| Message ID | 20200226205942.11424-1-eric.auger@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | vTPM for aarch64 | expand |
On 2/26/20 3:59 PM, Eric Auger wrote: > This series adds the capability to instantiate an MMIO TPM TIS > in ARM virt. It is candidate to qemu 5.0. I queued it now here: https://github.com/stefanberger/qemu-tpm/commits/tpm-next I will send the PR within a few days. Thanks! Cheers, Stefan > > The existing TPM TIS code is reshuffled into a generic part, > the ISA device and the sysbus device. The sysbus TPM-TIS > device gets dynamically instantiated in machvirt on the > platform bus. > > ACPI boot is not yet supported on ARM. Note that the UEFI > firmware is itself a consumer of the DT description, so we > need the DT related changes regardless of whether the VM > boots in DT or ACPI mode. > > Related qtests are reshuffled to allow the reuse of existing > tests for both the ISA and the sysbus devices: Adaption > consists in changing the qemu command line (change in the > device name and provide explicit machine options) and adapt > to the relocation of the TPM-TIS device in the memory map. > > The series was tested with the swtpm/libtpms emulator. > Automatic guest LUKS volume unlocking (tpm2) was successful. > EDK2 support is under development [3]. Thanks to Ard > for supporting me when setting up the test environment. > > Best Regards > > Eric > > Testing: > > mkdir /tmp/tpm > swtpm socket \ > --tpm2 \ > -t -d \ > --tpmstate dir=/tmp/tpm \ > --ctrl type=unixio,path=/tmp/swtpm-sock > > qemu command line must be augmented with the following options: > > -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ > -tpmdev emulator,id=tpm0,chardev=chrtpm \ > -device tpm-tis-device,tpmdev=tpm0 \ > > References: > [1] libtpms: https://github.com/stefanberger/libtpms/wiki > [2] swtpm: https://github.com/stefanberger/swtpm/wiki > [3] [PATCH v3 0/9] ArmVirtPkg: implement measured boot for ArmVirtQemu > > This series can be found at: > https://github.com/eauger/qemu/tree/v4.2.0-tpm-patch-v4 > > History: > > v3 -> v4: > - collect additional R-b's > - add 'Not used but needed for linking' mention related to > tpm_tis_base_addr in CRB test files > - fix comment style > > RFCv2 -> PATCH v3: > - Updated the doc for ARM > - Adapted existing tests for ARM > - use qemu_fdt_setprop_string in add_tpm_tis_fdt_node > - Collected R-b's > - Comments not taken into account: > - I have kept the tpm-tis-device name for now despite Stefan's > suggestion to rename it into tpm-tis-sysbus. This is not > frozen though > - Common state still is not a QOM object (no double inheritence) > > RFC v1 -> RFC v2: > - restructure the existing code with common, ISA and sysbus part. > - both ARM and x86 integration were tested. > > Eric Auger (10): > tpm: rename TPM_TIS into TPM_TIS_ISA > tpm: Use TPMState as a common struct > tpm: Separate tpm_tis common functions from isa code > tpm: Separate TPM_TIS and TPM_TIS_ISA configs > tpm: Add the SysBus TPM TIS device > hw/arm/virt: vTPM support > docs/specs/tpm: Document TPM_TIS sysbus device for ARM > test: tpm: pass optional machine options to swtpm test functions > test: tpm-tis: Get prepared to share tests between ISA and sysbus > devices > test: tpm-tis: Add Sysbus TPM-TIS device test > > default-configs/i386-softmmu.mak | 2 +- > docs/specs/tpm.rst | 25 +- > hw/arm/Kconfig | 1 + > hw/arm/sysbus-fdt.c | 33 ++ > hw/arm/virt.c | 7 + > hw/i386/Kconfig | 2 +- > hw/i386/acpi-build.c | 6 +- > hw/tpm/Kconfig | 12 +- > hw/tpm/Makefile.objs | 4 +- > hw/tpm/tpm_tis.h | 91 +++++ > hw/tpm/{tpm_tis.c => tpm_tis_common.c} | 181 +--------- > hw/tpm/tpm_tis_isa.c | 170 +++++++++ > hw/tpm/tpm_tis_sysbus.c | 159 +++++++++ > include/sysemu/tpm.h | 7 +- > tests/qtest/Makefile.include | 11 +- > tests/qtest/tpm-crb-swtpm-test.c | 9 +- > tests/qtest/tpm-crb-test.c | 3 + > tests/qtest/tpm-tests.c | 10 +- > tests/qtest/tpm-tests.h | 5 +- > tests/qtest/tpm-tis-device-swtpm-test.c | 76 ++++ > tests/qtest/tpm-tis-device-test.c | 87 +++++ > tests/qtest/tpm-tis-swtpm-test.c | 8 +- > tests/qtest/tpm-tis-test.c | 414 +--------------------- > tests/qtest/tpm-tis-util.c | 451 ++++++++++++++++++++++++ > tests/qtest/tpm-tis-util.h | 23 ++ > tests/qtest/tpm-util.c | 11 +- > tests/qtest/tpm-util.h | 8 +- > 27 files changed, 1207 insertions(+), 609 deletions(-) > create mode 100644 hw/tpm/tpm_tis.h > rename hw/tpm/{tpm_tis.c => tpm_tis_common.c} (85%) > create mode 100644 hw/tpm/tpm_tis_isa.c > create mode 100644 hw/tpm/tpm_tis_sysbus.c > create mode 100644 tests/qtest/tpm-tis-device-swtpm-test.c > create mode 100644 tests/qtest/tpm-tis-device-test.c > create mode 100644 tests/qtest/tpm-tis-util.c > create mode 100644 tests/qtest/tpm-tis-util.h >
Hi Stefan, On 2/26/20 11:44 PM, Stefan Berger wrote: > On 2/26/20 3:59 PM, Eric Auger wrote: >> This series adds the capability to instantiate an MMIO TPM TIS >> in ARM virt. It is candidate to qemu 5.0. > > I queued it now here: > https://github.com/stefanberger/qemu-tpm/commits/tpm-next > > I will send the PR within a few days. Thanks! Thank you. I will just ping Peter to make sure he has no comments on [PATCH v4 06/10] hw/arm/virt: vTPM support Eric > > Cheers, > > Stefan > > > >> >> The existing TPM TIS code is reshuffled into a generic part, >> the ISA device and the sysbus device. The sysbus TPM-TIS >> device gets dynamically instantiated in machvirt on the >> platform bus. >> >> ACPI boot is not yet supported on ARM. Note that the UEFI >> firmware is itself a consumer of the DT description, so we >> need the DT related changes regardless of whether the VM >> boots in DT or ACPI mode. >> >> Related qtests are reshuffled to allow the reuse of existing >> tests for both the ISA and the sysbus devices: Adaption >> consists in changing the qemu command line (change in the >> device name and provide explicit machine options) and adapt >> to the relocation of the TPM-TIS device in the memory map. >> >> The series was tested with the swtpm/libtpms emulator. >> Automatic guest LUKS volume unlocking (tpm2) was successful. >> EDK2 support is under development [3]. Thanks to Ard >> for supporting me when setting up the test environment. >> >> Best Regards >> >> Eric >> >> Testing: >> >> mkdir /tmp/tpm >> swtpm socket \ >> --tpm2 \ >> -t -d \ >> --tpmstate dir=/tmp/tpm \ >> --ctrl type=unixio,path=/tmp/swtpm-sock >> >> qemu command line must be augmented with the following options: >> >> -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ >> -tpmdev emulator,id=tpm0,chardev=chrtpm \ >> -device tpm-tis-device,tpmdev=tpm0 \ >> >> References: >> [1] libtpms: https://github.com/stefanberger/libtpms/wiki >> [2] swtpm: https://github.com/stefanberger/swtpm/wiki >> [3] [PATCH v3 0/9] ArmVirtPkg: implement measured boot for ArmVirtQemu >> >> This series can be found at: >> https://github.com/eauger/qemu/tree/v4.2.0-tpm-patch-v4 >> >> History: >> >> v3 -> v4: >> - collect additional R-b's >> - add 'Not used but needed for linking' mention related to >> tpm_tis_base_addr in CRB test files >> - fix comment style >> >> RFCv2 -> PATCH v3: >> - Updated the doc for ARM >> - Adapted