[SLOF] [PATCH v3 01/17] Add a TPM driver implementation
Stefan Berger
stefanb at us.ibm.com
Tue Dec 1 09:01:44 AEDT 2015
From: Stefan Berger <stefanb at linux.vnet.ibm.com>
This patch adds a TPM driver for the CRQ interface as used by
the QEMU PAPR implementation.
Also add a Readme that explains the benefits and installation procedure
for the vTPM.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
include/helpers.h | 1 +
lib/libtpm/Makefile | 50 +++++
lib/libtpm/Readme | 90 +++++++++
lib/libtpm/tpm_drivers.c | 474 +++++++++++++++++++++++++++++++++++++++++++++++
lib/libtpm/tpm_drivers.h | 87 +++++++++
slof/helpers.c | 6 +
6 files changed, 708 insertions(+)
create mode 100644 lib/libtpm/Makefile
create mode 100644 lib/libtpm/Readme
create mode 100644 lib/libtpm/tpm_drivers.c
create mode 100644 lib/libtpm/tpm_drivers.h
diff --git a/include/helpers.h b/include/helpers.h
index fb10534..9e6bdf8 100644
--- a/include/helpers.h
+++ b/include/helpers.h
@@ -33,6 +33,7 @@ extern long SLOF_pci_config_read16(long offset);
extern void SLOF_pci_config_write32(long offset, long value);
extern void SLOF_pci_config_write16(long offset, long value);
extern void *SLOF_translate_my_address(void *addr);
+extern unsigned long SLOF_get_vtpm_unit(void);
#define offset_of(type, member) ((long) &((type *)0)->member)
#define container_of(ptr, type, member) ({ \
diff --git a/lib/libtpm/Makefile b/lib/libtpm/Makefile
new file mode 100644
index 0000000..ff19e1c
--- /dev/null
+++ b/lib/libtpm/Makefile
@@ -0,0 +1,50 @@
+# *****************************************************************************
+# * Copyright (c) 2015 IBM Corporation
+# * All rights reserved.
+# * This program and the accompanying materials
+# * are made available under the terms of the BSD License
+# * which accompanies this distribution, and is available at
+# * http://www.opensource.org/licenses/bsd-license.php
+# *
+# * Contributors:
+# * IBM Corporation - initial implementation
+# ****************************************************************************/
+
+TOPCMNDIR ?= ../..
+
+CPPFLAGS = -I../libc/include $(CPUARCHDEF) -I$(INCLBRDDIR) \
+ -I$(INCLCMNDIR) -I$(INCLCMNDIR)/$(CPUARCH) -I$(SLOFCMNDIR)
+CPPFLAGS += -I../libhvcall
+
+LDFLAGS = -nostdlib
+
+TARGET = ../libtpm.a
+
+
+all: $(TARGET)
+
+SRCS = tpm_drivers.c
+
+OBJS = $(SRCS:%.c=%.o)
+
+$(TARGET): $(OBJS)
+ $(AR) -rc $@ $(OBJS)
+ $(RANLIB) $@
+
+clean:
+ $(RM) $(TARGET) $(OBJS)
+
+distclean: clean
+ $(RM) Makefile.dep
+
+
+# Rules for creating the dependency file:
+depend:
+ $(RM) Makefile.dep
+ $(MAKE) Makefile.dep
+
+Makefile.dep: Makefile
+ $(CC) -M $(CPPFLAGS) $(CFLAGS) $(SRCS) $(SRCSS) > Makefile.dep
+
+# Include dependency file if available:
+-include Makefile.dep
diff --git a/lib/libtpm/Readme b/lib/libtpm/Readme
new file mode 100644
index 0000000..f62b461
--- /dev/null
+++ b/lib/libtpm/Readme
@@ -0,0 +1,90 @@
+This directory hosts (v)TPM related code.
+
+Background:
+-----------
+
+A TPM is a crypto chip that is found in many systems. Besides it offering
+a secure key store, among other functionality, it is also used to implement
+'trusted boot'. This is realized by code in the firmware measuring parts of the
+firmware's code and data as well as system data, such as the boot block, and
+logging these measurements and storing (extending) them in the TPM's platform
+configuration register (PCR).
