On Tue, Jun 27, 2017 at 12:12:50PM -0400, Stefan Berger wrote: > On 06/14/2017 09:51 AM, Laszlo Ersek wrote: > > Hi Stefan, > > > > the MAINTAINERS file doesn't seem to cover any of the TPM-related files > > in the tree: > > > > backends/tpm.c > > hw/tpm/ > > include/hw/acpi/tpm.h > > include/sysemu/tpm* > > tpm.c > > > > but I have a gut feeling that you are semi-officially maintaining TPM > > anyway, so I'm going to ask you. :) > > > > Can you please write a document, to be placed under docs/specs/, that > > describes the TPM device from a guest perspective, also explaining how > > the guest-visible bits are connected to (current) TPM backend(s)? > > > > The document wouldn't have to be very long; I think all standardized > > interfaces could be mentioned by reference only (by spec names and > > locations). The document should however describe any QEMU specifics, and > > how the relevant specs are brought together in the implementation. > > > > Some text files I'm familiar with and can recommend as examples: > > - docs/specs/fw_cfg.txt > > - docs/specs/pvpanic.txt > > - docs/specs/vmgenid.txt > > > > (There may be more and/or better examples of course.) > > > > This document should be the starting point for developers that want to > > support QEMU's TPM(s) in guest firmware that is different from SeaBIOS. > > (You've been maintaining the related SeaBIOS feature.) > > > > Would you be willing to author such a design document? > > Here's what I have so far with pointers to TCG specs. Does that go in the > right direction? > > > QEMU TPM Device > =============== > > = Guest-side Hardware Interface = > > The QEMU TPM emulation implements a TPM TIS hardware interface following > the Trusted Computing Group's specification "TCG PC Client Specific TPM > Interface Specification (TIS)", Specifcation Version 1.3, 21 March 2013. > This specification, or a later version of it, can be accessed from the > following URL: > > https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/ > > The TIS interface makes a memory mapped IO region in the area 0xfed40000 - > 0xfed44fff available to the guest operating system. > > = ACPI Interface = > > The TPM device is defined with ACPI ID "PNP0C31". QEMU builds a SSDT > and passes it into the guest through the fw_cfg device. The device > description contains the base address of the TIS interface 0xfed40000 > and the size of the MMIO area (0x5000). In case a TPM2 is used by > QEMU, a TPM2 ACPI table is also provided. The device is described to > be used in polling mode rather than interrupt mode primarily because > no unused IRQ could be found. > > To support measurements logs to be written by the firmware, e.g. > SeaBIOS, a TCPA table is implemented. This table provides a 64kb > buffer where the firmware can write its log into.
How does this work if we boot with edk2? Do we get what's described in https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf instead of this interface? As well as it? It'd be good to have some text about this here. -- Peter
