Peter Maydell <peter.mayd...@linaro.org> writes:
> On Tue, 21 Jul 2020 at 17:07, Philippe Mathieu-Daudé <phi...@redhat.com>
> wrote:
>>
>> Hi Stefan,
>>
>> I'm trying to understand what is modelling the
>> TYPE_TPM_TIS_ISA device.
>>
>> It inherits from TYPE_ISA_DEVICE, so I expected
>> to see an ISA device, but then I noticed:
>>
>> 1/ it doesn't use the ISA I/O space, it directly
>> maps the device in the system memory at a fixed
>> address that is not addressable by the ISA bus:
>>
>> #define TPM_TIS_ADDR_BASE 0xFED40000
>
> Why do you think this is mapping to the system memory?
> tpm_tis_isa_realizefn() does:
>
> memory_region_add_subregion(isa_address_space(ISA_DEVICE(dev)),
> TPM_TIS_ADDR_BASE, &s->mmio);
>
> which puts it into the ISA memory address space.
>
> The weird thing about this is not which AS it's
> going in but the fact that the TPM_TIS_ADDR_BASE
> is way higher than an actual ISA bus can address
> (so for instance it's out of range of the size of
> the ISA memory window on the Jazz board).
>
>> 2/ it is not plugged to an ISA BUS (ISABus*)
>
> Won't it autoplug into the ISA bus if you say "-device tpm-tis",
> the same as any other ISA device ?
Yup:
$ qemu-system-x86_64 -nodefaults -S -display none -monitor stdio -chardev
socket,id=chrtpm,path=tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm
-device tpm-tis,tpmdev=tpm0
QEMU 5.0.90 monitor - type 'help' for more information
(qemu) info qtree
bus: main-system-bus
type System
[...]
dev: i440FX-pcihost, id ""
[...]
bus: pci.0
type PCI
[...]
dev: PIIX3, id ""
[...]
bus: isa.0
type ISA
dev: tpm-tis, id ""
irq = 5 (0x5)
tpmdev = "tpm0"
ppi = true
isa irq 5
[...]
This is with
$ swtpm socket --tpmstate dir=tpm --ctrl type=unixio,path=tpm/swtpm-soc
running in another terminal.
>> 3/ no machine plug it using isa_register_ioport()
>> (it is not registered to the ISA memory space)
>
> There's no requirement for an ISA device to have IO ports...
>
> thanks
> -- PMM
Thread hijack! Since I didn't have swtpm installed, I tried to take a
shortcut:
$ qemu-system-x86_64 -nodefaults -S -display none -monitor stdio -chardev
null,id=tpm0 -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm: tpm-emulator:
tpm chardev 'chrtpm' not found.
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm: tpm-emulator:
Could not cleanly shutdown the TPM: No such file or directory
QEMU 5.0.90 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: -device tpm-tis,tpmdev=tpm0: Property
'tpm-tis.tpmdev' can't find value 'tpm0'
$ echo $?
1
That a null chardev doesn't work is fine. But the error handling looks
broken: QEMU diagnoses and reports the problem, then continues. The
final error message indicates that it continued without creating the
backend "tpm0". That's wrong.
Different tack: could -tpmdev be made sugar for -object? I'm asking
because other kinds of backends use -object instead of their very own
option.