existing tests for ARM >> - use qemu_fdt_setprop_string in add_tpm_tis_fdt_node >> - Collected R-b's >> - Comments not taken into account: >> - I have kept the tpm-tis-device name for now despite Stefan's >> suggestion to rename it into tpm-tis-sysbus. This is not >> frozen though >> - Common state still is not a QOM object (no double inheritence) >> >> RFC v1 -> RFC v2: >> - restructure the existing code with common, ISA and sysbus part. >> - both ARM and x86 integration were tested. >> >> Eric Auger (10): >> tpm: rename TPM_TIS into TPM_TIS_ISA >> tpm: Use TPMState as a common struct >> tpm: Separate tpm_tis common functions from isa code >> tpm: Separate TPM_TIS and TPM_TIS_ISA configs >> tpm: Add the SysBus TPM TIS device >> hw/arm/virt: vTPM support >> docs/specs/tpm: Document TPM_TIS sysbus device for ARM >> test: tpm: pass optional machine options to swtpm test functions >> test: tpm-tis: Get prepared to share tests between ISA and sysbus >> devices >> test: tpm-tis: Add Sysbus TPM-TIS device test >> >> default-configs/i386-softmmu.mak | 2 +- >> docs/specs/tpm.rst | 25 +- >> hw/arm/Kconfig | 1 + >> hw/arm/sysbus-fdt.c | 33 ++ >> hw/arm/virt.c | 7 + >> hw/i386/Kconfig | 2 +- >> hw/i386/acpi-build.c | 6 +- >> hw/tpm/Kconfig | 12 +- >> hw/tpm/Makefile.objs | 4 +- >> hw/tpm/tpm_tis.h | 91 +++++ >> hw/tpm/{tpm_tis.c => tpm_tis_common.c} | 181 +--------- >> hw/tpm/tpm_tis_isa.c | 170 +++++++++ >> hw/tpm/tpm_tis_sysbus.c | 159 +++++++++ >> include/sysemu/tpm.h | 7 +- >> tests/qtest/Makefile.include | 11 +- >> tests/qtest/tpm-crb-swtpm-test.c | 9 +- >> tests/qtest/tpm-crb-test.c | 3 + >> tests/qtest/tpm-tests.c | 10 +- >> tests/qtest/tpm-tests.h | 5 +- >> tests/qtest/tpm-tis-device-swtpm-test.c | 76 ++++ >> tests/qtest/tpm-tis-device-test.c | 87 +++++ >> tests/qtest/tpm-tis-swtpm-test.c | 8 +- >> tests/qtest/tpm-tis-test.c | 414 +--------------------- >> tests/qtest/tpm-tis-util.c | 451 ++++++++++++++++++++++++ >> tests/qtest/tpm-tis-util.h | 23 ++ >> tests/qtest/tpm-util.c | 11 +- >> tests/qtest/tpm-util.h | 8 +- >> 27 files changed, 1207 insertions(+), 609 deletions(-) >> create mode 100644 hw/tpm/tpm_tis.h >> rename hw/tpm/{tpm_tis.c => tpm_tis_common.c} (85%) >> create mode 100644 hw/tpm/tpm_tis_isa.c >> create mode 100644 hw/tpm/tpm_tis_sysbus.c >> create mode 100644 tests/qtest/tpm-tis-device-swtpm-test.c >> create mode 100644 tests/qtest/tpm-tis-device-test.c >> create mode 100644 tests/qtest/tpm-tis-util.c >> create mode 100644 tests/qtest/tpm-tis-util.h >> > >
On 2/27/20 3:07 AM, Auger Eric wrote: > Hi Stefan, > On 2/26/20 11:44 PM, Stefan Berger wrote: >> On 2/26/20 3:59 PM, Eric Auger wrote: >>> This series adds the capability to instantiate an MMIO TPM TIS >>> in ARM virt. It is candidate to qemu 5.0. >> I queued it now here: >> https://github.com/stefanberger/qemu-tpm/commits/tpm-next >> >> I will send the PR within a few days. Thanks! > Thank you. I will just ping Peter to make sure he has no comments on > > [PATCH v4 06/10] hw/arm/virt: vTPM support The little dent is now an arm boot failure: https://travis-ci.org/stefanberger/qemu-tpm/jobs/655573347?utm_medium=notification&utm_source=email Have a look at the raw log. Stefan