+
+The benefits of having a TPM (or vTPM) in a system are:
+
+- enablement of trusted boot; this allow us to eventually extend the chain
+ of trust from the hypervisor to the guests
+- enablement of attestation so that one can verify what software is
+ running on a machine (OpenPTS, OpenAttestation)
+- provides TPM functionality to VMs, which includes a standardized
+ mechanism to store keys and other blobs (Linux trusted keys,
+ GNU TLS's TPM extensions)
+
+
+QEMU/KVM + SLOF support:
+------------------------
+
+To enable a vTPM with QEMU, the following steps need to be followed
+
+- build libtpms (Fedora users can install it using 'yum install libtpms')
+
+ #> git clone https://github.com/stefanberger/libtpms
+ #> cd libtpms
+ #> ./bootstrap.sh
+
+ The following step may require to install dependencies
+
+ #> ./configure --prefix=/usr
+ #> make
+ #> make check
+ #> make install
+
+- build swtpm
+
+ #> git clone https://github.com/stefanberger/swtpm
+ #> cd swtpm
+ #> ./bootstrap.sh
+
+ The following step may require to install dependencies
+
+ #> ./configure --prefix=/usr
+ #> make
+ #> make check
+ #> make install
+
+- build QEMU with vTPM support:
+
+ #> git clone https://github.com/stefanberger/qemu-tpm
+ #> cd qemu-tpm
+
+ The following step may require to install dependencies
+
+ #> ./configure --prefix=/usr --enable-kvm --target-list="ppc64-softmmu"
+ #> make
+ #> make install
+
+To start a QEMU VM with an attached vTPM (CUSE TPM), run the following commands
+as 'root'. The following will setup the vTPM so that its state will be stored
+in /tmp. A unique directory for each VM instance with attached vTPM
+should be provided. Whenever QEMU is started, the swtpm_cuse has to be started
+before it. The './boot_rom.bin' represents SLOF with vTPM extensions built
+in.
+
+ #> modprobe cuse
+ #> swtpm_cuse --tpmstate dir=/tmp -n vtpm-test
+ #> qemu-system-ppc64 \
+ -enable-kvm \
+ -bios ./boot_rom.bin \
+ -boot menu=on \
+ -tpmdev cuse-tpm,id=tpm0,cancel-path=/dev/null,path=/dev/vtpm-test \
+ -device spapr-vtpm,id=tpm0,tpmdev=tpm0 \
+ -vnc 0.0.0.0:2 \
+ [...]
+ Add hard disk and other parameters as needed.
+
+Notes:
+ - The Linux kernel in the VM must have the tpm_ibmvtpm module available
+ or built-in.
+
+ - 'swtpm_ioctl -s /dev/vtpm-test' can be used to gracefully shut down the
+ vTPM that is listening for commands on /dev/vtpm-test.
diff --git a/lib/libtpm/tpm_drivers.c b/lib/libtpm/tpm_drivers.c
new file mode 100644
index 0000000..f3c28ef
--- /dev/null
+++ b/lib/libtpm/tpm_drivers.c
@@ -0,0 +1,474 @@
+/*****************************************************************************
+ * Copyright (c) 2015 IBM Corporation
+ * All rights reserved.
+ * This program and the accompanying materials
+ * are made available under the terms of the BSD License
+ * which accompanies this distribution, and is available at
+ * http://www.opensource.org/licenses/bsd-license.php
+ *
+ * Contributors:
+ * IBM Corporation - initial implementation
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdbool.h>
+
+#include "string.h"
+#include "helpers.h"
+#include "byteorder.h"
+#include "tpm_drivers.h"
+#include "libhvcall.h"
+#include "paflof.h"
+
+#undef PAPR_VTPM_DEBUG
+//#define PAPR_VTPM_DEBUG
+#ifdef PAPR_VTPM_DEBUG
+#define dprintf(_x ...) do { printf("VTPM CRQ: " _x); } while(0)
+#else
+#define dprintf(_x ...)
