diff options
| author | Amarnath Valluri | 2017-09-29 13:10:20 +0200 |
|---|---|---|
| committer | Stefan Berger | 2017-10-13 13:34:33 +0200 |
| commit | f4ede81eed29e6140374177d1f2808248c5b5650 (patch) | |
| tree | e4d15d8decf07865b35c0ad01e64ef152bcf853f /configure | |
| parent | tpm-passthrough: move reusable code to utils (diff) | |
| download | qemu-f4ede81eed29e6140374177d1f2808248c5b5650.tar.gz qemu-f4ede81eed29e6140374177d1f2808248c5b5650.tar.xz qemu-f4ede81eed29e6140374177d1f2808248c5b5650.zip | |
tpm: Added support for TPM emulator
This change introduces a new TPM backend driver that can communicate with
swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
the TPM emulator using QEMU's socket-based chardev backend device.
Swtpm uses two Unix sockets for communications, one for plain TPM commands and
responses, and one for out-of-band control messages. QEMU passes the data
socket to be used over the control channel.
The swtpm and associated tools can be found here:
https://github.com/stefanberger/swtpm
The swtpm's control channel protocol specification can be found here:
https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification
Usage:
# setup TPM state directory
mkdir /tmp/mytpm
chown -R tss:root /tmp/mytpm
/usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
# Ask qemu to use TPM emulator with given tpm state directory
qemu-system-x86_64 \
[...] \
-chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
[...]
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -3495,6 +3495,12 @@ else tpm_passthrough=no fi +# TPM emulator is for all posix systems +if test "$mingw32" != "yes"; then + tpm_emulator=$tpm +else + tpm_emulator=no +fi ########################################## # attr probe @@ -5412,6 +5418,7 @@ echo "gcov enabled $gcov" echo "TPM support $tpm" echo "libssh2 support $libssh2" echo "TPM passthrough $tpm_passthrough" +echo "TPM emulator $tpm_emulator" echo "QOM debugging $qom_cast_debug" echo "Live block migration $live_block_migration" echo "lzo support $lzo" @@ -6011,12 +6018,16 @@ if test "$live_block_migration" = "yes" ; then echo "CONFIG_LIVE_BLOCK_MIGRATION=y" >> $config_host_mak fi -# TPM passthrough support? if test "$tpm" = "yes"; then echo 'CONFIG_TPM=$(CONFIG_SOFTMMU)' >> $config_host_mak + # TPM passthrough support? if test "$tpm_passthrough" = "yes"; then echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak fi + # TPM emulator support? + if test "$tpm_emulator" = "yes"; then + echo "CONFIG_TPM_EMULATOR=y" >> $config_host_mak + fi fi echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak |