[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d1a0cf: Support for TPM command line options
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] d1a0cf: Support for TPM command line options |
|
Date: |
Tue, 12 Mar 2013 13:30:17 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: d1a0cf738dab24fbfd8e9225b7f3df43dcfafc06
https://github.com/qemu/qemu/commit/d1a0cf738dab24fbfd8e9225b7f3df43dcfafc06
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M Makefile.objs
M hmp-commands.hx
M hmp.c
M hmp.h
A include/tpm/tpm.h
M monitor.c
M qapi-schema.json
M qemu-options.hx
M qmp-commands.hx
A tpm/Makefile.objs
A tpm/tpm.c
A tpm/tpm_int.h
A tpm/tpm_tis.h
M vl.c
Log Message:
-----------
Support for TPM command line options
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0:
type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: edff867807fefd9b8cc2bfd0e88a957987225f55
https://github.com/qemu/qemu/commit/edff867807fefd9b8cc2bfd0e88a957987225f55
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
A tpm/tpm_tis.c
Log Message:
-----------
Add TPM (frontend) hardware interface (TPM TIS) to QEMU
This patch adds the main code of the TPM frontend driver, the TPM TIS
interface, to QEMU. The code is largely based on the previous implementation
for Xen but has been significantly extended to meet the standard's
requirements, such as the support for changing of localities and all the
functionality of the available flags.
Communication with the backend (i.e., for Xen or the libtpms-based one)
is cleanly separated through an interface which the backend driver needs
to implement.
Whenever the frontend has collected a complete packet, it will submit
a task to the backend, which then starts processing the command. Once
the result has been returned, the backend invokes a callback function
(tpm_tis_receive_cb()).
Testing the proper functioning of the different flags and localities
cannot be done from user space when running in Linux for example, since
access to the address space of the TPM TIS interface is not possible. Also
the Linux driver itself does not exercise all functionality. So, for
testing there is a fairly extensive test suite as part of the SeaBIOS patches
since from within the BIOS one can have full access to all the TPM's registers.
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 8db7c4152188a13b4de6fbab158d61e5dd50e7ec
https://github.com/qemu/qemu/commit/8db7c4152188a13b4de6fbab158d61e5dd50e7ec
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M tpm/tpm_tis.c
Log Message:
-----------
Add a debug register
This patch uses the possibility to add a vendor-specific register and
adds a debug register useful for dumping the TIS's internal state. This
register is only active in a debug build (#define DEBUG_TIS).
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: ab214c2960e3a6d2a86b1ff53e9ba2505d173f93
https://github.com/qemu/qemu/commit/ab214c2960e3a6d2a86b1ff53e9ba2505d173f93
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M configure
M default-configs/i386-softmmu.mak
M default-configs/x86_64-softmmu.mak
M tpm/Makefile.objs
Log Message:
-----------
Build the TPM frontend code
Build the TPM frontend code that has been added so far.
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 4549a8b7ee3c47155c09582f31086f7d0ba61fc4
https://github.com/qemu/qemu/commit/4549a8b7ee3c47155c09582f31086f7d0ba61fc4
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M include/qemu/sockets.h
M qemu-char.c
M qemu-options.hx
M tpm/Makefile.objs
M tpm/tpm.c
A tpm/tpm_backend.c
A tpm/tpm_backend.h
M tpm/tpm_int.h
A tpm/tpm_passthrough.c
Log Message:
-----------
Add a TPM Passthrough backend driver implementation
This patch is based of off version 9 of Stefan Berger's patch series
"QEMU Trusted Platform Module (TPM) integration"
and adds a new backend driver for it.
This patch adds a passthrough backend driver for passing commands sent to the
emulated TPM device directly to a TPM device opened on the host machine.
Thus it is possible to use a hardware TPM device in a system running on QEMU,
providing the ability to access a TPM in a special state (e.g. after a Trusted
Boot).
