summaryrefslogtreecommitdiffstats
path: root/hw/tpm
Commit message (Collapse)AuthorAgeFilesLines
* hw/tpm: fix usage of bool in tpm-tis.cJafar Abdi2020-05-121-2/+2
| | | | | | | | | | | | | Clean up wrong usage of FALSE and TRUE in places that use "bool" from stdbool.h. FALSE and TRUE (with capital letters) are the constants defined by glib for being used with the "gboolean" type of glib. But some parts of the code also use TRUE and FALSE for variables that are declared as "bool" (the type from <stdbool.h>). Signed-off-by: Jafar Abdi <cafer.abdi@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: tpm-tis-device: set PPI to false by defaultEric Auger2020-05-061-1/+1
| | | | | | | | | | | | | The tpm-tis-device device does not support PPI. Let's change the default value for the corresponding property instead of tricking this latter in the mach-virt machine. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Message-id: 20200427143145.16251-2-eric.auger@redhat.com
* tpm: Add the SysBus TPM TIS deviceEric Auger2020-03-053-0/+165
| | | | | | | | | | | | Introduce the tpm-tis-device which is a sysbus device and is bound to be used on ARM. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 20200305165149.618-6-eric.auger@redhat.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: Separate TPM_TIS and TPM_TIS_ISA configsEric Auger2020-03-052-2/+8
| | | | | | | | | | | | | | | Let's separate the compilation of tpm_tis_common.c from the compilation of tpm_tis_isa.c The common part will be also compiled along with the tpm_tis_sysbus device. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 20200305165149.618-5-eric.auger@redhat.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: Separate tpm_tis common functions from isa codeEric Auger2020-03-054-201/+271
| | | | | | | | | | | | Move the device agnostic code into tpm_tis_common.c and put the ISA device specific code into tpm_tis_isa.c Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 20200305165149.618-4-eric.auger@redhat.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: Use TPMState as a common structEric Auger2020-03-051-55/+91
| | | | | | | | | | | | | | | | | | | | | | As we plan to introduce a SysBus TPM TIS device, let's make the TPMState a common struct usable by both the ISADevice and the SysBusDevice. TPMStateISA embeds the struct and inherits from the ISADevice. The prototype of functions bound to be used by both the ISA and SysBus devices is changed to take TPMState handle. A bunch of structs also are renamed to be specialized for the ISA device. Besides those transformations, no functional change is expected. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 20200305165149.618-3-eric.auger@redhat.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: rename TPM_TIS into TPM_TIS_ISAEric Auger2020-03-051-2/+2
| | | | | | | | | | | | | As we plan to introduce a sysbus TPM_TIS, let's rename TPM_TIS into TPM_TIS_ISA. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 20200305165149.618-2-eric.auger@redhat.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES configStefan Berger2020-02-021-1/+1
| | | | | | | | | | Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20200121152935.649898-6-stefanb@linux.ibm.com> [dwg: Use default in Kconfig rather than select to avoid breaking Windows host build] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* tpm_spapr: Support suspend and resumeStefan Berger2020-02-022-1/+53
| | | | | | | | | Extend the tpm_spapr frontend with VM suspend and resume support. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Message-Id: <20200121152935.649898-5-stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* tpm_spapr: Support TPM for ppc64 using CRQ based interfaceStefan Berger2020-02-024-0/+398
| | | | | | | | | | | | | | | | Implement support for TPM on ppc64 by implementing the vTPM CRQ interface as a frontend. It can use the tpm_emulator driver backend with the external swtpm. The Linux vTPM driver for ppc64 works with this emulation. This TPM emulator also handles the TPM 2 case. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20200121152935.649898-4-stefanb@linux.ibm.com> [dwg: Use device_class_set_props(), tweak Kconfig] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* tpm: Move tpm_tis_show_buffer to tpm_util.cStefan Berger2020-02-024-29/+33
| | | | | | | | Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20200121152935.649898-2-stefanb@linux.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* tpm-ppi: page-align PPI RAMMarc-André Lureau2020-01-291-1/+2
| | | | | | | | | | | | | | | | post-copy migration fails on destination with error such as: 2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range: Unaligned start address: 0x559d2afae9a0 Use qemu_memalign() to constrain the PPI RAM memory alignment. Cc: qemu-stable@nongnu.org Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com
* qdev: set properties with device_class_set_props()Marc-André Lureau2020-01-242-2/+2
