[SLOF] [PATCH 00/16] Add vTPM support to SLOF

Thomas Huth thuth at redhat.com
Fri Nov 13 20:34:54 AEDT 2015


On 28/09/15 17:52, Stefan Berger wrote:
> On 08/13/2015 08:22 PM, Stefan Berger wrote:
>> David Gibson <david at gibson.dropbear.id.au> wrote on 08/11/2015
>> 10:13:45 PM:
>>
>> > From: David Gibson <david at gibson.dropbear.id.au>
>> > To: Stefan Berger <stefanb at linux.vnet.ibm.com>
>> > Cc: slof at lists.ozlabs.org, nikunj at linux.vnet.ibm.com,
>> > aik at au1.ibm.com, pmac at au1.ibm.com, Tim Block/Rochester/IBM at IBMUS,
>> > Stefan Berger/Watson/IBM at IBMUS, Hon c Lo/Poughkeepsie/IBM at IBMUS,
>> > George Wilson/Austin/IBM at IBMUS, Dimitrios Pendarakis/Watson/
>> > IBM at IBMUS, Joy Latten/Austin/IBM at IBMUS
>> > Date: 08/11/2015 10:41 PM
>> > Subject: Re: [SLOF] [PATCH 00/16] Add vTPM support to SLOF
>> >
>> > On Mon, Aug 10, 2015 at 06:55:10AM -0400, Stefan Berger wrote:
>> > > The following series of patches adds TPM support to SLOF.
>> > > In particular it adds the following:
>> > >
>> > > - TPM drivers for hardware interface and CRQ interface
>> > > - TPM initialization
>> > > - TPM logging area and firmware API to transfer it to the OS
>> > >   (measurements are visible in sysfs)
>> > > - Some measurement code (Static Core Root Of Trust)
>> > > - TPM menu (accessible via 't' key during boot if TPM is available)
>> > > - Firmware API extensions following Power Firmware Doc
>> > >   (to make trusted grub work)
>> > >
>> > > Necessarily, some of its parts are written in Forth, many are written
>> > > in 'C'. The extensions are known to work with QEMU for ppc64
>> running Linux.
>> > >
>> > > Patches 4-6 will eventually need to be merged to avoid compiler
>> warnings
>> > > related to unused functions.
>> >
>> > So, your cover letter seems to be missing the single most important
>> > bit of information:  why is this useful?
>>
>> The firmware extensions are necessary for initializing the TPM,
>> establishing
>> a core root of trust for measurements, etc, which is required for
>> systems with
>> an attached TPM. The same is then true for systems with an attached vTPM.
>>
>> Otherwise having a vTPM attached to a VM provides the following benefits:
>>
>> - enablement of trusted boot; this allow us to eventually extend the
>> chain of trust from the hypervisor to the guests
>> - enablement of attestation so that one can verify what software is
>> running on a machine
>> - provides TPM functionality to VMs, which includes a standardized
>> mechanism to store keys and other blobs
>>   (Linux trusted keys, GNU TLS's TPM extensions)
> 
> FYI: The latest version of the patches are available here now:
> 
> https://github.com/stefanberger/SLOF-tpm/tree/SLOF-tpm

 Stefan,

could you maybe post a v2 with your latest changes and the fixes for the
issues that have been identified with the review of this series?

 Thanks,
  Thomas



More information about the SLOF mailing list