summaryrefslogtreecommitdiffstats
path: root/docs/specs/tpm.txt
Commit message (Collapse)AuthorAgeFilesLines
* acpi: add ACPI memory clear interfaceMarc-André Lureau2019-01-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | The interface is described in the "TCG Platform Reset Attack Mitigation Specification", chapter 6 "ACPI _DSM Function". According to Laszlo, it's not so easy to implement in OVMF, he suggested to do it in qemu instead. See specification documentation for more details, and next commit for memory clear on reset handling. The underlying TCG specification is accessible from the following page. https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-specification-version-1-0/ This patch implements version 1.0. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* acpi: build TPM Physical Presence interfaceStefan Berger2019-01-181-0/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The TPM Physical Presence interface consists of an ACPI part, a shared memory part, and code in the firmware. Users can send messages to the firmware by writing a code into the shared memory through invoking the ACPI code. When a reboot happens, the firmware looks for the code and acts on it by sending sequences of commands to the TPM. This patch adds the ACPI code. It is similar to the one in EDK2 but doesn't assume that SMIs are necessary to use. It uses a similar datastructure for the shared memory as EDK2 does so that EDK2 and SeaBIOS could both make use of it. I extended the shared memory data structure with an array of 256 bytes, one for each code that could be implemented. The array contains flags describing the individual codes. This decouples the ACPI implementation from the firmware implementation. The underlying TCG specification is accessible from the following page. https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/ This patch implements version 1.30. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> [ Marc-André - ACPI code improvements and windows fixes ] Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* acpi: expose TPM/PPI configuration parameters to firmware via fw_cfgStefan Berger2019-01-181-0/+19
| | | | | | | | | | | | | | | | | To avoid having to hard code the base address of the PPI virtual memory device we introduce a fw_cfg file etc/tpm/config that holds the base address of the PPI device, the version of the PPI interface and the version of the attached TPM. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> [ Marc-André: renamed to etc/tpm/config, made it static, document it ] Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* docs: tpm: Mention implemented TPM CRB interface emulation and specsStefan Berger2018-10-301-0/+15
| | | | | | | | Add a few sentences about the implemented emulation of the TPM CRB interface and its specification. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* docs: Grammar and spelling fixesVille Skyttä2018-07-131-1/+1
| | | | | | | | Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 20180612065150.21110-1-ville.skytta@iki.fi Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Replace '-enable-kvm' with '-accel kvm' in docs and help textsThomas Huth2018-06-281-4/+4
| | | | | | | | | The preferred way to select the KVM accelerator is to use "-accel kvm" these days, so let's be consistent in our documentation and help texts. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1528866321-23886-3-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* docs: tpm: add VM save/restore example and troubleshooting guideStefan Berger2018-05-241-0/+106
| | | | | | | | Extend the docs related to TPM with specs related to VM save and restore and a troubleshooting guide for TPM migration. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
* specs: Extend TPM spec with TPM emulator descriptionStefan Berger2017-11-151-0/+79
| | | | | | | | | | | | Following the recent extension of QEMU with a TPM emulator device, update the specs describing for how to interact with the device. The results of commands run inside a Linux VM are expected to be similar to those when the TPM passthrough device is used, so we just reuse that. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* specs: Describe the TPM support in QEMUStefan Berger2017-10-131-0/+123
This patch adds a description of the current TPM support in QEMU to the specs. Several public specs are referenced via their landing page on the trustedcomputinggroup.org website. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>