data == TPM_I2C_REG_I2C_DEV_ADDRESS) {
> + qemu_log_mask(LOG_UNIMP, "%s: Device address change "
> + "is not supported.\n", __func__);
> + return 0xffffffff;
> + }
> + } else {
> + trace_tpm_tis_i2c_send(data);
> + }
> +
> + if (i2cst->offset < sizeof(i2cst->data)) {
> + i2cst->operation = OP_SEND;
> +
> + /* Remember data locally for non-FIFO registers */
> + if ((i2cst->offset == 0) ||
> + (i2cst->data[0] != TPM_I2C_REG_DATA_FIFO)) {
> + i2cst->data[i2cst->offset++] = data;
> + } else {
> + tpm_tis_write_data(&i2cst->state, i2cst->tis_addr, data, 1);
> + }
> +
> + return 0;
> +
> + }
> +
> + /* Return non-zero to indicate NAK */
> + return 1;
> +}
> +
> +static Property tpm_tis_i2c_properties[] = {
> + DEFINE_PROP_UINT32("irq", TPMStateI2C, state.irq_num, TPM_TIS_IRQ),
You should remove this here. Maybe one day we will add it back when we can test it.
> + DEFINE_PROP_TPMBE("tpmdev", TPMStateI2C, state.be_driver),
> + DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static void tpm_tis_i2c_realizefn(DeviceState *dev, Error **errp)
> +{
> + TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
> + TPMState *s = &i2cst->state;
> +
> + if (!tpm_find()) {
> + error_setg(errp, "at most one TPM device is permitted");
> + return;
> + }
> +
> + /*
> + * Get the backend pointer. It is not initialized propery during
> + * device_class_set_props
> + */
> + s->be_driver = qemu_find_tpm_be("tpm0");
> +
> + if (!s->be_driver) {
> + error_setg(errp, "'tpmdev' property is required");
> + return;
> + }
> + if (s->irq_num > 15) {
> + error_setg(errp, "IRQ %d is outside valid range of 0 to 15",
> + s->irq_num);
> + return;
> + }
This block can go.
> +}
> +
> +static void tpm_tis_i2c_reset(DeviceState *dev)
> +{
> + TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
> + TPMState *s = &i2cst->state;
> +
> + tpm_tis_i2c_clear_data(i2cst);
> +
> + i2cst->csum_enable = 0;
> + i2cst->loc_sel = 0x00;
> +
> + return tpm_tis_reset(s);
> +}
> +
> +static void tpm_tis_i2c_initfn(Object *obj)
> +{
> + TPMStateI2C *i2cst = TPM_TIS_I2C(obj);
> + TPMState *s = &i2cst->state;
> +
> + sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
> +}
This function also has to go.
Thanks,
Stefan
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-27 7:52 ` Cédric Le Goater
@ 2023-03-27 14:48 ` Ninad Palsule
2023-03-27 15:10 ` Cédric Le Goater
0 siblings, 1 reply; 24+ messages in thread
From: Ninad Palsule @ 2023-03-27 14:48 UTC (permalink / raw)
To: Cédric Le Goater, Joel Stanley, Ninad Palsule
Cc: qemu-devel, andrew, stefanb
Hi Cedric,
On 3/27/23 2:52 AM, Cédric Le Goater wrote:
> On 3/27/23 09:47, Joel Stanley wrote:
>> On Sun, 26 Mar 2023 at 22:44, Ninad Palsule <ninad@linux.ibm.com> wrote:
>>>
>>> This is a documentation change for I2C TPM device support.
>>>
>>> Qemu already supports devices attached to ISA and sysbus.
>>> This drop adds support for the I2C bus attached TPM devices.
>>>
>>> Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
>>>
>>> ---
>>> V2:
>>>
>>> Incorporated Stephen's review comments
>>> - Added example in the document.
>>>
>>> ---
>>> V4:
>>> Incorporate Cedric & Stefan's comments
>>>
>>> - Added example for ast2600-evb
>>> - Corrected statement about arm virtual machine.
>>>
>>> ---
>>> V6:
>>> Incorporated review comments from Stefan.
