@@ -5,6 +5,7 @@ obj-$(CONFIG_PSERIES) += spapr.o spapr_caps.o spapr_vio.o spapr_events.o
obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o spapr_rtas.o
obj-$(CONFIG_PSERIES) += spapr_pci.o spapr_rtc.o spapr_drc.o
obj-$(CONFIG_PSERIES) += spapr_cpu_core.o spapr_ovec.o spapr_irq.o
+obj-$(CONFIG_PSERIES) += spapr_tpm_proxy.o
obj-$(CONFIG_SPAPR_RNG) += spapr_rng.o
# IBM PowerNV
obj-$(CONFIG_POWERNV) += pnv.o pnv_xscom.o pnv_core.o pnv_lpc.o pnv_psi.o pnv_occ.o pnv_bmc.o
@@ -75,6 +75,7 @@
#include "qemu/cutils.h"
#include "hw/ppc/spapr_cpu_core.h"
#include "hw/mem/memory-device.h"
+#include "hw/ppc/spapr_tpm_proxy.h"
#include <libfdt.h>
@@ -4031,6 +4032,29 @@ static void spapr_phb_unplug_request(HotplugHandler *hotplug_dev,
}
}
+static void spapr_tpm_proxy_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
+ Error **errp)
+{
+ SpaprMachineState *spapr = SPAPR_MACHINE(OBJECT(hotplug_dev));
+ SpaprTpmProxy *tpm_proxy = SPAPR_TPM_PROXY(dev);
+
+ if (spapr->tpm_proxy != NULL) {
+ error_setg(errp, "Only one TPM proxy can be specified for this machine");
+ return;
+ }
+
+ spapr->tpm_proxy = tpm_proxy;
+}
+
+static void spapr_tpm_proxy_unplug(HotplugHandler *hotplug_dev, DeviceState *dev)
+{
+ SpaprMachineState *spapr = SPAPR_MACHINE(OBJECT(hotplug_dev));
+
+ object_property_set_bool(OBJECT(dev), false, "realized", NULL);
+ object_unparent(OBJECT(dev));
+ spapr->tpm_proxy = NULL;
+}
+
static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
DeviceState *dev, Error **errp)
{
@@ -4040,6 +4064,8 @@ static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
spapr_core_plug(hotplug_dev, dev, errp);
} else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_PCI_HOST_BRIDGE)) {
spapr_phb_plug(hotplug_dev, dev, errp);
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_TPM_PROXY)) {
+ spapr_tpm_proxy_plug(hotplug_dev, dev, errp);
}
}
@@ -4052,6 +4078,8 @@ static void spapr_machine_device_unplug(HotplugHandler *hotplug_dev,
spapr_core_unplug(hotplug_dev, dev);
} else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_PCI_HOST_BRIDGE)) {
spapr_phb_unplug(hotplug_dev, dev);
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_TPM_PROXY)) {
+ spapr_tpm_proxy_unplug(hotplug_dev, dev);
}
}
@@ -4086,6 +4114,8 @@ static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
return;
}
spapr_phb_unplug_request(hotplug_dev, dev, errp);
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_TPM_PROXY)) {
+ spapr_tpm_proxy_unplug(hotplug_dev, dev);
}
}
@@ -4106,7 +4136,8 @@ static HotplugHandler *spapr_get_hotplug_handler(MachineState *machine,
{
if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM) ||
object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE) ||
- object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_PCI_HOST_BRIDGE)) {
+ object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_PCI_HOST_BRIDGE) ||
+ object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_TPM_PROXY)) {
return HOTPLUG_HANDLER(machine);
}
if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
new file mode 100644
@@ -0,0 +1,176 @@
+/*
+ * SPAPR TPM Proxy/Hypercall
+ *
+ * Copyright IBM Corp. 2019
+ *
+ * Authors:
+ * Michael Roth <mdroth@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "cpu.h"
+#include "hw/ppc/spapr.h"
+#include "trace.h"
+
+#define TPM_SPAPR_BUFSIZE 4096
+
+enum {
+ TPM_COMM_OP_EXECUTE = 1,
+ TPM_COMM_OP_CLOSE_SESSION = 2,
+};
+
+static void spapr_tpm_proxy_reset(void *opaque)
+{
+ SpaprTpmProxy *tpm_proxy = SPAPR_TPM_PROXY(opaque);
