[SLOF] [PATCH 00/16] Add vTPM support to SLOF

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Nov 13 22:55:11 AEDT 2015

On 11/13/2015 04:34 AM, Thomas Huth wrote:
> On 28/09/15 17:52, Stefan Berger wrote:
>> On 08/13/2015 08:22 PM, Stefan Berger wrote:
>>> David Gibson <david at gibson.dropbear.id.au> wrote on 08/11/2015
>>> 10:13:45 PM:
>>>> From: David Gibson <david at gibson.dropbear.id.au>
>>>> To: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>>> Cc: slof at lists.ozlabs.org, nikunj at linux.vnet.ibm.com,
>>>> aik at au1.ibm.com, pmac at au1.ibm.com, Tim Block/Rochester/IBM at IBMUS,
>>>> Stefan Berger/Watson/IBM at IBMUS, Hon c Lo/Poughkeepsie/IBM at IBMUS,
>>>> George Wilson/Austin/IBM at IBMUS, Dimitrios Pendarakis/Watson/
>>>> IBM at IBMUS, Joy Latten/Austin/IBM at IBMUS
>>>> Date: 08/11/2015 10:41 PM
>>>> Subject: Re: [SLOF] [PATCH 00/16] Add vTPM support to SLOF
>>>> On Mon, Aug 10, 2015 at 06:55:10AM -0400, Stefan Berger wrote:
>>>>> The following series of patches adds TPM support to SLOF.
>>>>> In particular it adds the following:
>>>>> - TPM drivers for hardware interface and CRQ interface
>>>>> - TPM initialization
>>>>> - TPM logging area and firmware API to transfer it to the OS
>>>>>    (measurements are visible in sysfs)
>>>>> - Some measurement code (Static Core Root Of Trust)
>>>>> - TPM menu (accessible via 't' key during boot if TPM is available)
>>>>> - Firmware API extensions following Power Firmware Doc
>>>>>    (to make trusted grub work)
>>>>> Necessarily, some of its parts are written in Forth, many are written
>>>>> in 'C'. The extensions are known to work with QEMU for ppc64
>>> running Linux.
>>>>> Patches 4-6 will eventually need to be merged to avoid compiler
>>> warnings
>>>>> related to unused functions.
>>>> So, your cover letter seems to be missing the single most important
>>>> bit of information:  why is this useful?
>>> The firmware extensions are necessary for initializing the TPM,
>>> establishing
>>> a core root of trust for measurements, etc, which is required for
>>> systems with
>>> an attached TPM. The same is then true for systems with an attached vTPM.
>>> Otherwise having a vTPM attached to a VM provides the following benefits:
>>> - enablement of trusted boot; this allow us to eventually extend the
>>> chain of trust from the hypervisor to the guests
>>> - enablement of attestation so that one can verify what software is
>>> running on a machine
>>> - provides TPM functionality to VMs, which includes a standardized
>>> mechanism to store keys and other blobs
>>>    (Linux trusted keys, GNU TLS's TPM extensions)
>> FYI: The latest version of the patches are available here now:
>> https://github.com/stefanberger/SLOF-tpm/tree/SLOF-tpm
>   Stefan,
> could you maybe post a v2 with your latest changes and the fixes for the
> issues that have been identified with the review of this series?

Yes, I will post v2.


More information about the SLOF mailing list