[SLOF] [PATCH v2 00/20] Add vTPM support to SLOF
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Nov 20 04:58:57 AEDT 2015
On 11/19/2015 05:05 AM, Thomas Huth wrote:
> On 17/11/15 18:02, Stefan Berger wrote:
>> The following series of patches adds TPM support to SLOF.
>> In particular it adds the following:
>>
>> - TPM drivers for hardware interface and CRQ interface
>> - TPM initialization
>> - TPM logging area and firmware API to transfer it to the OS
>> (measurements are visible in sysfs)
>> - Some measurement code (Static Core Root Of Trust)
>> - TPM menu (accessible via 't' key during boot if TPM is available)
>> - Firmware API extensions following Power Firmware Doc
>> (to make trusted grub work)
>>
>>
>> Having a vTPM attached to a VM provides the following benefits:
>>
>> - enablement of trusted boot; this allow us to eventually extend the chain
>> of trust from the hypervisor to the guests
>> - enablement of attestation so that one can verify what software is
>> running on a machine
>> - provides TPM functionality to VMs, which includes a standardized
>> mechanism to store keys and other blobs
>> (Linux trusted keys, GNU TLS's TPM extensions)
> How do I get a vTPM connected to my virtual machine? This needs support
> in QEMU, I assume? A pointer to the patches or a git repo would be helpful.
Yes, it needs support in QEMU and the patches for it need to be reviewed
and accepted as well. Patches for it include extension of the TPM
passthrough driver with a CUSE TPM driver and the PAPR vTPM interface:
http://lists.nongnu.org/archive/html/qemu-devel/2015-06/msg02163.html
http://lists.nongnu.org/archive/html/qemu-devel/2015-06/msg04002.html
The TPM emulator can be found here:
https://github.com/stefanberger/swtpm
Regards,
Stefan
More information about the SLOF
mailing list