+
+ if (tpm_proxy->host_fd != -1) {
+ close(tpm_proxy->host_fd);
+ tpm_proxy->host_fd = -1;
+ }
+}
+
+static ssize_t tpm_execute(SpaprTpmProxy *tpm_proxy, target_ulong *args)
+{
+ uint64_t data_in = ppc64_phys_to_real(args[1]);
+ target_ulong data_in_size = args[2];
+ uint64_t data_out = ppc64_phys_to_real(args[3]);
+ target_ulong data_out_size = args[4];
+ uint8_t buf_in[TPM_SPAPR_BUFSIZE];
+ uint8_t buf_out[TPM_SPAPR_BUFSIZE];
+ ssize_t ret;
+
+ trace_spapr_tpm_execute(data_in, data_in_size, data_out, data_out_size);
+
+ if (data_in_size > TPM_SPAPR_BUFSIZE) {
+ error_report("invalid TPM input buffer size: " TARGET_FMT_lu,
+ data_in_size);
+ return H_P3;
+ }
+
+ if (data_out_size < TPM_SPAPR_BUFSIZE) {
+ error_report("invalid TPM output buffer size: " TARGET_FMT_lu,
+ data_out_size);
+ return H_P5;
+ }
+
+ if (tpm_proxy->host_fd == -1) {
+ tpm_proxy->host_fd = open(tpm_proxy->host_path, O_RDWR);
+ if (tpm_proxy->host_fd == -1) {
+ error_report("failed to open TPM device %s: %d",
+ tpm_proxy->host_path, errno);
+ return H_RESOURCE;
+ }
+ }
+
+ cpu_physical_memory_read(data_in, buf_in, data_in_size);
+
+ do {
+ ret = write(tpm_proxy->host_fd, buf_in, data_in_size);
+ if (ret > 0) {
+ data_in_size -= ret;
+ }
+ } while ((ret >= 0 && data_in_size > 0) || (ret == -1 && errno == EINTR));
+
+ if (ret == -1) {
+ error_report("failed to write to TPM device %s: %d",
+ tpm_proxy->host_path, errno);
+ return H_RESOURCE;
+ }
+
+ do {
+ ret = read(tpm_proxy->host_fd, buf_out, data_out_size);
+ } while (ret == 0 || (ret == -1 && errno == EINTR));
+
+ if (ret == -1) {
+ error_report("failed to read from TPM device %s: %d",
+ tpm_proxy->host_path, errno);
+ return H_RESOURCE;
+ }
+
+ cpu_physical_memory_write(data_out, buf_out, ret);
+ args[0] = ret;
+
+ return H_SUCCESS;
+}
+
+static target_ulong h_tpm_comm(PowerPCCPU *cpu,
+ SpaprMachineState *spapr,
+ target_ulong opcode,
+ target_ulong *args)
+{
+ target_ulong op = args[0];
+ SpaprTpmProxy *tpm_proxy = spapr->tpm_proxy;
+
+ if (!tpm_proxy) {
+ error_report("TPM proxy not available");
+ return H_FUNCTION;
+ }
+
+ trace_spapr_h_tpm_comm(tpm_proxy->host_path ?: "null", op);
+
+ switch (op) {
+ case TPM_COMM_OP_EXECUTE:
+ return tpm_execute(tpm_proxy, args);
+ case TPM_COMM_OP_CLOSE_SESSION:
+ spapr_tpm_proxy_reset(tpm_proxy);
+ return H_SUCCESS;
+ default:
+ return H_PARAMETER;
+ }
+}
+
+static void spapr_tpm_proxy_realize(DeviceState *d, Error **errp)
+{
+ SpaprTpmProxy *tpm_proxy = SPAPR_TPM_PROXY(d);
+
+ if (tpm_proxy->host_path == NULL) {
+ error_setg(errp, "must specify 'host-path' option for device");
+ return;
+ }
+
+ tpm_proxy->host_fd = -1;
+ qemu_register_reset(spapr_tpm_proxy_reset, tpm_proxy);
+}
+
+static void spapr_tpm_proxy_unrealize(DeviceState *d, Error **errp)
+{
+ SpaprTpmProxy *tpm_proxy = SPAPR_TPM_PROXY(d);
+
+ qemu_unregister_reset(spapr_tpm_proxy_reset, tpm_proxy);
+}
+
+static Property spapr_tpm_proxy_properties[] = {
+ DEFINE_PROP_STRING("host-path", SpaprTpmProxy, host_path),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void spapr_tpm_proxy_class_init(ObjectClass *k, void *data)
+{
+ DeviceClass *dk = DEVICE_CLASS(k);
+
+ dk->realize = spapr_tpm_proxy_realize;
+ dk->unrealize = spapr_tpm_proxy_unrealize;
+ dk->user_creatable = true;
+ dk->props = spapr_tpm_proxy_properties;
+}
+
+static const TypeInfo spapr_tpm_proxy_info = {
+ .name = TYPE_SPAPR_TPM_PROXY,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(SpaprTpmProxy),
