[SLOF] [PATCH v2 00/20] Add vTPM support to SLOF
Stefan Berger
stefanb at us.ibm.com
Wed Nov 18 04:02:16 AEDT 2015
The following series of patches adds TPM support to SLOF.
In particular it adds the following:
- TPM drivers for hardware interface and CRQ interface
- TPM initialization
- TPM logging area and firmware API to transfer it to the OS
(measurements are visible in sysfs)
- Some measurement code (Static Core Root Of Trust)
- TPM menu (accessible via 't' key during boot if TPM is available)
- Firmware API extensions following Power Firmware Doc
(to make trusted grub work)
Having a vTPM attached to a VM provides the following benefits:
- enablement of trusted boot; this allow us to eventually extend the chain
of trust from the hypervisor to the guests
- enablement of attestation so that one can verify what software is
running on a machine
- provides TPM functionality to VMs, which includes a standardized
mechanism to store keys and other blobs
(Linux trusted keys, GNU TLS's TPM extensions)
Necessarily, some of its parts are written in Forth, many are written
in 'C'. The extensions are known to work with QEMU for ppc64 running Linux.
Patches 4-6 will eventually need to be merged to avoid compiler warnings
related to unused functions.
v1->v2:
- Addressed Nikunj's comments
- Since last post in August I added 3 more patches to the end of the series
and one in 13th place.
Stefan Berger (20):
Add a TPM driver implementation
Add TPM initialization support
Add sha1 implementation
Add initial support for logging
Extend internal firmware API
Return value of actual log in sml-get-handover-size
Perform some initial measurements
Add support for controlling the states of the TPM
Add support for a TPM menu to control the state of the TPM
Implement measurements of the master boot record
Measure the static core root of trust for measurements
Add TPM firmware API calls hash-all, log-event, hash-log-extend-event
Add sml related nodes to vdevice/vtpm node
Add TPM firmware API call get-maximum-cmd-size
Add TPM firmware API call pass-through-to-tpm
Add TPM firmware API call get-state
Add TPM firmware API call get-failure-reason
Add TPM firmware API call reformat-sml-to-efi-alignment
Set the driver in pseudo failure state after handover
make last entry in log appear
board-js2x/slof/OF.fs | 2 +
board-qemu/Makefile | 2 +-
board-qemu/slof/Makefile | 10 +-
board-qemu/slof/OF.fs | 7 +
board-qemu/slof/tree.fs | 3 +
board-qemu/slof/vio-vtpm-cdriver.fs | 179 ++++
board-qemu/slof/vtpm-sml.fs | 121 +++
include/helpers.h | 1 +
lib/Makefile | 2 +-
lib/libtpm/Makefile | 51 ++
lib/libtpm/sha1.c | 197 +++++
lib/libtpm/sha1.h | 20 +
lib/libtpm/tcgbios.c | 1626 +++++++++++++++++++++++++++++++++++
lib/libtpm/tcgbios.h | 59 ++
lib/libtpm/tcgbios_int.h | 224 +++++
lib/libtpm/tpm.code | 217 +++++
lib/libtpm/tpm.in | 34 +
lib/libtpm/tpm_drivers.c | 501 +++++++++++
lib/libtpm/tpm_drivers.h | 98 +++
slof/fs/packages/disk-label.fs | 6 +-
slof/fs/start-up.fs | 10 +
slof/fs/tpm/tpm-static.fs | 355 ++++++++
slof/helpers.c | 6 +
23 files changed, 3725 insertions(+), 6 deletions(-)
create mode 100644 board-qemu/slof/vio-vtpm-cdriver.fs
create mode 100644 board-qemu/slof/vtpm-sml.fs
create mode 100644 lib/libtpm/Makefile
create mode 100644 lib/libtpm/sha1.c
create mode 100644 lib/libtpm/sha1.h
create mode 100644 lib/libtpm/tcgbios.c
create mode 100644 lib/libtpm/tcgbios.h
create mode 100644 lib/libtpm/tcgbios_int.h
create mode 100644 lib/libtpm/tpm.code
create mode 100644 lib/libtpm/tpm.in
create mode 100644 lib/libtpm/tpm_drivers.c
create mode 100644 lib/libtpm/tpm_drivers.h
create mode 100644 slof/fs/tpm/tpm-static.fs
--
2.4.3
More information about the SLOF
mailing list