+#endif
+
+#define MIN(a, b) ((a) > (b) ? (b) : (a))
+
+/* layout of the command request queue for vTPM */
+struct crq {
+ uint8_t valid;
+ uint8_t msg;
+ uint16_t len;
+ uint32_t data;
+ uint64_t reserved;
+} __attribute__((packed));
+
+#define PAPR_VTPM_INIT_CRQ_COMMAND 0xC0
+#define PAPR_VTPM_VALID_COMMAND 0x80
+#define PAPR_VTPM_MSG_RESULT 0x80
+
+/* crq.msg request types when crq.valid = PAPR_VTPM_INIT_CRQ_COMMAND */
+#define PAPR_VTPM_INIT_CRQ_RESULT 0x1
+
+/* crq.msg request types when crq.valid = PAPR_VTPM_VALID_COMMAND */
+#define PAPR_VTPM_GET_VERSION 0x1
+#define PAPR_VTPM_TPM_COMMAND 0x2
+#define PAPR_VTPM_GET_RTCE_BUFFER_SIZE 0x3
+
+static const uint32_t tpm_default_durations[TPM_NUM_DURATIONS] = {
+ TPM_DEFAULT_DURATION_SHORT,
+ TPM_DEFAULT_DURATION_MEDIUM,
+ TPM_DEFAULT_DURATION_LONG,
+};
+
+#define QUEUE_SIZE 4096
+
+/* state of the PAPR CRQ VTPM driver */
+static struct spapr_vtpm_driver_state {
+ /* whether it driver been initialized */
+ bool initialized;
+
+ /* durations of short, medium, & long commands */
+ uint32_t durations[TPM_NUM_DURATIONS];
+
+ /* unit number */
+ unsigned long unit;
+
+ /* CRQ queue address and size */
+ unsigned char *qaddr;
+ unsigned long qsize;
+
+ /* current q_entry */
+ unsigned int curr_q_entry;
+
+ /* current response CRQ */
+ struct crq *response;
+
+ /* power firmware defined state and error code */
+ vtpm_drv_state driver_state;
+ vtpm_drv_error driver_error;
+
+ /* size of buffer supported by hypervisor */
+ unsigned int buffer_size;
+
+ /* version of the TPM we talk to -- from CRQ message */
+ uint32_t tpm_version;
+} spapr_vtpm = {
+ .qsize = QUEUE_SIZE,
+ .driver_state = VTPM_DRV_STATE_INVALID,
+ .driver_error = VTPM_DRV_ERROR_NO_FAILURE,
+};
+
+static void vtpm_drv_state_set(vtpm_drv_state s, vtpm_drv_error e)
+{
+ spapr_vtpm.driver_state = s;
+ spapr_vtpm.driver_error = e;
+}
+
+static vtpm_drv_state vtpm_drv_state_get(void)
+{
+ return spapr_vtpm.driver_state;
+}
+
+static vtpm_drv_error vtpm_drv_error_get(void)
+{
+ return spapr_vtpm.driver_error;
+}
+
+void spapr_vtpm_set_durations(const uint32_t durations[TPM_NUM_DURATIONS])
+{
+ memcpy(spapr_vtpm.durations, durations,
+ TPM_NUM_DURATIONS * sizeof(durations[0]));
+}
+
+static struct crq* get_crq(void *qaddr, unsigned long q_entry)
+{
+ return &((struct crq *)qaddr)[q_entry];
+}
+
+/*
+ * Get the crq where the response will be found. This
+ * function will clear the CRQ's valid field and advance
+ * the entry counter to the next entry.