Hi Stefan, On 2/28/20 3:37 PM, Stefan Berger wrote: > On 2/27/20 3:07 AM, Auger Eric wrote: >> Hi Stefan, >> On 2/26/20 11:44 PM, Stefan Berger wrote: >>> On 2/26/20 3:59 PM, Eric Auger wrote: >>>> This series adds the capability to instantiate an MMIO TPM TIS >>>> in ARM virt. It is candidate to qemu 5.0. >>> I queued it now here: >>> https://github.com/stefanberger/qemu-tpm/commits/tpm-next >>> >>> I will send the PR within a few days. Thanks! >> Thank you. I will just ping Peter to make sure he has no comments on >> >> [PATCH v4 06/10] hw/arm/virt: vTPM support > > > The little dent is now an arm boot failure: > > > https://travis-ci.org/stefanberger/qemu-tpm/jobs/655573347?utm_medium=notification&utm_source=email is this really related to the sysbus TPM-TIS addition? I have the impression cubieboard acceptance tests (ARM 32b) are failing. I touched ARM virt machine. Thanks Eric > > > > Have a look at the raw log. > > > Stefan > > >
On 2/28/20 9:49 AM, Auger Eric wrote: > Hi Stefan, > On 2/28/20 3:37 PM, Stefan Berger wrote: >> On 2/27/20 3:07 AM, Auger Eric wrote: >>> Hi Stefan, >>> On 2/26/20 11:44 PM, Stefan Berger wrote: >>>> On 2/26/20 3:59 PM, Eric Auger wrote: >>>>> This series adds the capability to instantiate an MMIO TPM TIS >>>>> in ARM virt. It is candidate to qemu 5.0. >>>> I queued it now here: >>>> https://github.com/stefanberger/qemu-tpm/commits/tpm-next >>>> >>>> I will send the PR within a few days. Thanks! >>> Thank you. I will just ping Peter to make sure he has no comments on >>> >>> [PATCH v4 06/10] hw/arm/virt: vTPM support >> >> The little dent is now an arm boot failure: >> >> >> https://travis-ci.org/stefanberger/qemu-tpm/jobs/655573347?utm_medium=notification&utm_source=email > is this really related to the sysbus TPM-TIS addition? I have the > impression cubieboard acceptance tests (ARM 32b) are failing. I touched > ARM virt machine. I hadn't seen this one here before: https://travis-ci.org/qemu/qemu/jobs/656327906 We're good. Stefan > > Thanks > > Eric >> >> >> Have a look at the raw log. >> >> >> Stefan >> >> >>
Hi Stefan, On 2/28/20 6:52 PM, Stefan Berger wrote: > On 2/28/20 9:49 AM, Auger Eric wrote: >> Hi Stefan, >> On 2/28/20 3:37 PM, Stefan Berger wrote: >>> On 2/27/20 3:07 AM, Auger Eric wrote: >>>> Hi Stefan, >>>> On 2/26/20 11:44 PM, Stefan Berger wrote: >>>>> On 2/26/20 3:59 PM, Eric Auger wrote: >>>>>> This series adds the capability to instantiate an MMIO TPM TIS >>>>>> in ARM virt. It is candidate to qemu 5.0. >>>>> I queued it now here: >>>>> https://github.com/stefanberger/qemu-tpm/commits/tpm-next >>>>> >>>>> I will send the PR within a few days. Thanks! >>>> Thank you. I will just ping Peter to make sure he has no comments on >>>> >>>> [PATCH v4 06/10] hw/arm/virt: vTPM support >>> >>> The little dent is now an arm boot failure: >>> >>> >>> https://travis-ci.org/stefanberger/qemu-tpm/jobs/655573347?utm_medium=notification&utm_source=email >>> >> is this really related to the sysbus TPM-TIS addition? I have the >> impression cubieboard acceptance tests (ARM 32b) are failing. I touched >> ARM virt machine. > > I hadn't seen this one here before: > > https://travis-ci.org/qemu/qemu/jobs/656327906 > > > We're good. Thanks for the confirmation. Best Regards Eric > > > Stefan > > > >> >> Thanks >> >> Eric >>> >>> >>> Have a look at the raw log. >>> >>> >>> Stefan >>> >>> >>> >
This series adds the capability to instantiate an MMIO TPM TIS in ARM virt. It is candidate to qemu 5.0. The existing TPM TIS code is reshuffled into a generic part, the ISA device and the sysbus device. The sysbus TPM-TIS device gets dynamically instantiated in machvirt on the platform bus. ACPI boot is not yet supported on ARM. Note that the UEFI firmware is itself a consumer of the DT description, so we need the DT related changes regardless of whether the VM boots in DT or ACPI mode. Related qtests are reshuffled to allow the reuse of