This functionality is being used in the acTvSM Trusted Virtualization Platform
which is available on [1].
Usage example:
qemu-system-x86_64 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \
-device tpm-tis,tpmdev=tpm0 \
-cdrom test.iso -boot d
Some notes about the host TPM:
The TPM needs to be enabled and activated. If that's not the case one
has to go through the BIOS/UEFI and enable and activate that TPM for TPM
commands to work as expected.
It may be necessary to boot the kernel using tpm_tis.force=1 in the boot
command line or 'modprobe tpm_tis force=1' in case of using it as a module.
Regards,
Andreas Niederl, Stefan Berger
[1] http://trustedjava.sourceforge.net/
Signed-off-by: Andreas Niederl <address@hidden>
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 92dcc234ec1f266fb5d59bed77d66320c2c75965
https://github.com/qemu/qemu/commit/92dcc234ec1f266fb5d59bed77d66320c2c75965
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M qemu-options.hx
M tpm/tpm_passthrough.c
M vl.c
Log Message:
-----------
Add support for cancelling of a TPM command
This patch adds support for cancelling an executing TPM command.
In Linux for example a user can cancel a command through the TPM's
sysfs 'cancel' entry using
echo "1" > /sysfs/class/misc/tpm0/device/cancel
This patch propagates the cancellation of a command inside a VM
to the host TPM's sysfs entry.
It also uses the possibility to cancel the command before QEMU VM
shutdown or reboot, which helps in preventing QEMU from hanging while
waiting for the completion of the command.
To relieve higher layers or users from having to determine the TPM's
cancel sysfs entry, the driver searches for the entry in well known
locations.
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 1272ec881440bf579c9d3c9cd0745b2551ce6a7f
https://github.com/qemu/qemu/commit/1272ec881440bf579c9d3c9cd0745b2551ce6a7f
Author: Stefan Berger <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M default-configs/i386-softmmu.mak
M default-configs/x86_64-softmmu.mak
Log Message:
-----------
Build TPM passthrough for i386 and x86_64 targets
Build the TPM passthrough driver only for i386 and x86_64 targets
using the default-configs files for those targets with softmmu.
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Corey Bryant <address@hidden>
Reviewed-by: Joel Schopp <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 4524051c32190c1dc13ec2ccd122fd120dbed736
https://github.com/qemu/qemu/commit/4524051c32190c1dc13ec2ccd122fd120dbed736
Author: Gerd Hoffmann <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M trace-events
M vl.c
Log Message:
-----------
Add search path support for qemu data files.
This patch allows to specify multiple directories where qemu should look
for data files. To implement that the behavior of the -L switch is
slightly different now: Instead of replacing the data directory the
path specified will be appended to the data directory list. So when
specifiying -L multiple times all directories specified will be checked,
in the order they are specified on the command line, instead of just the
last one.
Additionally the default paths are always appended to the directory
data list. This allows to specify a incomplete directory (such as the
seabios out/ directory) via -L. Anything not found there will be loaded
from the default paths, so you don't have to create a symlink farm for
all the rom blobs.
For trouble-shooting a tracepoint has been added, logging which blob
has been loaded from which location.
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 8ca761f661a7cc972bc6bcf938feca6c538100f0
https://github.com/qemu/qemu/commit/8ca761f661a7cc972bc6bcf938feca6c538100f0
Author: Peter Feiner <address@hidden>
Date: 2013-03-12 (Tue, 12 Mar 2013)
Changed paths:
M exec.c
Log Message:
-----------
exec: make -mem-path filenames deterministic
Adds ramblocks' names to their backing files when using -mem-path. Eases
introspection and debugging.
Signed-off-by: Peter Feiner <address@hidden>
Message-id: address@hidden
Signed-off-by: Anthony Liguori <address@hidden>
Compare: https://github.com/qemu/qemu/compare/fe3cc14fd83e...8ca761f661a7
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] d1a0cf: Support for TPM command line options,
GitHub <=