>>> ---
>>> docs/specs/tpm.rst | 32 ++++++++++++++++++++++++++++++++
>>> 1 file changed, 32 insertions(+)
>>>
>>> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
>>> index 535912a92b..590e670a9a 100644
>>> --- a/docs/specs/tpm.rst
>>> +++ b/docs/specs/tpm.rst
>>> @@ -21,12 +21,16 @@ QEMU files related to TPM TIS interface:
>>> - ``hw/tpm/tpm_tis_common.c``
>>> - ``hw/tpm/tpm_tis_isa.c``
>>> - ``hw/tpm/tpm_tis_sysbus.c``
>>> + - ``hw/tpm/tpm_tis_i2c.c``
>>> - ``hw/tpm/tpm_tis.h``
>>>
>>> Both an ISA device and a sysbus device are available. The former is
>>> used with pc/q35 machine while the latter can be instantiated in the
>>> Arm virt machine.
>>>
>>> +An I2C device support is also provided which can be instantiated in
>>> the Arm
>>> +based emulation machines. This device only supports the TPM 2
>>> protocol.
>>> +
>>> CRB interface
>>> -------------
>>>
>>> @@ -348,6 +352,34 @@ In case an Arm virt machine is emulated, use
>>> the following command line:
>>> -drive if=pflash,format=raw,file=flash0.img,readonly=on \
>>> -drive if=pflash,format=raw,file=flash1.img
>>>
>>> +In case a ast2600-evb bmc machine is emulated and want to use TPM
>>> device
>>> +attached to I2C bus, use the following command line:
>>> +
>>> +.. code-block:: console
>>> +
>>> + qemu-system-arm -M ast2600-evb -nographic \
>>> + -kernel arch/arm/boot/zImage \
>>> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
>>> + -initrd rootfs.cpio \
>>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>
>> For testing, use this command to load the driver to the correct address:
>>
>> echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>>
>> (I don't know how specific we want to make the instructions, but
>> adding a line like above would help others from having to re-discover
>> the command).
>
> or/and add an avocado test for it. See tests/avocado/machine_aspeed.py.
>
> The avocado framework is a bit fragile when reading from the console but
> we hope to fix that.
I never used it before so it will take little longer.
Is it required to merge this i2c work?
Thanks for the review.
Ninad
>
> Thanks
>
> C.
>
>>
>>> +
>>> +In case a Rainier bmc machine is emulated and want to use TPM device
>>> +attached to I2C bus, use the following command line:
>>> +
>>> +.. code-block:: console
>>> +
>>> + qemu-system-arm -M rainier-bmc -nographic \
>>> + -kernel ${IMAGEPATH}/fitImage-linux.bin \
>>> + -dtb ${IMAGEPATH}/aspeed-bmc-ibm-rainier.dtb \
>>> + -initrd ${IMAGEPATH}/obmc-phosphor-initramfs.rootfs.cpio.xz \
>>> + -drive
>>> file=${IMAGEPATH}/obmc-phosphor-image.rootfs.wic.qcow2,if=sd,index=2\
>>> + -net nic -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443\
>>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>> +
>>
>> I'd drop this example, the above one is enough.
>>
>>> In case SeaBIOS is used as firmware, it should show the TPM menu item
>>> after entering the menu with 'ESC'.
>>>
>>> --
>>> 2.37.2
>>>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-27 14:48 ` Ninad Palsule
@ 2023-03-27 15:10 ` Cédric Le Goater
2023-03-27 15:28 ` Ninad Palsule
0 siblings, 1 reply; 24+ messages in thread
From: Cédric Le Goater @ 2023-03-27 15:10 UTC (permalink / raw)
To: Ninad Palsule, Joel Stanley, Ninad Palsule; +Cc: qemu-devel, andrew, stefanb
>>>> +In case a ast2600-evb bmc machine is emulated and want to use TPM device
>>>> +attached to I2C bus, use the following command line:
>>>> +
>>>> +.. code-block:: console
>>>> +
>>>> + qemu-system-arm -M ast2600-evb -nographic \
>>>> + -kernel arch/arm/boot/zImage \
>>>> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
>>>> + -initrd rootfs.cpio \
>>>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>>>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>>>> + -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>
>>> For testing, use this command to load the driver to the correct address:
>>>
>>> echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>>>
>>> (I don't know how specific we want to make the instructions, but
>>> adding a line like above would help others from having to re-discover
>>> the command).
>>
>> or/and add an avocado test for it. See tests/avocado/machine_aspeed.py.
>>
>> The avocado framework is a bit fragile when reading from the console but
>> we hope to fix that.
>
> I never used it before so it will take little longer.
>
> Is it required to merge this i2c work?
It isn't.