existing tests for both the ISA and the sysbus devices: Adaption consists in changing the qemu command line (change in the device name and provide explicit machine options) and adapt to the relocation of the TPM-TIS device in the memory map. The series was tested with the swtpm/libtpms emulator. Automatic guest LUKS volume unlocking (tpm2) was successful. EDK2 support is under development [3]. Thanks to Ard for supporting me when setting up the test environment. Best Regards Eric Testing: mkdir /tmp/tpm swtpm socket \ --tpm2 \ -t -d \ --tpmstate dir=/tmp/tpm \ --ctrl type=unixio,path=/tmp/swtpm-sock qemu command line must be augmented with the following options: -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis-device,tpmdev=tpm0 \ References: [1] libtpms: https://github.com/stefanberger/libtpms/wiki [2] swtpm: https://github.com/stefanberger/swtpm/wiki [3] [PATCH v3 0/9] ArmVirtPkg: implement measured boot for ArmVirtQemu This series can be found at: https://github.com/eauger/qemu/tree/v4.2.0-tpm-patch-v4 History: v3 -> v4: - collect additional R-b's - add 'Not used but needed for linking' mention related to tpm_tis_base_addr in CRB test files - fix comment style RFCv2 -> PATCH v3: - Updated the doc for ARM - Adapted existing tests for ARM - use qemu_fdt_setprop_string in add_tpm_tis_fdt_node - Collected R-b's - Comments not taken into account: - I have kept the tpm-tis-device name for now despite Stefan's suggestion to rename it into tpm-tis-sysbus. This is not frozen though - Common state still is not a QOM object (no double inheritence) RFC v1 -> RFC v2: - restructure the existing code with common, ISA and sysbus part. - both ARM and x86 integration were tested. Eric Auger (10): tpm: rename TPM_TIS into TPM_TIS_ISA tpm: Use TPMState as a common struct tpm: Separate tpm_tis common functions from isa code tpm: Separate TPM_TIS and TPM_TIS_ISA configs tpm: Add the SysBus TPM TIS device hw/arm/virt: vTPM support docs/specs/tpm: Document TPM_TIS sysbus device for ARM test: tpm: pass optional machine options to swtpm test functions test: tpm-tis: Get prepared to share tests between ISA and sysbus devices test: tpm-tis: Add Sysbus TPM-TIS device test default-configs/i386-softmmu.mak | 2 +- docs/specs/tpm.rst | 25 +- hw/arm/Kconfig | 1 + hw/arm/sysbus-fdt.c | 33 ++ hw/arm/virt.c | 7 + hw/i386/Kconfig | 2 +- hw/i386/acpi-build.c | 6 +- hw/tpm/Kconfig | 12 +- hw/tpm/Makefile.objs | 4 +- hw/tpm/tpm_tis.h | 91 +++++ hw/tpm/{tpm_tis.c => tpm_tis_common.c} | 181 +--------- hw/tpm/tpm_tis_isa.c | 170 +++++++++ hw/tpm/tpm_tis_sysbus.c | 159 +++++++++ include/sysemu/tpm.h | 7 +- tests/qtest/Makefile.include | 11 +- tests/qtest/tpm-crb-swtpm-test.c | 9 +- tests/qtest/tpm-crb-test.c | 3 + tests/qtest/tpm-tests.c | 10 +- tests/qtest/tpm-tests.h | 5 +- tests/qtest/tpm-tis-device-swtpm-test.c | 76 ++++ tests/qtest/tpm-tis-device-test.c | 87 +++++ tests/qtest/tpm-tis-swtpm-test.c | 8 +- tests/qtest/tpm-tis-test.c | 414 +--------------------- tests/qtest/tpm-tis-util.c | 451 ++++++++++++++++++++++++ tests/qtest/tpm-tis-util.h | 23 ++ tests/qtest/tpm-util.c | 11 +- tests/qtest/tpm-util.h | 8 +- 27 files changed, 1207 insertions(+), 609 deletions(-) create mode 100644 hw/tpm/tpm_tis.h rename hw/tpm/{tpm_tis.c => tpm_tis_common.c} (85%) create mode 100644 hw/tpm/tpm_tis_isa.c create mode 100644 hw/tpm/tpm_tis_sysbus.c create mode 100644 tests/qtest/tpm-tis-device-swtpm-test.c create mode 100644 tests/qtest/tpm-tis-device-test.c create mode 100644 tests/qtest/tpm-tis-util.c create mode 100644 tests/qtest/tpm-tis-util.h