| | | | | | | | | | | | | | | | | | | | | The following patch will need to handle properties registration during class_init time. Let's use a device_class_set_props() setter. spatch --macro-file scripts/cocci-macro-file.h --sp-file ./scripts/coccinelle/qdev-set-props.cocci --keep-comments --in-place --dir . @@ typedef DeviceClass; DeviceClass *d; expression val; @@ - d->props = val + device_class_set_props(d, val) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* migration: Define VMSTATE_INSTANCE_ID_ANYPeter Xu2020-01-201-1/+2
| | | | | | | | | | | Define the new macro VMSTATE_INSTANCE_ID_ANY for callers who wants to auto-generate the vmstate instance ID. Previously it was hard coded as -1 instead of this macro. It helps to change this default value in the follow up patches. No functional change. Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
* hw/tpm: rename Error ** parameter to more common errpVladimir Sementsov-Ogievskiy2019-12-181-4/+4
| | | | | | | | Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Message-Id: <20191205174635.18758-17-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* Include hw/qdev-properties.h lessMarkus Armbruster2019-08-163-3/+2Star
| | | | | | | | | | | | | | | | | | | | | | | | | In my "build everything" tree, changing hw/qdev-properties.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). Many places including hw/qdev-properties.h (directly or via hw/qdev.h) actually need only hw/qdev-core.h. Include hw/qdev-core.h there instead. hw/qdev.h is actually pointless: all it does is include hw/qdev-core.h and hw/qdev-properties.h, which in turn includes hw/qdev-core.h. Replace the remaining uses of hw/qdev.h by hw/qdev-properties.h. While there, delete a few superfluous inclusions of hw/qdev-core.h. Touching hw/qdev-properties.h now recompiles some 1200 objects. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190812052359.30071-22-armbru@redhat.com>
* Include hw/hw.h exactly where neededMarkus Armbruster2019-08-162-2/+0Star
| | | | | | | | | | | | | | | | In my "build everything" tree, changing hw/hw.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The previous commits have left only the declaration of hw_error() in hw/hw.h. This permits dropping most of its inclusions. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-19-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* Include migration/vmstate.h lessMarkus Armbruster2019-08-162-0/+2
| | | | | | | | | | | | | | | | | | In my "build everything" tree, changing migration/vmstate.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/hw.h supposedly includes it for convenience. Several other headers include it just to get VMStateDescription. The previous commit made that unnecessary. Include migration/vmstate.h only where it's still needed. Touching it now recompiles only some 1600 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-16-armbru@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* Include hw/irq.h a lot lessMarkus Armbruster2019-08-161-0/+1
| | | | | | | | | | | | | | | | | | | In my "build everything" tree, changing hw/irq.h triggers a recompile of some 5400 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/hw.h supposedly includes it for convenience. Several other headers include it just to get qemu_irq and.or qemu_irq_handler. Move the qemu_irq and qemu_irq_handler typedefs from hw/irq.h to qemu/typedefs.h, and then include hw/irq.h only where it's still needed. Touching it now recompiles only some 500 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-13-armbru@redhat.com>
* Include sysemu/reset.h a lot lessMarkus Armbruster2019-08-161-1/+0Star
| | | | | | | | | | | | | | | | | | In my "build everything" tree, changing sysemu/reset.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The main culprit is hw/hw.h, which supposedly includes it for convenience. Include sysemu/reset.h only where it's needed. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-9-armbru@redhat.com>
* trace: Eliminate use of TARGET_FMT_plxMarkus Armbruster2019-08-161-2/+2
| | | | | | | | | | | | | | | | | | hw/tpm/trace-events uses TARGET_FMT_plx formats with uint64_t arguments. That's wrong, TARGET_FMT_plx takes hwaddr. Since hwaddr happens to be uint64_t, it works anyway. Messed up in commit ec427498da5, v2.12.0. Clean up by replacing TARGET_FMT_plx with its macro expansion. scripts/tracetool/format/log_stap.py (commit 62dd1048c0b, v4.0.0) has a special case for TARGET_FMT_plx. Delete it. Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20190812052359.30071-7-armbru@redhat.com>
* tpm_emulator: Translate TPM error codes to stringsStefan Berger2019-07-252-10/+63
| | | | | | | | | Implement a function to translate TPM error codes to strings so that at least the most common error codes can be translated to human readable strings. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: Exit in reset when backend indicates failureStefan Berger2019-07-252-2/+6
| | | | | | | | Exit() in the frontend reset function when the backend indicates intialization failure. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* hw/tpm: Only build tpm_ppi.o if any of TPM_TIS/TPM_CRB is builtPhilippe Mathieu-Daudé2019-07-081-2/+2
