The following series of patches adds a TPM (Trusted Platform Module)
TIS (TPM Interface Spec) interface to Qemu and with that provides
means to access a backend implementing the actual TPM functionality.
This frontend enables for example Linux's TPM TIS (tpm_tis) driver.
I am also posting the implementation of a backend implementation that is based
on a library (libtpms) providing TPM functionality. This library is currently
undergoing further testing and is not commonly available, yet.
The main purpose of me posting the libtpms-based backend patches now is to
show an example of how to integrate a backend with this TIS frontend. The
frontend is independent of the code in the backend and could be checked-in
separately, though will be of limited use as long as no backend is provided.
The backend driver for Xen, however, should be adapted to work with this
frontend's extensive interface.
My testing is all based on the libtpms-based backend that provides support for
VM suspend/resume, migration and snapshotting. It uses QCoW2 as the file
format for storing its persistent state onto, which is necessary for support
of snapshotting. Using Linux as the OS along with some recently posted patches
for the Linux TPM TIS driver, suspend/resume works fine (using 'virsh
save/restore') along with hibernation and OS suspend (ACPI S3).
Proper support for the TPM requires support in the BIOS since the BIOS
needs to initialize the TPM upon machine start or issue commands to the TPM
when it resumes from suspend (ACPI S3). It also builds and connects the
necessary ACPI tables (SSDT for TPM device, TCPA table for logging) to the
ones that are built by a BIOS. To support this I have fairly extensive
set of extensions for SeaBIOS that I posted to the SeaBIOS mailing list.
V2:
- splitting some of the patches into smaller ones for easier review
- fixes in individual patches
Regards,
Stefan