+ */
+static struct crq *get_response_crq(void)
+{
+ struct crq *crq;
+
+ dprintf("curr_q_entry = %d\n", spapr_vtpm.curr_q_entry);
+
+ crq = get_crq(spapr_vtpm.qaddr, spapr_vtpm.curr_q_entry);
+ memset(crq, 0, sizeof(*crq));
+
+ spapr_vtpm.curr_q_entry += 1;
+ if (spapr_vtpm.curr_q_entry == (spapr_vtpm.qsize / sizeof(struct crq)))
+ spapr_vtpm.curr_q_entry = 0;
+
+ return crq;
+}
+
+/*
+ * Send a message via CRQ and wait for the response
+ */
+static bool spapr_send_crq_and_wait(unsigned long unit,
+ struct crq *crq,
+ struct crq **response,
+ unsigned timeout,
+ vtpm_drv_state state1,
+ vtpm_drv_state state2)
+{
+ long rc;
+ unsigned i;
+
+ *response = get_response_crq();
+
+ vtpm_drv_state_set(state1, VTPM_DRV_ERROR_NO_FAILURE);
+
+ rc = hv_send_crq(unit, (uint64_t *)crq);
+ if (rc != H_SUCCESS) {
+ vtpm_drv_state_set(VTPM_DRV_STATE_WAIT_INIT,
+ VTPM_DRV_ERROR_TPM_CRQ_ERROR);
+ return false;
+ }
+
+ vtpm_drv_state_set(state2, VTPM_DRV_ERROR_NO_FAILURE);
+
+ for (i = 0; i < timeout; i += 1000) {
+ if (((*response)->valid & PAPR_VTPM_MSG_RESULT))
+ return true;
+ SLOF_usleep(1000);
+ }
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_FAILURE,
+ VTPM_DRV_ERROR_WAIT_TIMEOUT);
+
+ dprintf("Received no response from CRQ\n");
+ return false;
+}
+
+/*
+ * Get parameters from the CRQ
+ */
+static bool spapr_vtpm_get_params(void)
+{
+ struct crq crq, *response;
+ static bool completed = false; /* only once */
+
+ if (completed)
+ return true;
+
+ /* get the TPM version */
+ crq.valid = PAPR_VTPM_VALID_COMMAND;
+ crq.msg = PAPR_VTPM_GET_VERSION;
+
+ if (!spapr_send_crq_and_wait(spapr_vtpm.unit, &crq, &response, 10,
+ VTPM_DRV_STATE_SEND_GET_VERSION,
+ VTPM_DRV_STATE_WAIT_VERSION)) {
+ dprintf("Failure getting TPM version from CRQ\n");
+ return false;
+ }
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_CHECK_VERSION,
+ VTPM_DRV_ERROR_NO_FAILURE);
+
+ spapr_vtpm.tpm_version = be32_to_cpu(response->data);
+ dprintf("TPM backend version: %d\n", spapr_vtpm.tpm_version);
+
+ /* get the TPM's buffer size */
+ crq.valid = PAPR_VTPM_VALID_COMMAND;
+ crq.msg = PAPR_VTPM_GET_RTCE_BUFFER_SIZE;
+
+ if (!spapr_send_crq_and_wait(spapr_vtpm.unit, &crq, &response, 10,
+ VTPM_DRV_STATE_SEND_BUFSIZE_REQ,
+ VTPM_DRV_STATE_WAIT_BUFSIZE)) {
+ dprintf("Failure getting RTCE buffer size from CRQ\n");
+ return false;
+ }
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_ALLOC_RTCE_BUF,
+ VTPM_DRV_ERROR_NO_FAILURE);
+
+ dprintf("RTCE buffer size: %u\n", be16_to_cpu(response->len));
+ spapr_vtpm.buffer_size = response->len;
+ if (spapr_vtpm.buffer_size < 1024) {
+ dprintf("RTCE buffer size of %u bytes is too small. "
+ "Minimum is 1024 bytes.\n", spapr_vtpm.buffer_size);
+ vtpm_drv_state_set(VTPM_DRV_STATE_FAILURE,
+ VTPM_DRV_ERROR_BAD_RTCE_SIZE);
