qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Auger Eric <eric.auger@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>,
	"QEMU Developers" <qemu-devel@nongnu.org>,
	qemu-arm <qemu-arm@nongnu.org>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Eric Auger" <eric.auger.pro@gmail.com>,
	"Laszlo Ersek" <lersek@redhat.com>,
	"Stefan Berger" <stefanb@linux.ibm.com>
Subject: Re: [RFC v2 0/6] vTPM for aarch64
Date: Mon, 17 Feb 2020 19:03:05 +0100	[thread overview]
Message-ID: <f50fb895-049f-3787-e1f9-7d5e9bf1013a@redhat.com> (raw)
In-Reply-To: <CAKv+Gu_JsLdLV2JWCoFaw=3MR4DPKxOzE1mv-0h0nUikoGmZ7w@mail.gmail.com>

Hi Ard,

On 2/16/20 5:35 PM, Ard Biesheuvel wrote:
> On Fri, 14 Feb 2020 at 19:37, Eric Auger <eric.auger@redhat.com> wrote:
>>
>> This series adds the capability to instantiate an MMIO TPM TIS
>> in ARM virt.
>>
>> The existing TPM TIS code is reshuffled into a generic part,
>> the ISA device and the sysbus device. The last patch allows
>> the instantiation of the TPM TIS sysbus device in ARM virt.
>>
>> The series was tested with the swtpm/libtpms emulator.
>> Automatic guest LUKS volume unlocking (tpm2) was successful.
>> EDK2 support is under development [3]. Thanks to Ard
>> for supporting me when setting up the test environment.
>>
>> Best Regards
>>
>> Eric
>>
>> Testing:
>>
>> mkdir /tmp/tpm
>> swtpm socket \
>> --tpm2 \
>> -t -d \
>> --tpmstate dir=/tmp/tpm \
>> --ctrl type=unixio,path=/tmp/swtpm-sock
>>
>> qemu command line must be augmented with the following options:
>>
>> -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
>> -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> -device tpm-tis-device,tpmdev=tpm0 \
>>
>> References:
>> [1] libtpms: https://github.com/stefanberger/libtpms/wiki
>> [2] swtpm: https://github.com/stefanberger/swtpm/wiki
>> [3] [PATCH 0/4] ArmVirtPkg: implement measured boot for ArmVirtQemu
>>
>> This series can be found at:
>> https://github.com/eauger/qemu/tree/v4.2.0-tpm-rfc-v2
>>
>> History:
>>
>> RFC v1 -> RFC v2:
>> - restructure the existing code with common, ISA and sysbus part.
>> - both ARM and x86 integration were tested.
>> - acknowledgement: migration has not been tested
>>
>> Eric Auger (6):
>>   tpm: rename TPM_TIS into TPM_TIS_ISA
>>   tpm: Use TPMState as a common struct
>>   tpm: Separate tpm_tis common functions from isa code
>>   tpm: Separate TPM_TIS and TPM_TIS_ISA configs
>>   tpm: Add the SysBus TPM TIS device
>>   hw/arm/virt: vTPM support
>>
> 
> Many thanks to Eric for his work on this.
> 
> I have tested this with my EDK2 code and a Linux/arm64 VM booting in
> DT mode with the tpm-tis driver enabled, and it works as expected. I
> can observe the firmware taking measurements during boot, and can dump
> the PCRs from Linux using tpm2_pcrlist.
> 
> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Many thanks for the testing.
> 
> Note that the UEFI firmware is itself a consumer of the DT
> description, so we need the DT related changes regardless of whether
> the VM boots in DT or ACPI mode.

OK thank you for the note. I will add this in my cover letter.

Best Regards

Eric
> 
> 
> 
>>  default-configs/i386-softmmu.mak       |   2 +-
>>  hw/arm/Kconfig                         |   1 +
>>  hw/arm/sysbus-fdt.c                    |  36 +++++
>>  hw/arm/virt.c                          |   7 +
>>  hw/i386/Kconfig                        |   2 +-
>>  hw/i386/acpi-build.c                   |   6 +-
>>  hw/tpm/Kconfig                         |  12 +-
>>  hw/tpm/Makefile.objs                   |   4 +-
>>  hw/tpm/tpm_tis.h                       |  91 +++++++++++++
>>  hw/tpm/{tpm_tis.c => tpm_tis_common.c} | 181 ++-----------------------
>>  hw/tpm/tpm_tis_isa.c                   | 170 +++++++++++++++++++++++
>>  hw/tpm/tpm_tis_sysbus.c                | 159 ++++++++++++++++++++++
>>  include/sysemu/tpm.h                   |   7 +-
>>  tests/qtest/Makefile.include           |   4 +-
>>  14 files changed, 502 insertions(+), 180 deletions(-)
>>  create mode 100644 hw/tpm/tpm_tis.h
>>  rename hw/tpm/{tpm_tis.c => tpm_tis_common.c} (85%)
>>  create mode 100644 hw/tpm/tpm_tis_isa.c
>>  create mode 100644 hw/tpm/tpm_tis_sysbus.c
>>
>> --
>> 2.20.1
>>
> 



      reply	other threads:[~2020-02-17 18:22 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-14 18:36 [RFC v2 0/6] vTPM for aarch64 Eric Auger
2020-02-14 18:36 ` [RFC v2 1/6] tpm: rename TPM_TIS into TPM_TIS_ISA Eric Auger
2020-02-14 18:55   ` Philippe Mathieu-Daudé
2020-02-25 10:16     ` Auger Eric
2020-02-25 10:22       ` Philippe Mathieu-Daudé
2020-02-25 10:28         ` Auger Eric
2020-02-16 18:14   ` Stefan Berger
2020-02-14 18:37 ` [RFC v2 2/6] tpm: Use TPMState as a common struct Eric Auger
2020-02-14 19:01   ` Philippe Mathieu-Daudé
2020-02-16 18:22   ` Stefan Berger
2020-02-17  9:21   ` Philippe Mathieu-Daudé
2020-02-17 18:01     ` Auger Eric
2020-02-25 10:18       ` Auger Eric
2020-02-14 18:37 ` [RFC v2 3/6] tpm: Separate tpm_tis common functions from isa code Eric Auger
2020-02-16 18:27   ` Stefan Berger
2020-02-14 18:37 ` [RFC v2 4/6] tpm: Separate TPM_TIS and TPM_TIS_ISA configs Eric Auger
2020-02-14 19:03   ` Philippe Mathieu-Daudé
2020-02-25 10:05     ` Auger Eric
2020-02-14 18:37 ` [RFC v2 5/6] tpm: Add the SysBus TPM TIS device Eric Auger
2020-02-16 18:32   ` Stefan Berger
2020-02-17 18:13     ` Auger Eric
2020-02-25  9:18       ` Auger Eric
2020-02-25  9:52         ` Ard Biesheuvel
2020-02-25 10:18           ` Philippe Mathieu-Daudé
2020-02-26  8:38           ` Auger Eric
2020-02-14 18:37 ` [RFC v2 6/6] hw/arm/virt: vTPM support Eric Auger
2020-02-16 18:47   ` Stefan Berger
2020-02-17 18:26     ` Auger Eric
2020-02-16 16:35 ` [RFC v2 0/6] vTPM for aarch64 Ard Biesheuvel
2020-02-17 18:03   ` Auger Eric [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f50fb895-049f-3787-e1f9-7d5e9bf1013a@redhat.com \
    --to=eric.auger@redhat.com \
    --cc=ardb@kernel.org \
    --cc=eric.auger.pro@gmail.com \
    --cc=lersek@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=philmd@redhat.com \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanb@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).