[SLOF] [PATCH v7 0/8] Add vTPM 2.0 support to SLOF
Stefan Berger
stefanb at linux.ibm.com
Wed Jan 22 07:01:39 AEDT 2020
The following series of patches adds TPM support to SLOF.
In particular it adds the following:
- TPM driver for CRQ interface
- TPM 2.0 support; device initialization
- TPM logging area and firmware API to transfer it to the OS
- Some measurement code (Static Core Root Of Trust)
- TPM menu (accessible via 't' key during boot if TPM is available)
- Firmware API extensions following Power Firmware Doc
Having a vTPM attached to a VM provides the following benefits:
- enablement of trusted boot; this allow us to eventually extend the chain
of trust from the hypervisor to the guests
- enablement of attestation so that one can verify what software is
running on a machine
- provides TPM functionality to VMs, which includes a standardized
mechanism to store keys and other blobs
(Linux trusted keys, GNU TLS's TPM extensions)
Regards,
Stefan
v6->v7:
- addressed reviewers' concerns
- cleaned up FORTH code
- Appended GPT partition measurement patch
v5->v6:
- using ?dup where possible
- upgraded to sha256
v4->v5:
- Cut down code to only support TPM 2.0
v3->v4:
- Added TPM 2.0 support
v2->v3:
- Addressed Thomas Huth's comments.
- Rearranged patches and merged some patches.
- Followed some of the changes made by K. O'Connor (SeaBIOS).
v1->v2:
- Addressed Nikunj's comments
- Since last post in August I added 3 more patches to the end of the series
and one in 13th place.
Stefan Berger (8):
slof: Implement SLOF_get_keystroke() and SLOF_reset()
slof: Make linker script variables accessible
qemu: Make print_version variable accessible
tpm: Add TPM CRQ driver implementation
tpm: Add sha256 implementation
tcgbios: Add TPM 2.0 support and firmware API
tcgbios: Implement menu to clear TPM 2 and activate its PCR banks
tcgbios: Measure the GPT table
board-qemu/Makefile | 2 +-
board-qemu/include/version.h | 19 +
board-qemu/slof/Makefile | 13 +-
board-qemu/slof/OF.fs | 3 +
board-qemu/slof/tree.fs | 3 +
board-qemu/slof/vio-vtpm-cdriver.fs | 105 +++
board-qemu/slof/vtpm-sml.fs | 82 ++
include/helpers.h | 4 +
lib/Makefile | 2 +-
lib/libtpm/Makefile | 50 +
lib/libtpm/Readme | 57 ++
lib/libtpm/sha256.c | 214 +++++
lib/libtpm/sha256.h | 20 +
lib/libtpm/tcgbios.c | 1361 +++++++++++++++++++++++++++
lib/libtpm/tcgbios.h | 36 +
lib/libtpm/tcgbios_int.h | 311 ++++++
lib/libtpm/tpm.code | 171 ++++
lib/libtpm/tpm.in | 30 +
lib/libtpm/tpm_drivers.c | 437 +++++++++
lib/libtpm/tpm_drivers.h | 82 ++
slof/OF.h | 20 +
slof/fs/packages/disk-label.fs | 31 +
slof/fs/start-up.fs | 12 +
slof/helpers.c | 17 +
24 files changed, 3077 insertions(+), 5 deletions(-)
create mode 100644 board-qemu/include/version.h
create mode 100644 board-qemu/slof/vio-vtpm-cdriver.fs
create mode 100644 board-qemu/slof/vtpm-sml.fs
create mode 100644 lib/libtpm/Makefile
create mode 100644 lib/libtpm/Readme
create mode 100644 lib/libtpm/sha256.c
create mode 100644 lib/libtpm/sha256.h
create mode 100644 lib/libtpm/tcgbios.c
create mode 100644 lib/libtpm/tcgbios.h
create mode 100644 lib/libtpm/tcgbios_int.h
create mode 100644 lib/libtpm/tpm.code
create mode 100644 lib/libtpm/tpm.in
create mode 100644 lib/libtpm/tpm_drivers.c
create mode 100644 lib/libtpm/tpm_drivers.h
create mode 100644 slof/OF.h
--
2.24.1
More information about the SLOF
mailing list