+ return false;
+ }
+
+ completed = true;
+
+ return true;
+}
+
+static bool spapr_vtpm_activate(void)
+{
+ long rc;
+ struct crq crq, *response;
+
+ if (vtpm_drv_error_get() != VTPM_DRV_ERROR_NO_FAILURE) {
+ printf("VTPM CRQ: In failure mode\n");
+ return false;
+ }
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_REG_CRQ,
+ VTPM_DRV_ERROR_NO_FAILURE);
+
+ rc = hv_reg_crq(spapr_vtpm.unit, (unsigned long)spapr_vtpm.qaddr,
+ spapr_vtpm.qsize);
+ if (rc != H_SUCCESS) {
+ vtpm_drv_state_set(VTPM_DRV_STATE_WAIT_INIT,
+ VTPM_DRV_ERROR_UNEXPECTED_REG_ERROR);
+ dprintf("CRQ registration failed\n");
+ return false;
+ }
+
+ /* we always start with curr_q_entry 0 */
+ spapr_vtpm.curr_q_entry = 0;
+
+ if (!spapr_vtpm.initialized) {
+
+ crq.valid = PAPR_VTPM_INIT_CRQ_COMMAND;
+ crq.msg = PAPR_VTPM_INIT_CRQ_RESULT;
+
+ if (!spapr_send_crq_and_wait(spapr_vtpm.unit,
+ &crq,
+ &response,
+ 10,
+ VTPM_DRV_STATE_SEND_INIT,
+ VTPM_DRV_STATE_WAIT_INIT_COMP)) {
+ dprintf("Initializing CRQ failed\n");
+ goto err_exit;
+ }
+ dprintf("Successfully initialized CRQ\n");
+
+ spapr_vtpm.initialized = true;
+ }
+
+ if (spapr_vtpm_get_params())
+ return true;
+
+err_exit:
+ hv_free_crq(spapr_vtpm.unit);
+ spapr_vtpm.unit = 0;
+
+ return false;
+}
+
+static bool spapr_vtpm_init(void)
+{
+ spapr_vtpm_set_durations(tpm_default_durations);
+
+ return true;
+}
+
+void spapr_vtpm_finalize(void)
+{
+ if (spapr_vtpm.unit)
+ hv_free_crq(spapr_vtpm.unit);
+}
+
+/*
+ * Check whether we have a CRQ underneath us; if we do, the CRQ will
+ * be left open.
+ */
+static bool spapr_vtpm_probe(void)
+{
+ spapr_vtpm_init();
+
+ if (!spapr_vtpm.qaddr) {
+ spapr_vtpm.qaddr = SLOF_alloc_mem(spapr_vtpm.qsize);
+ if (!spapr_vtpm.qaddr) {
+ printf("spapr-vtpm: Unable to allocate memory\n");
+ return false;
+ }
+ memset(spapr_vtpm.qaddr, 0, spapr_vtpm.qsize);
+
+ dprintf("getting FORTH vtpm-unit\n");
+ spapr_vtpm.unit = SLOF_get_vtpm_unit();
+ if (!spapr_vtpm.unit) {
+ printf("spapr-vtpm: Could not get valid vtpm-unit\n");
+ return false;
+ }
+ }
+
+ dprintf("vtpm_unit = %lx, buffer = %p\n",
+ spapr_vtpm.unit, spapr_vtpm.qaddr);
+
+ if (!spapr_vtpm_activate())
+ return false;
+
+ return true;
+}
+
+static bool spapr_vtpm_senddata(const uint8_t *const data, uint32_t len)
+{
+ struct crq crq;
+ long rc;
+
+ if (vtpm_drv_error_get() != VTPM_DRV_ERROR_NO_FAILURE) {
+ printf("VTPM CRQ: In failure mode\n");
+ return false;
+ }
+
+ if (len > spapr_vtpm.buffer_size) {
+ dprintf("VTPM CRQ: Send buffer too large: %u > %u\n",
+ len, spapr_vtpm.buffer_size);
+ return false;
+ }
+
+ spapr_vtpm.response = get_response_crq();
+ /* response CRQ has been set and valid field cleared */
+
+ crq.valid = PAPR_VTPM_VALID_COMMAND;
+ crq.msg = PAPR_VTPM_TPM_COMMAND;
+ crq.len = cpu_to_be16(len);