+ .class_init = spapr_tpm_proxy_class_init,
+};
+
+static void spapr_tpm_proxy_register_types(void)
+{
+ type_register_static(&spapr_tpm_proxy_info);
+ spapr_register_hypercall(H_TPM_COMM, h_tpm_comm);
+}
+
+type_init(spapr_tpm_proxy_register_types)
@@ -25,6 +25,10 @@ spapr_update_dt(unsigned cb) "New blob %u bytes"
spapr_update_dt_failed_size(unsigned cbold, unsigned cbnew, unsigned magic) "Old blob %u bytes, new blob %u bytes, magic 0x%x"
spapr_update_dt_failed_check(unsigned cbold, unsigned cbnew, unsigned magic) "Old blob %u bytes, new blob %u bytes, magic 0x%x"
+# spapr_hcall_tpm.c
+spapr_h_tpm_comm(const char *device_path, uint64_t operation) "tpm_device_path=%s operation=0x%"PRIu64
+spapr_tpm_execute(uint64_t data_in, uint64_t data_in_sz, uint64_t data_out, uint64_t data_out_sz) "data_in=0x%"PRIx64", data_in_sz=%"PRIu64", data_out=0x%"PRIx64", data_out_sz=%"PRIu64
+
# spapr_iommu.c
spapr_iommu_put(uint64_t liobn, uint64_t ioba, uint64_t tce, uint64_t ret) "liobn=0x%"PRIx64" ioba=0x%"PRIx64" tce=0x%"PRIx64" ret=%"PRId64
spapr_iommu_get(uint64_t liobn, uint64_t ioba, uint64_t ret, uint64_t tce) "liobn=0x%"PRIx64" ioba=0x%"PRIx64" ret=%"PRId64" tce=0x%"PRIx64
@@ -10,6 +10,7 @@
#include "hw/ppc/spapr_irq.h"
#include "hw/ppc/spapr_xive.h" /* For SpaprXive */
#include "hw/ppc/xics.h" /* For ICSState */
+#include "hw/ppc/spapr_tpm_proxy.h"
struct SpaprVioBus;
struct SpaprPhbState;
@@ -203,6 +204,7 @@ struct SpaprMachineState {
SpaprCapabilities def, eff, mig;
unsigned gpu_numa_id;
+ SpaprTpmProxy *tpm_proxy;
};
#define H_SUCCESS 0
@@ -490,8 +492,9 @@ struct SpaprMachineState {
#define H_INT_ESB 0x3C8
#define H_INT_SYNC 0x3CC
#define H_INT_RESET 0x3D0
+#define H_TPM_COMM 0xEF10
-#define MAX_HCALL_OPCODE H_INT_RESET
+#define MAX_HCALL_OPCODE H_TPM_COMM
/* The hcalls above are standardized in PAPR and implemented by pHyp
* as well.
new file mode 100644
@@ -0,0 +1,31 @@
+/*
+ * SPAPR TPM Proxy/Hypercall
+ *
+ * Copyright IBM Corp. 2019
+ *
+ * Authors:
+ * Michael Roth <mdroth@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef HW_SPAPR_TPM_PROXY_H
+#define HW_SPAPR_TPM_PROXY_H
+
+#include "qom/object.h"
+#include "hw/qdev.h"
+
+#define TYPE_SPAPR_TPM_PROXY "spapr-tpm-proxy"
+#define SPAPR_TPM_PROXY(obj) OBJECT_CHECK(SpaprTpmProxy, (obj), \
+ TYPE_SPAPR_TPM_PROXY)
+
+typedef struct SpaprTpmProxy {
+ /*< private >*/
+ DeviceState parent;
+
+ char *host_path;
+ int host_fd;
+} SpaprTpmProxy;
+
+#endif /* HW_SPAPR_TPM_PROXY_H */
This implements the H_TPM_COMM hypercall, which is used by an Ultravisor to pass TPM commands directly to the host's TPM device, or a TPM Resource Manager associated with the device. This also introduces a new virtual device, spapr-tpm-proxy, which is used to configure the host TPM path to be used to service requests sent by H_TPM_COMM hcalls, for example: -device spapr-tpm-proxy,id=tpmp0,host-path=/dev/tpmrm0 By default, no spapr-tpm-proxy will be created, and hcalls will return H_FUNCTION. The full specification for this hypercall can be found in docs/specs/ppc-spapr-uv-hcalls.txt Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com --- hw/ppc/Makefile.objs | 1 + hw/ppc/spapr.c | 33 +++++- hw/ppc/spapr_tpm_proxy.c | 176 +++++++++++++++++++++++++++++++ hw/ppc/trace-events | 4 + include/hw/ppc/spapr.h | 5 +- include/hw/ppc/spapr_tpm_proxy.h | 31 ++++++ 6 files changed, 248 insertions(+), 2 deletions(-) create mode 100644 hw/ppc/spapr_tpm_proxy.c create mode 100644 include/hw/ppc/spapr_tpm_proxy.h