From bdee56f5466a724f043e6cfcfcf69866cc48cc94 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 2 Apr 2013 18:28:41 +0200 Subject: tpm: reorganize headers and split hardware part The TPM subsystem does not have a full front-end/back-end separation. The sole available backend, tpm_passthrough, depends on the data structures of the sole available frontend, tpm_tis. However, we can at least try to split the user interface (tpm.c) from the implementation (hw/tpm). The patches makes tpm.c not include tpm_int.h, which is shared between tpm_tis.c and tpm_passthrough.c; instead it moves more stuff to tpm_backend.h. Signed-off-by: Paolo Bonzini --- Makefile.objs | 2 +- backends/tpm.c | 38 +- hw/Makefile.objs | 1 + hw/tpm/Makefile.objs | 2 + hw/tpm/tpm_int.h | 60 +++ hw/tpm/tpm_passthrough.c | 576 ++++++++++++++++++++++++ hw/tpm/tpm_tis.c | 930 +++++++++++++++++++++++++++++++++++++++ hw/tpm/tpm_tis.h | 75 ++++ include/backends/tpm.h | 41 +- include/sysemu/tpm.h | 23 + include/sysemu/tpm_backend_int.h | 45 ++ include/tpm/tpm.h | 25 -- monitor.c | 2 +- tpm.c | 350 +++++++++++++++ tpm/Makefile.objs | 4 - tpm/tpm.c | 365 --------------- tpm/tpm_backend.c | 58 --- tpm/tpm_backend.h | 45 -- tpm/tpm_int.h | 95 ---- tpm/tpm_passthrough.c | 560 ----------------------- tpm/tpm_tis.c | 930 --------------------------------------- tpm/tpm_tis.h | 80 ---- vl.c | 2 +- 23 files changed, 2142 insertions(+), 2167 deletions(-) create mode 100644 hw/tpm/Makefile.objs create mode 100644 hw/tpm/tpm_int.h create mode 100644 hw/tpm/tpm_passthrough.c create mode 100644 hw/tpm/tpm_tis.c create mode 100644 hw/tpm/tpm_tis.h create mode 100644 include/sysemu/tpm.h create mode 100644 include/sysemu/tpm_backend_int.h delete mode 100644 include/tpm/tpm.h create mode 100644 tpm.c delete mode 100644 tpm/Makefile.objs delete mode 100644 tpm/tpm.c delete mode 100644 tpm/tpm_backend.c delete mode 100644 tpm/tpm_backend.h delete mode 100644 tpm/tpm_int.h delete mode 100644 tpm/tpm_passthrough.c delete mode 100644 tpm/tpm_tis.c delete mode 100644 tpm/tpm_tis.h diff --git a/Makefile.objs b/Makefile.objs index e568c018b3..a473348dc2 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -65,7 +65,7 @@ common-obj-y += bt-host.o bt-vhci.o common-obj-y += dma-helpers.o common-obj-y += vl.o -common-obj-y += tpm/ +common-obj-y += tpm.o common-obj-$(CONFIG_SLIRP) += slirp/ diff --git a/backends/tpm.c b/backends/tpm.c index 28148c23cf..0580108c5f 100644 --- a/backends/tpm.c +++ b/backends/tpm.c @@ -13,8 +13,10 @@ */ #include "backends/tpm.h" -#include "tpm/tpm_int.h" #include "qapi/qmp/qerror.h" +#include "sysemu/tpm.h" +#include "qemu/thread.h" +#include "sysemu/tpm_backend_int.h" enum TpmType tpm_backend_get_type(TPMBackend *s) { @@ -137,6 +139,40 @@ static void tpm_backend_instance_init(Object *obj) NULL); } +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt) +{ + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD, NULL); +} + +void tpm_backend_thread_create(TPMBackendThread *tbt, + GFunc func, gpointer user_data) +{ + if (!tbt->pool) { + tbt->pool = g_thread_pool_new(func, user_data, 1, TRUE, NULL); + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL); + } +} + +void tpm_backend_thread_end(TPMBackendThread *tbt) +{ + if (tbt->pool) { + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_END, NULL); + g_thread_pool_free(tbt->pool, FALSE, TRUE); + tbt->pool = NULL; + } +} + +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, + GFunc func, gpointer user_data) +{ + if (!tbt->pool) { + tpm_backend_thread_create(tbt, func, user_data); + } else { + g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET, + NULL); + } +} + static const TypeInfo tpm_backend_info = { .name = TYPE_TPM_BACKEND, .parent = TYPE_OBJECT, diff --git a/hw/Makefile.objs b/hw/Makefile.objs index 1cb86fa323..b7a1613612 100644 --- a/hw/Makefile.objs +++ b/hw/Makefile.objs @@ -22,6 +22,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += scsi/ devices-dirs-$(CONFIG_SOFTMMU) += sd/ devices-dirs-$(CONFIG_SOFTMMU) += ssi/ devices-dirs-$(CONFIG_SOFTMMU) += timer/ +devices-dirs-$(CONFIG_TPM) += tpm/ devices-dirs-$(CONFIG_SOFTMMU) += usb/ devices-dirs-$(CONFIG_SOFTMMU) += virtio/ devices-dirs-$(CONFIG_SOFTMMU) += watchdog/ diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs new file mode 100644 index 0000000000..99f5983143 --- /dev/null +++ b/hw/tpm/Makefile.objs @@ -0,0 +1,2 @@ +common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o +common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h new file mode 100644 index 0000000000..08f87cb9a8 --- /dev/null +++ b/hw/tpm/tpm_int.h @@ -0,0 +1,60 @@ +/* + * TPM configuration + * + * Copyright (C) 2011-2013 IBM Corporation + * + * Authors: + * Stefan Berger + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef TPM_TPM_INT_H +#define TPM_TPM_INT_H + +#include "exec/memory.h" +#include "tpm_tis.h" + +/* overall state of the TPM interface */ +struct TPMState { + ISADevice busdev; + MemoryRegion mmio; + + union { + TPMTISEmuState tis; + } s; + + uint8_t locty_number; + TPMLocality *locty_data; + + char *backend; + TPMBackend *be_driver; +}; + +#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS) + +struct tpm_req_hdr { + uint16_t tag; + uint32_t len; + uint32_t ordinal; +} QEMU_PACKED; + +struct tpm_resp_hdr { + uint16_t tag; + uint32_t len; + uint32_t errcode; +} QEMU_PACKED; + +#define TPM_TAG_RQU_COMMAND 0xc1 +#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2 +#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3 + +#define TPM_TAG_RSP_COMMAND 0xc4 +#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5 +#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6 + +#define TPM_FAIL 9 + +#define TPM_ORD_GetTicks 0xf1 + +#endif /* TPM_TPM_INT_H */ diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c new file mode 100644 index 0000000000..578127723f --- /dev/null +++ b/hw/tpm/tpm_passthrough.c @@ -0,0 +1,576 @@ +/* + * passthrough TPM driver + * + * Copyright (c) 2010 - 2013 IBM Corporation + * Authors: + * Stefan Berger + * + * Copyright (C) 2011 IAIK, Graz University of Technology + * Author: Andreas Niederl + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see + */ + +#include + +#include "qemu-common.h" +#include "qapi/error.h" +#include "qemu/sockets.h" +#include "backends/tpm.h" +#include "tpm_int.h" +#include "hw/hw.h" +#include "hw/i386/pc.h" +#include "sysemu/tpm_backend_int.h" +#include "tpm_tis.h" + +/* #define DEBUG_TPM */ + +#ifdef DEBUG_TPM +#define DPRINTF(fmt, ...) \ + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) +#else +#define DPRINTF(fmt, ...) \ + do { } while (0) +#endif + +#define TYPE_TPM_PASSTHROUGH "tpm-passthrough" +#define TPM_PASSTHROUGH(obj) \ + OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH) + +static const TPMDriverOps tpm_passthrough_driver; + +/* data structures */ +typedef struct TPMPassthruThreadParams { + TPMState *tpm_state; + + TPMRecvDataCB *recv_data_callback; + TPMBackend *tb; +} TPMPassthruThreadParams; + +struct TPMPassthruState { + TPMBackend parent; + + TPMBackendThread tbt; + + TPMPassthruThreadParams tpm_thread_params; + + char *tpm_dev; + int tpm_fd; + bool tpm_executing; + bool tpm_op_canceled; + int cancel_fd; + bool had_startup_error; +}; + +typedef struct TPMPassthruState TPMPassthruState; + +#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" + +/* functions */ + +static void tpm_passthrough_cancel_cmd(TPMBackend *tb); + +static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len) +{ + return send_all(fd, buf, len); +} + +static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) +{ + return recv_all(fd, buf, len, true); +} + +static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf) +{ + struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf; + + return be32_to_cpu(resp->len); +} + +/* + * Write an error message in the