| | | | | | | | | | | The TPM Physical Presence Interface routines are only used by the CRB/TIS interfaces. Do not compile this file if any of them is built. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* Include qemu-common.h exactly where neededMarkus Armbruster2019-06-121-0/+1
| | | | | | | | | | | | | | | | No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
* Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster2019-06-124-2/+4
| | | | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
* Clean up ill-advised or unusual header guardsMarkus Armbruster2019-05-131-3/+4
| | | | | | | | | | | | | | Leading underscores are ill-advised because such identifiers are reserved. Trailing underscores are merely ugly. Strip both. Our header guards commonly end in _H. Normalize the exceptions. Done with scripts/clean-header-guards.pl. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190315145123.28030-7-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [Changes to slirp/ dropped, as we're about to spin it off]
* trace-events: Shorten file names in commentsMarkus Armbruster2019-03-221-6/+6
| | | | | | | | | | | | | | | We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved verbatim. Delete the sub/dir/ part from these comments. Gets rid of several misspellings. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190314180929.27722-3-armbru@redhat.com Message-Id: <20190314180929.27722-3-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tpm: express dependencies with KconfigPaolo Bonzini2019-03-071-1/+9
| | | | | | | This automatically removes the TPM backends from the binary altogether if no front-ends are selected. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* i386: express dependencies with KconfigPaolo Bonzini2019-03-071-1/+1
| | | | | | | | | | This way, the default-configs file only need to specify the boards and any optional devices. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20190123065618.3520-37-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* isa: express dependencies with kconfigPaolo Bonzini2019-03-071-1/+1
| | | | | | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20190123065618.3520-36-yang.zhong@intel.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* build: switch to KconfigPaolo Bonzini2019-03-071-0/+2
| | | | | | | | | | | | | | | | | | | | The make_device_config.sh script is replaced by minikconf, which is modified to support the same command line as its predecessor. The roots of the parsing are default-configs/*.mak, Kconfig.host and hw/Kconfig. One difference with make_device_config.sh is that all symbols have to be defined in a Kconfig file, including those coming from the configure script. This is the reason for the Kconfig.host file introduced in the previous patch. Whenever a file in default-configs/*.mak used $(...) to refer to a config-host.mak symbol, this is replaced by a Kconfig dependency; this part must be done already in this patch for bisectability. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20190123065618.3520-28-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* kconfig: introduce kconfig filesPaolo Bonzini2019-03-071-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Kconfig files were generated mostly with this script: for i in `grep -ho CONFIG_[A-Z0-9_]* default-configs/* | sort -u`; do set fnord `git grep -lw $i -- 'hw/*/Makefile.objs' ` shift if test $# = 1; then cat >> $(dirname $1)/Kconfig << EOF config ${i#CONFIG_} bool EOF git add $(dirname $1)/Kconfig else echo $i $* fi done sed -i '$d' hw/*/Kconfig for i in hw/*; do if test -d $i && ! test -f $i/Kconfig; then touch $i/Kconfig git add $i/Kconfig fi done Whenever a symbol is referenced from multiple subdirectories, the script prints the list of directories that reference the symbol. These symbols have to be added manually to the Kconfig files. Kconfig.host and hw/Kconfig were created manually. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Message-Id: <20190123065618.3520-27-yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* tpm_tis: convert tpm_tis_show_buffer() to use trace eventLiam Merwick2019-02-242-12/+20
| | | | | | | | | | | | | | | cppcheck reports: [hw/tpm/tpm_tis.c:113]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int' Rather than just converting the format specifier to use '%u", the tpm_tis_show_buffer() function is converted to use trace points and the two debug callers use the trace event infrastructure so that it's available in production cases also and not just when DEBUG_TIS is enabled. Signed-off-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm_tis: fix loop that cancels any seizure by a lower localityLiam Merwick2019-02-241-1/+1
| | | | | | | | | | | | | In tpm_tis_mmio_write() if the requesting locality is seizing access, any seizure by a lower locality is cancelled. However the loop doing the seizure had an off-by-one error and the locality immediately preceding the requesting locality was not being cleared. This is fixed by adjusting the test in the for loop to check the localities up to the requesting locality. Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: clear RAM when "memory overwrite" requestedMarc-André Lureau2019-01-185-0/+41