C.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 1/3] docs: Add support for TPM devices over I2C bus
2023-03-27 15:10 ` Cédric Le Goater
@ 2023-03-27 15:28 ` Ninad Palsule
0 siblings, 0 replies; 24+ messages in thread
From: Ninad Palsule @ 2023-03-27 15:28 UTC (permalink / raw)
To: Cédric Le Goater, Joel Stanley, Ninad Palsule
Cc: qemu-devel, andrew, stefanb
On 3/27/23 10:10 AM, Cédric Le Goater wrote:
>>>>> +In case a ast2600-evb bmc machine is emulated and want to use TPM
>>>>> device
>>>>> +attached to I2C bus, use the following command line:
>>>>> +
>>>>> +.. code-block:: console
>>>>> +
>>>>> + qemu-system-arm -M ast2600-evb -nographic \
>>>>> + -kernel arch/arm/boot/zImage \
>>>>> + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
>>>>> + -initrd rootfs.cpio \
>>>>> + -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
>>>>> + -tpmdev emulator,id=tpm0,chardev=chrtpm \
>>>>> + -device
>>>>> tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
>>>>
>>>> For testing, use this command to load the driver to the correct
>>>> address:
>>>>
>>>> echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
>>>>
>>>> (I don't know how specific we want to make the instructions, but
>>>> adding a line like above would help others from having to re-discover
>>>> the command).
>>>
>>> or/and add an avocado test for it. See tests/avocado/machine_aspeed.py.
>>>
>>> The avocado framework is a bit fragile when reading from the console
>>> but
>>> we hope to fix that.
>>
>> I never used it before so it will take little longer.
>>
>> Is it required to merge this i2c work?
>
> It isn't.
Ok, Thanks. I will continue to check the test frame work and add the
test in a separate drop.
Ninad
>
> C.
>
>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus
2023-03-27 13:40 ` Stefan Berger
@ 2023-03-27 15:54 ` Ninad Palsule
0 siblings, 0 replies; 24+ messages in thread
From: Ninad Palsule @ 2023-03-27 15:54 UTC (permalink / raw)
To: Stefan Berger, Ninad Palsule, qemu-devel; +Cc: joel, andrew, clg
Hi Stefan,
On 3/27/23 8:40 AM, Stefan Berger wrote:
>
>
> On 3/26/23 18:44, Ninad Palsule wrote:
>> Qemu already supports devices attached to ISA and sysbus. This drop adds
>> support for the I2C bus attached TPM devices. I2C model only supports
>> TPM2 protocol.
>>
>
>> --- /dev/null
>> +++ b/hw/tpm/tpm_tis_i2c.c
>> @@ -0,0 +1,540 @@
>> +/*
>> + * tpm_tis_i2c.c - QEMU's TPM TIS I2C Device
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2
>> or later.
>> + * See the COPYING file in the top-level directory.
>> + *
>> + * Implementation of the TIS interface according to specs found at
>> + * http://www.trustedcomputinggroup.org. This implementation currently
>> + * supports version 1.3, 21 March 2013
>> + * In the developers menu choose the PC Client section then find the
>> TIS
>> + * specification.
>> + *
>> + * TPM TIS for TPM 2 implementation following TCG PC Client Platform
>> + * TPM Profile (PTP) Specification, Familiy 2.0, Revision 00.43
>> + *
>> + * TPM I2C implementation follows TCG TPM I2c Interface specification,
>> + * Family 2.0, Level 00, Revision 1.00
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "hw/i2c/i2c.h"
>> +#include "hw/sysbus.h"
>> +#include "hw/acpi/tpm.h"
>> +#include "migration/vmstate.h"
>> +#include "tpm_prop.h"
>> +#include "qemu/log.h"
>> +#include "trace.h"
>> +#include "tpm_tis.h"
>> +
>> +/* TPM_STS mask for read bits 31:26 must be zero */
>> +#define TPM_I2C_STS_READ_MASK 0x03ffffff
>> +
>> +/* TPM_I2C_INT_ENABLE mask */
>> +#define TPM_I2C_INT_ENABLE_MASK (TPM_TIS_INT_ENABLED | \
>> + TPM_TIS_INT_DATA_AVAILABLE | \
>> + TPM_TIS_INT_STS_VALID | \
>> + TPM_TIS_INT_LOCALITY_CHANGED | \
>> + TPM_TIS_INT_COMMAND_READY)
>
> Since we cannot test interrupts with Linux since the driver doesn't
> support it,
> can you set this mask to 0 and move it into the public header file.
> Please also
> apply the mask to vthe alue returned from reading to the
> TPM_INT_CAPABILITY register.
>
OK, done.