given output buffer. + */ +static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len) +{ + if (out_len >= sizeof(struct tpm_resp_hdr)) { + struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; + + resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); + resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); + resp->errcode = cpu_to_be32(TPM_FAIL); + } +} + +static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + const uint8_t *in, uint32_t in_len, + uint8_t *out, uint32_t out_len) +{ + int ret; + + tpm_pt->tpm_op_canceled = false; + tpm_pt->tpm_executing = true; + + ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len); + if (ret != in_len) { + if (!tpm_pt->tpm_op_canceled || + (tpm_pt->tpm_op_canceled && errno != ECANCELED)) { + error_report("tpm_passthrough: error while transmitting data " + "to TPM: %s (%i)\n", + strerror(errno), errno); + } + goto err_exit; + } + + tpm_pt->tpm_executing = false; + + ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len); + if (ret < 0) { + if (!tpm_pt->tpm_op_canceled || + (tpm_pt->tpm_op_canceled && errno != ECANCELED)) { + error_report("tpm_passthrough: error while reading data from " + "TPM: %s (%i)\n", + strerror(errno), errno); + } + } else if (ret < sizeof(struct tpm_resp_hdr) || + tpm_passthrough_get_size_from_buffer(out) != ret) { + ret = -1; + error_report("tpm_passthrough: received invalid response " + "packet from TPM\n"); + } + +err_exit: + if (ret < 0) { + tpm_write_fatal_error_response(out, out_len); + } + + tpm_pt->tpm_executing = false; + + return ret; +} + +static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt, + const TPMLocality *locty_data) +{ + return tpm_passthrough_unix_tx_bufs(tpm_pt, + locty_data->w_buffer.buffer, + locty_data->w_offset, + locty_data->r_buffer.buffer, + locty_data->r_buffer.size); +} + +static void tpm_passthrough_worker_thread(gpointer data, + gpointer user_data) +{ + TPMPassthruThreadParams *thr_parms = user_data; + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb); + TPMBackendCmd cmd = (TPMBackendCmd)data; + + DPRINTF("tpm_passthrough: processing command type %d\n", cmd); + + switch (cmd) { + case TPM_BACKEND_CMD_PROCESS_CMD: + tpm_passthrough_unix_transfer(tpm_pt, + thr_parms->tpm_state->locty_data); + + thr_parms->recv_data_callback(thr_parms->tpm_state, + thr_parms->tpm_state->locty_number); + break; + case TPM_BACKEND_CMD_INIT: + case TPM_BACKEND_CMD_END: + case TPM_BACKEND_CMD_TPM_RESET: + /* nothing to do */ + break; + } +} + +/* + * Start the TPM (thread). If it had been started before, then terminate + * and start it again. + */ +static int tpm_passthrough_startup_tpm(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + /* terminate a running TPM */ + tpm_backend_thread_end(&tpm_pt->tbt); + + tpm_backend_thread_create(&tpm_pt->tbt, + tpm_passthrough_worker_thread, + &tpm_pt->tpm_thread_params); + + return 0; +} + +static void tpm_passthrough_reset(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n"); + + tpm_passthrough_cancel_cmd(tb); + + tpm_backend_thread_end(&tpm_pt->tbt); + + tpm_pt->had_startup_error = false; +} + +static int tpm_passthrough_init(TPMBackend *tb, TPMState *s, + TPMRecvDataCB *recv_data_cb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + tpm_pt->tpm_thread_params.tpm_state = s; + tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb; + tpm_pt->tpm_thread_params.tb = tb; + + return 0; +} + +static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) +{ + return false; +} + +static bool tpm_passthrough_get_startup_error(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + return tpm_pt->had_startup_error; +} + +static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb) +{ + size_t wanted_size = 4096; /* Linux tpm.c buffer size */ + + if (sb->size != wanted_size) { + sb->buffer = g_realloc(sb->buffer, wanted_size); + sb->size = wanted_size; + } + return sb->size; +} + +static void