| Message ID | 20200111012155.3350198-1-stefanb@linux.ibm.com |
|---|---|
| Headers | show
Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47vhsm1Mzsz9sP6 for <incoming@patchwork.ozlabs.org>; Sat, 11 Jan 2020 12:22:20 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47vhsl5dHKzDqkw for <incoming@patchwork.ozlabs.org>; Sat, 11 Jan 2020 12:22:19 +1100 (AEDT) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.ibm.com; receiver=<UNKNOWN>) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47vhsR4SKRzDqf6 for <slof@lists.ozlabs.org>; Sat, 11 Jan 2020 12:22:02 +1100 (AEDT) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00B1IA4G007681; Fri, 10 Jan 2020 20:21:59 -0500 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xedsu68qd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Jan 2020 20:21:59 -0500 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 00B1LTuf030449; Sat, 11 Jan 2020 01:21:58 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01dal.us.ibm.com with ESMTP id 2xajb7t4ur-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 11 Jan 2020 01:21:58 +0000 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00B1Lvp533030500 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 11 Jan 2020 01:21:57 GMT Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F79C6E04E; Sat, 11 Jan 2020 01:21:57 +0000 (GMT) Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E75BF6E04C; Sat, 11 Jan 2020 01:21:56 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP; Sat, 11 Jan 2020 01:21:56 +0000 (GMT) From: Stefan Berger <stefanb@linux.ibm.com> To: slof@lists.ozlabs.org, aik@ozlabs.ru Date: Fri, 10 Jan 2020 20:21:48 -0500 Message-Id: <20200111012155.3350198-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-10_04:2020-01-10, 2020-01-10 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=9 priorityscore=1501 lowpriorityscore=0 malwarescore=0 impostorscore=0 phishscore=0 bulkscore=0 adultscore=0 mlxscore=0 mlxlogscore=915 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001110008 Subject: [SLOF] [PATCH v5 0/7] Add vTPM 2.0 support to SLOF X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" <slof.lists.ozlabs.org> List-Unsubscribe: <https://lists.ozlabs.org/options/slof>, <mailto:slof-request@lists.ozlabs.org?subject=unsubscribe> List-Archive: <http://lists.ozlabs.org/pipermail/slof/> List-Post: <mailto:slof@lists.ozlabs.org> List-Help: <mailto:slof-request@lists.ozlabs.org?subject=help> List-Subscribe: <https://lists.ozlabs.org/listinfo/slof>, <mailto:slof-request@lists.ozlabs.org?subject=subscribe> Cc: kevin@koconnor.net, Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> |
| Series |
Add vTPM 2.0 support to SLOF
|
expand
|
The following series of patches adds TPM support to SLOF. In particular it adds the following: - TPM driver for hardware interface and CRQ interface - TPM 2.0 support; device initialization - TPM logging area and firmware API to transfer it to the OS - Some measurement code (Static Core Root Of Trust) - TPM menu (accessible via 't' key during boot if TPM is available) - Firmware API extensions following Power Firmware Doc Having a vTPM attached to a VM provides the following benefits: - enablement of trusted boot; this allow us to eventually extend the chain of trust from the hypervisor to the guests - enablement of attestation so that one can verify what software is running on a machine - provides TPM functionality to VMs, which includes a standardized mechanism to store keys and other blobs (Linux trusted keys, GNU TLS's TPM extensions) Regards, Stefan v4->v5: - Cut down code to only support TPM 2.0 v3->v4: - Added TPM 2.0 support v2->v3: - Addressed Thomas Huth's comments. - Rearranged patches and merged some patches. - Followed some of the changes made by K. O'Connor (SeaBIOS). v1->v2: - Addressed Nikunj's comments - Since last post in August I added 3 more patches to the end of the series and one in 13th place. Stefan Berger (7): slof: Implement SLOF_get_keystroke() and SLOF_reset() slof: Make linker script variables accessible qemu: Make print_version variable accessible tpm: Add TPM CRQ driver implementation tpm: Add sha1 implementation tcgbios: Add TPM 2.0 support and firmware API tcgbios: Implement menu to clear TPM 2 and activate its PCR banks board-qemu/Makefile | 2 +- board-qemu/include/version.h | 19 + board-qemu/slof/Makefile | 13 +- board-qemu/slof/OF.fs | 3 + board-qemu/slof/tree.fs | 3 + board-qemu/slof/vio-vtpm-cdriver.fs | 137 +++ board-qemu/slof/vtpm-sml.fs | 129 +++ include/helpers.h | 4 + lib/Makefile | 2 +- lib/libtpm/Makefile | 50 ++ lib/libtpm/Readme | 95 ++ lib/libtpm/sha1.c | 204 +++++ lib/libtpm/sha1.h | 20 + lib/libtpm/tcgbios.c | 1240 +++++++++++++++++++++++++++ lib/libtpm/tcgbios.h | 33 + lib/libtpm/tcgbios_int.h | 270 ++++++ lib/libtpm/tpm.code | 139 +++ lib/libtpm/tpm.in | 27 + lib/libtpm/tpm_drivers.c | 466 ++++++++++ lib/libtpm/tpm_drivers.h | 82 ++ slof/OF.h | 22 + slof/fs/packages/disk-label.fs | 10 +- slof/fs/start-up.fs | 16 + slof/helpers.c | 17 + 24 files changed, 2997 insertions(+), 6 deletions(-) create mode 100644 board-qemu/include/version.h create mode 100644 board-qemu/slof/vio-vtpm-cdriver.fs create mode 100644 board-qemu/slof/vtpm-sml.fs create mode 100644 lib/libtpm/Makefile create mode 100644 lib/libtpm/Readme create mode 100644 lib/libtpm/sha1.c create mode 100644 lib/libtpm/sha1.h create mode 100644 lib/libtpm/tcgbios.c create mode 100644 lib/libtpm/tcgbios.h create mode 100644 lib/libtpm/tcgbios_int.h create mode 100644 lib/libtpm/tpm.code create mode 100644 lib/libtpm/tpm.in create mode 100644 lib/libtpm/tpm_drivers.c create mode 100644 lib/libtpm/tpm_drivers.h create mode 100644 slof/OF.h