+ crq.data = cpu_to_be32((uint64_t)data);
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_SEND_TPM_CMD,
+ VTPM_DRV_ERROR_NO_FAILURE);
+
+ rc = hv_send_crq(spapr_vtpm.unit, (uint64_t *)&crq);
+
+ if (rc == H_SUCCESS) {
+ vtpm_drv_state_set(VTPM_DRV_STATE_WAIT_TPM_RSP,
+ VTPM_DRV_ERROR_NO_FAILURE);
+ } else {
+ vtpm_drv_state_set(VTPM_DRV_STATE_WAIT_INIT,
+ VTPM_DRV_ERROR_UNEXPECTED_SEND_ERROR);
+ }
+
+ return (rc == H_SUCCESS);
+}
+
+static bool spapr_vtpm_waitresponseready(enum tpm_duration_type to_t)
+{
+ uint32_t timeout = spapr_vtpm.durations[to_t];
+ int i;
+
+ if (vtpm_drv_error_get() != VTPM_DRV_ERROR_NO_FAILURE) {
+ printf("VTPM CRQ: In failure mode\n");
+ return false;
+ }
+
+ /* response CRQ has been set */
+
+ for (i = 0; i < timeout; i += 1000) {
+ if (spapr_vtpm.response->valid & PAPR_VTPM_MSG_RESULT) {
+ /* TPM responded: move to Send tpm-cmd state */
+ vtpm_drv_state_set(VTPM_DRV_STATE_SEND_TPM_CMD,
+ VTPM_DRV_ERROR_NO_FAILURE);
+ dprintf("Received response to TPM command\n");
+ return true;
+ }
+ SLOF_usleep(1000);
+ }
+
+ vtpm_drv_state_set(VTPM_DRV_STATE_FAILURE,
+ VTPM_DRV_ERROR_WAIT_TIMEOUT);
+
+ dprintf("Received NO response to TPM command");
+
+ return false;
+}
+
+static bool spapr_vtpm_readresponse(uint8_t *buffer, uint32_t *len)
+{
+ if (vtpm_drv_error_get() != VTPM_DRV_ERROR_NO_FAILURE) {
+ printf("VTPM CRQ: In failure mode\n");
+ return false;
+ }
+
+ /* response CRQ has been set */
+ *len = MIN(*len, be32_to_cpu(spapr_vtpm.response->len));
+
+ memcpy(buffer, (void *)(uint64_t)spapr_vtpm.response->data, *len);
+
+ dprintf("Length of copied response: %d\n", *len);
+
+ spapr_vtpm.response = NULL;
+
+ return true;
+}
+
+uint32_t spapr_vtpm_get_buffersize(void)
+{
+ return spapr_vtpm.buffer_size;
+}
+
+vtpm_drv_state spapr_vtpm_get_state(void)
+{
+ return vtpm_drv_state_get();
+}
+
+vtpm_drv_error spapr_vtpm_get_error(void)
+{
+ return vtpm_drv_error_get();
+}
+
+/**** higher layer interface ****/
+
+bool spapr_is_vtpm_present(void)
+{
+ bool rc = false;
+
+ if (spapr_vtpm_probe()) {
+ spapr_vtpm_init();
+ rc = true;
+ }
+
+ return rc;
+}
+
+bool spapr_vtpm_transmit(const uint8_t *request, uint32_t requestlen,
+ enum tpm_duration_type to_t,
+ uint8_t *respbuffer, uint32_t *respbufferlen)
+{
+ bool rc = true;
+
+ if (!spapr_vtpm_senddata(request, requestlen) ||
+ !spapr_vtpm_waitresponseready(to_t) ||
+ !spapr_vtpm_readresponse(respbuffer, respbufferlen))
+ rc = false;
+
+ return rc;
+}
diff --git a/lib/libtpm/tpm_drivers.h b/lib/libtpm/tpm_drivers.h
new file mode 100644
index 0000000..22ef41c
--- /dev/null
+++ b/lib/libtpm/tpm_drivers.h
@@ -0,0 +1,87 @@
+/*****************************************************************************
+ * Copyright (c) 2015 IBM Corporation
+ * All rights reserved.