>
>> +
>> +/* Operations */
>> +#define OP_SEND 1
>> +#define OP_RECV 2
>> +
>> +typedef struct TPMStateI2C {
>> + /*< private >*/
>> + I2CSlave parent_obj;
>> +
>> + uint8_t offset; /* offset into data[] */
>> + uint8_t operation; /* OP_SEND & OP_RECV */
>> + uint8_t data[5]; /* Data */
>> +
>> + /* i2c registers */
>> + uint8_t loc_sel; /* Current locality */
>> + uint8_t csum_enable; /* Is checksum enabled */
>> +
>> + /* Derived from the above */
>> + const char *reg_name; /* Register name */
>> + uint32_t tis_addr; /* Converted tis address including
>> locty */
>> +
>> + /*< public >*/
>> + TPMState state; /* not a QOM object */
>> +
>> +} TPMStateI2C;
>> +
>> +DECLARE_INSTANCE_CHECKER(TPMStateI2C, TPM_TIS_I2C,
>> + TYPE_TPM_TIS_I2C)
>> +
>> +/* Prototype */
>> +static inline void tpm_tis_i2c_to_tis_reg(TPMStateI2C *i2cst,
>> uint8_t i2c_reg);
>> +
>> +/* Register map */
>> +typedef struct regMap {
>> + uint8_t i2c_reg; /* I2C register */
>> + uint16_t tis_reg; /* TIS register */
>> + const char *reg_name; /* Register name */
>> +} I2CRegMap;
>> +
>> +/*
>> + * The register values in the common code is different than the latest
>> + * register numbers as per the spec hence add the conversion map
>> + */
>> +static const I2CRegMap tpm_tis_reg_map[] = {
>> + /*
>> + * These registers are sent to TIS layer. The register with UNKNOWN
>> + * mapping are not sent to TIS layer and handled in I2c layer.
>> + * NOTE: Adding frequently used registers at the start
>> + */
>> + { TPM_I2C_REG_DATA_FIFO, TPM_TIS_REG_DATA_FIFO,
>> "FIFO", },
>> + { TPM_I2C_REG_STS, TPM_TIS_REG_STS, "STS", },
>> + { TPM_I2C_REG_DATA_CSUM_GET, TPM_I2C_REG_UNKNOWN,
>> "CSUM_GET", },
>> + { TPM_I2C_REG_LOC_SEL, TPM_I2C_REG_UNKNOWN, "LOC_SEL", },
>> + { TPM_I2C_REG_ACCESS, TPM_TIS_REG_ACCESS, "ACCESS", },
>> + { TPM_I2C_REG_INT_ENABLE, TPM_TIS_REG_INT_ENABLE,
>> "INTR_ENABLE",},
>> + { TPM_I2C_REG_INT_CAPABILITY, TPM_TIS_REG_INT_ENABLE,
>> "INTR_CAP", },
>
>
> This mapping here is wrong. It should map to TPM_TIS_REG_INT_CAPABILITY.
OK, Now I handle this register in the I2C so changed to mapping to UNKNOWN
>
>> + { TPM_I2C_REG_INTF_CAPABILITY, TPM_TIS_REG_INTF_CAPABILITY,
>> "INTF_CAP", },
>> + { TPM_I2C_REG_DID_VID, TPM_TIS_REG_DID_VID, "DID_VID", },
>> + { TPM_I2C_REG_RID, TPM_TIS_REG_RID, "RID", },
>> + { TPM_I2C_REG_I2C_DEV_ADDRESS, TPM_I2C_REG_UNKNOWN,
>> "DEV_ADDRESS",},
>> + { TPM_I2C_REG_DATA_CSUM_ENABLE, TPM_I2C_REG_UNKNOWN,
>> "CSUM_ENABLE",},
>> +};
>> +
>
>
>> +/*
>> + * Send function only remembers data in the buffer and then calls
>> + * TPM TIS common code during FINISH event.
