On 01/10/2018 10:19 AM, Marc-André Lureau wrote:
Hi
----- Original Message -----
BTW, from the "TCG PC Client Platform TPM Profile (PTP) Specification",
it seems like the FIFO (TIS) interface is hard-coded *in the spec* at
FED4_0000h – FED4_4FFFh. So we don't even have to make that dynamic.
Regarding CRB (as an alternative to TIS+Cancel), I'm trying to wrap my
brain around the exact resources that the CRB interface requries.
Marc-André, can you summarize those?
The device is a relatively simple MMIO-only device on the sysbus:
https://github.com/stefanberger/qemu-tpm/commit/2f9d06f93b285d4b39966a80867584c487035db9#diff-1ef22a0d46031cf2701a185aed8ae40eR282
The region is registered at the same address as TIS (it's not entirely clear
from the spec it is supposed to be there, but my laptop tpm use the same). And
it uses a size of 0x1000, although it's also unclear to me what should be the
size of the command buffer (that size can also be defined at run-time now,
iirc, I should adapt the code).
In the PTP spec. page 99: the I/O buffer is located from offsets 0x80 -
0xfff. This gives is a maximum of 3968 bytes. That's what you seem to be
implementing.
https://www.trustedcomputinggroup.org/wp-content/uploads/PCClientPlatform-TPM-Profile-for-TPM-2-0-v1-03-20-161114_public-review.pdf
You are already calling:
tpm_backend_startup_tpm(s->tpmbe, CRB_CTRL_CMD_SIZE);
What you may want to do is like the TIS:
s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->be_driver),
CRB_CTRL_CMD_SIZE);
[...]
tpm_backend_startup_tpm(s->tpmbe, se->be_buffer_size);
My experiments so far running some Windows tests indicate that for TPM2, CRB+UEFI is
required (and I managed to get an ovmf build with TPM2 support). A few test failed, it
seems the "Physical Presence Interface" (PPI) is also required. I think that
ACPI interface allows to run TPM commands during reboot, by having the firmware taking
care of the security aspects. I think that's what Stefan is working on for Seabios and
the safe memory region (sorry I haven't read the whole discussion, as I am not working on
TPM atm)
I am working on the PPI thing.
thanks
_______________________________________________
SeaBIOS mailing list
[email protected]
https://mail.coreboot.org/mailman/listinfo/seabios