| | | | | | | | | | | | | | | | | | | | Note: the "Platform Reset Attack Mitigation" specification isn't explicit about NVDIMM, since they could have different usages. It uses the term "system memory" generally (and also "volatile memory RAM" in its introduction). For initial support, I propose to consider non-volatile memory as not being subject to the memory clear. There is an on-going discussion in the TCG "pcclientwg" working group for future revisions. CPU cache clearing is done unconditionally in edk2 since commit d20ae95a13e851 (edk2-stable201811). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tpm: allocate/map buffer for TPM Physical Presence interfaceStefan Berger2019-01-185-0/+82
| | | | | | | | | | | | | | | | | | | | | | | Implement a virtual memory device for the TPM Physical Presence interface. The memory is located at 0xFED45000 and used by ACPI to send messages to the firmware (BIOS) and by the firmware to provide parameters for each one of the supported codes. This interface should be used by all TPM devices on x86 and can be added by calling tpm_ppi_init_io(). Note: bios_linker cannot be used to allocate the PPI memory region, since the reserved memory should stay stable across reboots, and might be needed before the ACPI tables are installed. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tpm: add a "ppi" boolean propertyMarc-André Lureau2019-01-182-0/+6
| | | | | | | | | | | | | | The following patches implement the TPM Physical Presence Interface, make use of a new memory region and a fw_cfg entry. Enable PPI by default with >=4.0 machine type, to avoid migration issues. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tpm: Make sure the locality received from backend is validStefan Berger2018-12-041-0/+2
| | | | | | | | Make sure that the locality passed from the backend to tpm_tis_request_completed() is valid. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: Make sure new locality passed to tpm_tis_prep_abort() is validStefan Berger2018-12-041-1/+3
| | | | | | | | | | | Make sure that the new locality passed to tpm_tis_prep_abort() is valid. Add a comment to aborting_locty that it may be any locality, including TPM_TIS_NO_LOCALITY. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: Remove unused locty parameter from tpm_tis_abort()Stefan Berger2018-12-031-3/+3
| | | | | | | Remove the unused locty parameter from tpm_tis_abort() function. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* tpm: use loop iterator to set sts data fieldPrasad J Pandit2018-11-141-1/+1
| | | | | | | | When TIS request is done, set 'sts' data field across all localities. Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tpm: Zero-init structure to avoid uninitialized variables in valgrind logStefan Berger2018-10-301-0/+1
| | | | | | | | Zero-init the ptm_loc structure so that we don't have fields that are not initialised. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* tpm: extend TPM TIS with state migration supportStefan Berger2018-05-242-2/+51
| | | | | | | | | | | | Extend the TPM TIS interface with state migration support. We need to synchronize with the backend thread to make sure that a command being processed by the external TPM emulator has completed and its response been received. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: extend TPM emulator with state migration supportStefan Berger2018-05-242-12/+319
| | | | | | | | | | | | | | | | | | | Extend the TPM emulator backend device with state migration support. The external TPM emulator 'swtpm' provides a protocol over its control channel to retrieve its state blobs. We implement functions for getting and setting the different state blobs. In case the setting of the state blobs fails, we return a negative errno code to fail the start of the VM. Since we have an external TPM emulator, we need to make sure that we do not migrate the state for as long as it is busy processing a request. We need to wait for notification that the request has completed processing. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: CRB: Enforce locality is requested before processing bufferStefan Berger2018-03-291-1/+13
| | | | | | | | | Section 5.5.3.2.2 of the CRB specs states that use of the TPM through the localty control method must first be requested, otherwise the command will be dropped. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: CRB: Reset Granted flag when relinquishing localityStefan Berger2018-03-291-0/+2
| | | | | | | Reset the Granted flag when relinquishing a locality. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: CRB: set the Idle flag by defaultStefan Berger2018-03-291-0/+2
| | | | | Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: CRB: query backend for TPM established flagStefan Berger2018-03-211-0/+6
| | | | | Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* tpm: CRB: reset locAssigned upon relinquishing localityStefan Berger2018-03-211-0/+2
| | | | | Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>