>> + */
>> +static int tpm_tis_i2c_send(I2CSlave *i2c, uint8_t data)
>> +{
>> + TPMStateI2C *i2cst = TPM_TIS_I2C(i2c);
>> +
>> + /* Reject non-supported registers. */
>> + if (i2cst->offset == 0) {
>> + /* Convert I2C register to TIS register */
>> + tpm_tis_i2c_to_tis_reg(i2cst, data);
>> + if (i2cst->tis_addr == 0xffffffff) {
>> + return 0xffffffff;
>> + }
>> +
>> + trace_tpm_tis_i2c_send_reg(i2cst->reg_name, data);
>> +
>> + /* We do not support device address change */
>> + if (data == TPM_I2C_REG_I2C_DEV_ADDRESS) {
>> + qemu_log_mask(LOG_UNIMP, "%s: Device address change "
>> + "is not supported.\n", __func__);
>> + return 0xffffffff;
>> + }
>> + } else {
>> + trace_tpm_tis_i2c_send(data);
>> + }
>> +
>> + if (i2cst->offset < sizeof(i2cst->data)) {
>> + i2cst->operation = OP_SEND;
>> +
>> + /* Remember data locally for non-FIFO registers */
>> + if ((i2cst->offset == 0) ||
>> + (i2cst->data[0] != TPM_I2C_REG_DATA_FIFO)) {
>> + i2cst->data[i2cst->offset++] = data;
>> + } else {
>> + tpm_tis_write_data(&i2cst->state, i2cst->tis_addr, data,
>> 1);
>> + }
>> +
>> + return 0;
>> +
>> + }
>> +
>> + /* Return non-zero to indicate NAK */
>> + return 1;
>> +}
>> +
>> +static Property tpm_tis_i2c_properties[] = {
>> + DEFINE_PROP_UINT32("irq", TPMStateI2C, state.irq_num, TPM_TIS_IRQ),
>
> You should remove this here. Maybe one day we will add it back when we
> can test it.
Done
>
>> + DEFINE_PROP_TPMBE("tpmdev", TPMStateI2C, state.be_driver),
>> + DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void tpm_tis_i2c_realizefn(DeviceState *dev, Error **errp)
>> +{
>> + TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
>> + TPMState *s = &i2cst->state;
>> +
>> + if (!tpm_find()) {
>> + error_setg(errp, "at most one TPM device is permitted");
>> + return;
>> + }
>> +
>> + /*
>> + * Get the backend pointer. It is not initialized propery during
>> + * device_class_set_props
>> + */
>> + s->be_driver = qemu_find_tpm_be("tpm0");
>> +
>> + if (!s->be_driver) {
>> + error_setg(errp, "'tpmdev' property is required");
>> + return;
>> + }
>> + if (s->irq_num > 15) {
>> + error_setg(errp, "IRQ %d is outside valid range of 0 to 15",
>> + s->irq_num);
>> + return;
>> + }
>
> This block can go.
Done
>
>> +}
>> +
>> +static void tpm_tis_i2c_reset(DeviceState *dev)
>> +{
>> + TPMStateI2C *i2cst = TPM_TIS_I2C(dev);
>> + TPMState *s = &i2cst->state;
>> +
>> + tpm_tis_i2c_clear_data(i2cst);
>> +
>> + i2cst->csum_enable = 0;
>> + i2cst->loc_sel = 0x00;
>> +
>> + return tpm_tis_reset(s);
>> +}
>> +
>> +static void tpm_tis_i2c_initfn(Object *obj)
>> +{
>> + TPMStateI2C *i2cst = TPM_TIS_I2C(obj);
>> + TPMState *s = &i2cst->state;
>> +
>> + sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
>> +}
>
> This function also has to go.
Done
Thanks for the review.
Ninad
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2023-03-27 15:56 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-26 22:44 [PATCH v7 0/3] Add support for TPM devices over I2C bus Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 1/3] docs: " Ninad Palsule
2023-03-27 7:47 ` Joel Stanley
2023-03-27 7:52 ` Cédric Le Goater
2023-03-27 14:48 ` Ninad Palsule
2023-03-27 15:10 ` Cédric Le Goater
2023-03-27 15:28 ` Ninad Palsule
2023-03-27 13:04 ` Ninad Palsule
2023-03-26 22:44 ` [PATCH v7 2/3] tpm: Extend common APIs to support TPM TIS I2C Ninad Palsule
2023-03-27 0:14 ` Stefan Berger
2023-03-26 22:44 ` [PATCH v7 3/3] tpm: Add support for TPM device over I2C bus Ninad Palsule
2023-03-27 13:40 ` Stefan Berger
2023-03-27 15:54 ` Ninad Palsule
2023-03-27 1:05 ` [PATCH v7 0/3] Add support for TPM devices " Joel Stanley
2023-03-27 3:52 ` Ninad Palsule
2023-03-27 8:04 ` Joel Stanley
2023-03-27 8:20 ` Cédric Le Goater
2023-03-27 10:49 ` Joel Stanley
2023-03-27 11:17 ` Stefan Berger
2023-03-27 11:11 ` Stefan Berger
2023-03-27 11:18 ` Joel Stanley
2023-03-27 11:24 ` Stefan Berger
2023-03-27 12:31 ` Stefan Berger
2023-03-27 13:09 ` Stefan Berger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).