tpm_passthrough_deliver_request(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + tpm_backend_thread_deliver_request(&tpm_pt->tbt); +} + +static void tpm_passthrough_cancel_cmd(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + int n; + + /* + * As of Linux 3.7 the tpm_tis driver does not properly cancel + * commands on all TPM manufacturers' TPMs. + * Only cancel if we're busy so we don't cancel someone else's + * command, e.g., a command executed on the host. + */ + if (tpm_pt->tpm_executing) { + if (tpm_pt->cancel_fd >= 0) { + n = write(tpm_pt->cancel_fd, "-", 1); + if (n != 1) { + error_report("Canceling TPM command failed: %s\n", + strerror(errno)); + } else { + tpm_pt->tpm_op_canceled = true; + } + } else { + error_report("Cannot cancel TPM command due to missing " + "TPM sysfs cancel entry"); + } + } +} + +static const char *tpm_passthrough_create_desc(void) +{ + return "Passthrough TPM backend driver"; +} + +/* + * A basic test of a TPM device. We expect a well formatted response header + * (error response is fine) within one second. + */ +static int tpm_passthrough_test_tpmdev(int fd) +{ + struct tpm_req_hdr req = { + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), + .len = cpu_to_be32(sizeof(req)), + .ordinal = cpu_to_be32(TPM_ORD_GetTicks), + }; + struct tpm_resp_hdr *resp; + fd_set readfds; + int n; + struct timeval tv = { + .tv_sec = 1, + .tv_usec = 0, + }; + unsigned char buf[1024]; + + n = write(fd, &req, sizeof(req)); + if (n < 0) { + return errno; + } + if (n != sizeof(req)) { + return EFAULT; + } + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + /* wait for a second */ + n = select(fd + 1, &readfds, NULL, NULL, &tv); + if (n != 1) { + return errno; + } + + n = read(fd, &buf, sizeof(buf)); + if (n < sizeof(struct tpm_resp_hdr)) { + return EFAULT; + } + + resp = (struct tpm_resp_hdr *)buf; + /* check the header */ + if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND || + be32_to_cpu(resp->len) != n) { + return EBADMSG; + } + + return 0; +} + +/* + * Check whether the given base path, e.g., /sys/class/misc/tpm0/device, + * is the sysfs directory of a TPM. A TPM sysfs directory should be uniquely + * recognizable by the file entries 'pcrs' and 'cancel'. + * Upon success 'true' is returned and the basebath buffer has '/cancel' + * appended. + */ +static bool tpm_passthrough_check_sysfs_cancel(char *basepath, size_t bufsz) +{ + char path[PATH_MAX]; + struct stat statbuf; + + snprintf(path, sizeof(path), "%s/pcrs", basepath); + if (stat(path, &statbuf) == -1 || !S_ISREG(statbuf.st_mode)) { + return false; + } + + snprintf(path, sizeof(path), "%s/cancel", basepath); + if (stat(path, &statbuf) == -1 || !S_ISREG(statbuf.st_mode)) { + return false; + } + + strncpy(basepath, path, bufsz); + + return true; +} + +/* + * Unless path or file descriptor set has been provided by user, + * determine the sysfs cancel file following kernel documentation + * in Documentation/ABI/stable/sysfs-class-tpm. + */ +static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb) +{ + int fd = -1; + unsigned int idx; + DIR *pnp_dir; + char path[PATH_MAX]; + struct dirent entry, *result; + int len; + + if (tb->cancel_path) { + fd = qemu_open(tb->cancel_path, O_WRONLY); + if (fd < 0) { + error_report("Could not open TPM cancel path : %s", + strerror(errno)); + } + return fd; + } + + snprintf(path, sizeof(path), "/sys/class/misc"); + pnp_dir = opendir(path); + if (pnp_dir != NULL) { + while (readdir_r(pnp_dir, &entry, &result) == 0 && + result != NULL) { + /* + * only allow /sys/class/misc/tpm%u type of paths + */ + if (sscanf(entry.d_name, "tpm%u%n", &idx, &len) < 1 || + len <= strlen("tpm") || + len != strlen(entry.d_name)) { + continue; + } + + snprintf(path, sizeof(path), "/sys/class/misc/%s/device", + entry.d_name); + if (!tpm_passthrough_check_sysfs_cancel(path, sizeof(path))) { + continue; + } + + fd = qemu_open(path, O_WRONLY); + break; + } + closedir(pnp_dir); + } + + if (fd >= 0) { + tb->cancel_path = g_strdup(path); + } + + return fd; +} + +static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + const char *value; + + value = qemu_opt_get(opts, "cancel-path"); + if (value) { + tb->cancel_path = g_strdup(value); + } + + value = qemu_opt_get(opts, "path"); + if (!value) { + value = TPM_PASSTHROUGH_DEFAULT_DEVICE; + } + + tpm_pt->tpm_dev = g_strdup(value); + + tb->path = g_strdup(tpm_pt->tpm_dev); + + tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR); + if (tpm_pt->tpm_fd < 0) { + error_report("Cannot access TPM device using '%s': %s\n", + tpm_pt->tpm_dev, strerror(errno)); + goto err_free_parameters; + } + + if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) { + error_report("'%s' is not a TPM device.\n", + tpm_pt->tpm_dev); + goto err_close_tpmdev; + } + + return 0; + + err_close_tpmdev: + qemu_close(tpm_pt->tpm_fd); + tpm_pt->tpm_fd = -1; + + err_free_parameters: + g_free(tb->path); + tb->path = NULL; + + g_free(tpm_pt->tpm_dev); + tpm_pt->tpm_dev = NULL; + + return 1; +} + +static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) +{ + Object *obj = object_new(TYPE_TPM_PASSTHROUGH); + TPMBackend *tb = TPM_BACKEND(obj); + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + tb->id = g_strdup(id); + /* let frontend set the fe_model to proper value */ + tb->fe_model = -1; + + tb->ops = &tpm_passthrough_driver; + + if (tpm_passthrough_handle_device_opts(opts, tb)) { + goto err_exit; + } + + tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb); + if (tpm_pt->cancel_fd < 0) { + goto err_exit; + } + + return tb; + +err_exit: + g_free(tb->id); + + return NULL; +} + +static void tpm_passthrough_destroy(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + tpm_passthrough_cancel_cmd(tb); + + tpm_backend_thread_end(&tpm_pt->tbt); + + qemu_close(tpm_pt->tpm_fd); + qemu_close(tpm_pt->cancel_fd); + + g_free(tb->id); + g_free(tb->path); + g_free(tb->cancel_path); + g_free(tpm_pt->tpm_dev); +} + +static const TPMDriverOps tpm_passthrough_driver = { + .type = TPM_TYPE_PASSTHROUGH, + .desc = tpm_passthrough_create_desc, + .create = tpm_passthrough_create, + .destroy = tpm_passthrough_destroy, + .init = tpm_passthrough_init, + .startup_tpm = tpm_passthrough_startup_tpm, + .realloc_buffer = tpm_passthrough_realloc_buffer, + .reset = tpm_passthrough_reset, + .had_startup_error = tpm_passthrough_get_startup_error, + .deliver_request = tpm_passthrough_deliver_request, + .cancel_cmd = tpm_passthrough_cancel_cmd, + .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag, +}; + +static void tpm_passthrough_inst_init(Object *obj) +{ +} + +static void tpm_passthrough_inst_finalize(Object *obj) +{ +} + +static void tpm_passthrough_class_init(ObjectClass *klass, void *data) +{ + TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass); + + tbc->ops = &tpm_passthrough_driver; +} + +static const TypeInfo tpm_passthrough_info = { + .name = TYPE_TPM_PASSTHROUGH, + .parent = TYPE_TPM_BACKEND, + .instance_size = sizeof(TPMPassthruState), + .class_init = tpm_passthrough_class_init, + .instance_init = tpm_passthrough_inst_init, + .instance_finalize = tpm_passthrough_inst_finalize, +}; + +static void tpm_passthrough_register(void) +{ + type_register_static(&tpm_passthrough_info); + tpm_register_driver(&tpm_passthrough_driver); +} + +type_init(tpm_passthrough_register) diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c new file mode 100644 index 0000000000..faa3cecafe --- /dev/null +++ b/hw/tpm/tpm_tis.c @@ -0,0 +1,930 @@ +/* + * tpm_tis.c - QEMU's TPM TIS interface emulator + * + * Copyright (C) 2006,2010-2013 IBM Corporation + * + * Authors: + * Stefan Berger + * David Safford + * + * Xen 4 support: Andrease Niederl + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + * Implementation of the TIS interface according to specs found at + * http://www.trustedcomputinggroup.org. This