+ * This program and the accompanying materials
+ * are made available under the terms of the BSD License
+ * which accompanies this distribution, and is available at
+ * http://www.opensource.org/licenses/bsd-license.php
+ *
+ * Contributors:
+ * IBM Corporation - initial implementation
+ *****************************************************************************/
+
+#ifndef TPM_DRIVERS_H
+#define TPM_DRIVERS_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <unistd.h>
+
+enum tpm_duration_type {
+ TPM_DURATION_TYPE_SHORT = 0,
+ TPM_DURATION_TYPE_MEDIUM,
+ TPM_DURATION_TYPE_LONG,
+};
+
+#define TPM_NUM_DURATIONS 3
+
+/* durations in microseconds per TPM spec. */
+#define TPM_DEFAULT_DURATION_SHORT 2000000 /* us */
+#define TPM_DEFAULT_DURATION_MEDIUM 20000000 /* us */
+#define TPM_DEFAULT_DURATION_LONG 60000000 /* us */
+
+#define PAPR_DRIVER_IDX 0
+#define TPM_NUM_DRIVERS 1
+
+/* firmware driver states */
+typedef enum {
+ VTPM_DRV_STATE_INVALID = 0,
+ VTPM_DRV_STATE_INIT_CALLED = 1,
+ VTPM_DRV_STATE_REG_CRQ = 2,
+ VTPM_DRV_STATE_WAIT_INIT = 3,
+ VTPM_DRV_STATE_SEND_INIT = 4,
+ VTPM_DRV_STATE_FAILURE = 5,
+ VTPM_DRV_STATE_WAIT_INIT_COMP = 6,
+ VTPM_DRV_STATE_SEND_INIT_COMP = 7,
+ VTPM_DRV_STATE_SEND_GET_VERSION = 8,
+ VTPM_DRV_STATE_WAIT_VERSION = 9,
+ VTPM_DRV_STATE_CHECK_VERSION = 10,
+ VTPM_DRV_STATE_SEND_BUFSIZE_REQ = 11,
+ VTPM_DRV_STATE_WAIT_BUFSIZE = 12,
+ VTPM_DRV_STATE_ALLOC_RTCE_BUF = 13,
+ VTPM_DRV_STATE_SEND_TPM_CMD = 14,
+ VTPM_DRV_STATE_WAIT_TPM_RSP = 15,
+} vtpm_drv_state;
+
+/* firmware driver errors */
+typedef enum {
+ VTPM_DRV_ERROR_NO_FAILURE = -1,
+ VTPM_DRV_ERROR_NOT_FOUND_TIMEOUT = 0,
+ VTPM_DRV_ERROR_UNEXPECTED_REG_ERROR = 1,
+ VTPM_DRV_ERROR_PARTNER_FAILED = 2,
+ VTPM_DRV_ERROR_UNEXPECTED_TSP_ERROR = 3,
+ VTPM_DRV_ERROR_TPM_PROTOCOL_ERROR = 4,
+ VTPM_DRV_ERROR_WAIT_TIMEOUT = 5,
+ VTPM_DRV_ERROR_UNEXPECTED_SEND_ERROR = 6,
+ VTPM_DRV_ERROR_CRQ_OPEN_FAIL = 7,
+ VTPM_DRV_ERROR_BAD_STATE = 8,
+ VTPM_DRV_ERROR_TPM_FAIL = 9,
+ VTPM_DRV_ERROR_TPM_CRQ_ERROR = 10,
+ VTPM_DRV_ERROR_BAD_VERSION = 11,
+ VTPM_DRV_ERROR_BAD_RTCE_SIZE = 12,
+ VTPM_DRV_ERROR_SML_FAILURE = 13,
+ VTPM_DRV_ERROR_SML_HANDED_OVER = 14,
+} vtpm_drv_error;
+
+/* exported functions */
+bool spapr_is_vtpm_present(void);
+void spapr_vtpm_finalize(void);
+bool spapr_vtpm_transmit(const uint8_t *request, uint32_t requestlen,
+ enum tpm_duration_type to_t,
+ uint8_t *respbuffer, uint32_t *respbufferlen);
+void spapr_vtpm_set_durations(const uint32_t durations[TPM_NUM_DURATIONS]);
+uint32_t spapr_vtpm_get_buffersize(void);
+vtpm_drv_state spapr_vtpm_get_state(void);
+vtpm_drv_error spapr_vtpm_get_error(void);
+
+#endif /* TPM_DRIVERS_H */
diff --git a/slof/helpers.c b/slof/helpers.c
index d7c1888..dc7f08c 100644
--- a/slof/helpers.c
+++ b/slof/helpers.c
@@ -134,3 +134,9 @@ void *SLOF_translate_my_address(void *addr)
forth_eval("translate-my-address");
return (void *)forth_pop();
}
+
+unsigned long SLOF_get_vtpm_unit(void)
+{
+ forth_eval("vtpm-unit");
+ return forth_pop();
+}
--
2.4.3
More information about the SLOF
mailing list