implementation currently + * supports version 1.21, revision 1.0. + * In the developers menu choose the PC Client section then find the TIS + * specification. + */ + +#include "backends/tpm.h" +#include "tpm_int.h" +#include "block/block.h" +#include "exec/address-spaces.h" +#include "hw/hw.h" +#include "hw/i386/pc.h" +#include "hw/pci/pci_ids.h" +#include "tpm_tis.h" +#include "qemu-common.h" + +/*#define DEBUG_TIS */ + +#ifdef DEBUG_TIS +#define DPRINTF(fmt, ...) \ + do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) +#else +#define DPRINTF(fmt, ...) \ + do { } while (0) +#endif + +/* whether the STS interrupt is supported */ +#define RAISE_STS_IRQ + +/* tis registers */ +#define TPM_TIS_REG_ACCESS 0x00 +#define TPM_TIS_REG_INT_ENABLE 0x08 +#define TPM_TIS_REG_INT_VECTOR 0x0c +#define TPM_TIS_REG_INT_STATUS 0x10 +#define TPM_TIS_REG_INTF_CAPABILITY 0x14 +#define TPM_TIS_REG_STS 0x18 +#define TPM_TIS_REG_DATA_FIFO 0x24 +#define TPM_TIS_REG_DID_VID 0xf00 +#define TPM_TIS_REG_RID 0xf04 + +/* vendor-specific registers */ +#define TPM_TIS_REG_DEBUG 0xf90 + +#define TPM_TIS_STS_VALID (1 << 7) +#define TPM_TIS_STS_COMMAND_READY (1 << 6) +#define TPM_TIS_STS_TPM_GO (1 << 5) +#define TPM_TIS_STS_DATA_AVAILABLE (1 << 4) +#define TPM_TIS_STS_EXPECT (1 << 3) +#define TPM_TIS_STS_RESPONSE_RETRY (1 << 1) + +#define TPM_TIS_BURST_COUNT_SHIFT 8 +#define TPM_TIS_BURST_COUNT(X) \ + ((X) << TPM_TIS_BURST_COUNT_SHIFT) + +#define TPM_TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) +#define TPM_TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) +#define TPM_TIS_ACCESS_BEEN_SEIZED (1 << 4) +#define TPM_TIS_ACCESS_SEIZE (1 << 3) +#define TPM_TIS_ACCESS_PENDING_REQUEST (1 << 2) +#define TPM_TIS_ACCESS_REQUEST_USE (1 << 1) +#define TPM_TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) + +#define TPM_TIS_INT_ENABLED (1 << 31) +#define TPM_TIS_INT_DATA_AVAILABLE (1 << 0) +#define TPM_TIS_INT_STS_VALID (1 << 1) +#define TPM_TIS_INT_LOCALITY_CHANGED (1 << 2) +#define TPM_TIS_INT_COMMAND_READY (1 << 7) + +#define TPM_TIS_INT_POLARITY_MASK (3 << 3) +#define TPM_TIS_INT_POLARITY_LOW_LEVEL (1 << 3) + +#ifndef RAISE_STS_IRQ + +#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \ + TPM_TIS_INT_DATA_AVAILABLE | \ + TPM_TIS_INT_COMMAND_READY) + +#else + +#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \ + TPM_TIS_INT_DATA_AVAILABLE | \ + TPM_TIS_INT_STS_VALID | \ + TPM_TIS_INT_COMMAND_READY) + +#endif + +#define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */ +#define TPM_TIS_CAPABILITIES_SUPPORTED (TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \ + TPM_TIS_INTERRUPTS_SUPPORTED) + +#define TPM_TIS_TPM_DID 0x0001 +#define TPM_TIS_TPM_VID PCI_VENDOR_ID_IBM +#define TPM_TIS_TPM_RID 0x0001 + +#define TPM_TIS_NO_DATA_BYTE 0xff + +/* local prototypes */ + +static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr, + unsigned size); + +/* utility functions */ + +static uint8_t tpm_tis_locality_from_addr(hwaddr addr) +{ + return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7); +} + +static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb) +{ + return be32_to_cpu(*(uint32_t *)&sb->buffer[2]); +} + +static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string) +{ +#ifdef DEBUG_TIS + uint32_t len, i; + + len = tpm_tis_get_size_from_buffer(sb); + DPRINTF("tpm_tis: %s length = %d\n", string, len); + for (i = 0; i < len; i++) { + if (i && !(i % 16)) { + DPRINTF("\n"); + } + DPRINTF("%.2X ", sb->buffer[i]); + } + DPRINTF("\n"); +#endif +} + +/* + * Send a request to the TPM. + */ +static void tpm_tis_tpm_send(TPMState *s, uint8_t locty) +{ + TPMTISEmuState *tis = &s->s.tis; + + tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM"); + + s->locty_number = locty; + s->locty_data = &tis->loc[locty]; + + /* + * w_offset serves as length indicator for length of data; + * it's reset when the response comes back + */ + tis->loc[locty].state = TPM_TIS_STATE_EXECUTION; + + tpm_backend_deliver_request(s->be_driver); +} + +/* raise an interrupt if allowed */ +static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask) +{ + TPMTISEmuState *tis = &s->s.tis; + + if (!TPM_TIS_IS_VALID_LOCTY(locty)) { + return; + } + + if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) && + (tis->loc[locty].inte & irqmask)) { + DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask); + qemu_irq_raise(s->s.tis.irq); + tis->loc[locty].ints |= irqmask; + } +} + +static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty) +{ + uint8_t l; + + for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) { + if (l == locty) { + continue; + } + if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) { + return 1; + } + } + + return 0; +} + +static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty) +{ + TPMTISEmuState *tis = &s->s.tis; + bool change = (s->s.tis.active_locty != new_active_locty); + bool is_seize; + uint8_t mask; + + if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) { + is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) && + tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE; + + if (is_seize) { + mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY); + } else { + mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY| + TPM_TIS_ACCESS_REQUEST_USE); + } + /* reset flags on the old active locality */ + tis->loc[s->s.tis.active_locty].access &= mask; + + if (is_seize) { + tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED; + } + } + + tis->active_locty = new_active_locty; + + DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty); + + if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) { + /* set flags on the new active locality */ + tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY; + tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE | + TPM_TIS_ACCESS_SEIZE); + } + + if (change) { + tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED); + } +} + +/* abort -- this function switches the locality */ +static void tpm_tis_abort(TPMState *s, uint8_t locty) +{ + TPMTISEmuState *tis = &s->s.tis; + + tis->loc[locty].r_offset = 0; + tis->loc[locty].w_offset = 0; + + DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty); + + /* + * Need to react differently depending on who's aborting now and + * which locality will become active afterwards. + */ + if (tis->aborting_locty == tis->next_locty) { + tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY; + tis->loc[tis->aborting_locty].sts = TPM_TIS_STS_COMMAND_READY; + tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY); + } + + /* locality after abort is another one than the current one */ + tpm_tis_new_active_locality(s, tis->next_locty); + + tis->next_locty = TPM_TIS_NO_LOCALITY; + /* nobody's aborting a command anymore */ + tis->aborting_locty = TPM_TIS_NO_LOCALITY; +} + +/* prepare aborting current command */ +static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty) +{ + TPMTISEmuState *tis = &s->s.tis; + uint8_t busy_locty; + + tis->aborting_locty = locty; + tis->next_locty = newlocty; /* locality after successful abort */ + + /* + * only abort a command using an interrupt if currently executing + * a command AND if there's a valid connection to the vTPM. + */ + for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) { + if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) { + /* + * request the backend to cancel. Some backends may not + * support it + */ + tpm_backend_cancel_cmd(s->be_driver); + return; + } + } + + tpm_tis_abort(s, locty); +} + +static void tpm_tis_receive_bh(void *opaque) +{ + TPMState *s = opaque; + TPMTISEmuState *tis = &s->s.tis; + uint8_t locty = s->locty_number; + + tis->loc[locty].sts = TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE; + tis->loc[locty].state = TPM_TIS_STATE_COMPLETION; + tis->loc[locty].r_offset = 0; + tis->loc[locty].w_offset = 0; + + if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) { + tpm_tis_abort(s, locty); + } + +#ifndef RAISE_STS_IRQ + tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE); +#else + tpm_tis_raise_irq(s, locty, + TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID); +#endif +} + +/* + * Callback from the TPM to indicate that the response was received. + */ +static void tpm_tis_receive_cb(TPMState *s, uint8_t locty) +{ + TPMTISEmuState *tis = &s->s.tis; + + assert(s->locty_number == locty); + + qemu_bh_schedule(tis->bh); +} + +/* + * Read a byte of response data + */ +static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty) +{ + TPMTISEmuState *tis = &s->s.tis; + uint32_t ret = TPM_TIS_NO_DATA_BYTE; + uint16_t len; + + if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) { + len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer); + + ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++]; + if (tis->loc[locty].r_offset >= len) { + /* got last byte */ + tis->loc[locty].sts = TPM_TIS_STS_VALID; +#ifdef RAISE_STS_IRQ + tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID); +#endif + } + DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x [%d]\n", + ret, tis->loc[locty].r_offset-1); + } + + return ret; +} + +#ifdef DEBUG_TIS +static void tpm_tis_dump_state(void *opaque, hwaddr addr) +{ + static const unsigned regs[] = { + TPM_TIS_REG_ACCESS, + TPM_TIS_REG_INT_ENABLE, + TPM_TIS_REG_INT_VECTOR, + TPM_TIS_REG_INT_STATUS, + TPM_TIS_REG_INTF_CAPABILITY, + TPM_TIS_REG_STS, + TPM_TIS_REG_DID_VID, + TPM_TIS_REG_RID, + 0xfff}; + int idx; + uint8_t locty = tpm_tis_locality_from_addr(addr); + hwaddr base = addr & ~0xfff; + TPMState *s = opaque; + TPMTISEmuState *tis = &s->s.tis; + + DPRINTF("tpm_tis: active locality : %d\n" + "tpm_tis: state of locality %d : %d\n" + "tpm_tis: register dump:\n", + tis->active_locty, + locty, tis->loc[locty].state); + + for (idx = 0; regs[idx] != 0xfff; idx++) { + DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx], + (uint32_t)tpm_tis_mmio_read(opaque, base + regs[idx], 4)); + } + + DPRINTF("tpm_tis: read offset : %d\n" + "tpm_tis: result buffer : ", + tis->loc[locty].r_offset); + for (idx = 0; + idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer); + idx++) { + DPRINTF("%c%02x%s", + tis->loc[locty].r_offset == idx ? '>' : ' ', + tis->loc[locty].r_buffer.buffer[idx], + ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : ""); + } + DPRINTF("\n" + "tpm_tis: write offset : %d\n" + "tpm_tis: request buffer: ", + tis->loc[locty].w_offset); + for (idx = 0; + idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer); + idx++) { + DPRINTF("%c%02x%s", + tis->loc[locty].w_offset == idx ? '>' : ' ', + tis->loc[locty].w_buffer.buffer[idx], + ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : ""); + } + DPRINTF("\n"); +} +#endif + +/* + * Read a register of the TIS interface + * See specs pages 33-63 for description of the registers + */ +static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr, + unsigned size) +{ + TPMState *s = opaque; + TPMTISEmuState *tis = &s->s.tis; + uint16_t offset = addr & 0xffc; + uint8_t shift = (addr & 0x3) * 8; + uint32_t val = 0xffffffff; + uint8_t locty = tpm_tis_locality_from_addr(addr); + uint32_t avail; + + if (tpm_backend_had_startup_error(s->be_driver)) { + return val; + } + + switch (offset) { + case TPM_TIS_REG_ACCESS: + /* never show the SEIZE flag even though we use it internally */ + val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE; + /* the pending flag is always calculated */ + if (tpm_tis_check_request_use_except(s, locty)) { + val |= TPM_TIS_ACCESS_PENDING_REQUEST; + } + val |= !tpm_backend_get_tpm_established_flag(s->be_driver); + break; + case TPM_TIS_REG_INT_ENABLE: + val = tis->loc[locty].inte; + break; + case TPM_TIS_REG_INT_VECTOR: + val = tis->irq_num; + break; + case TPM_TIS_REG_INT_STATUS: + val = tis->loc[locty].ints; + break; + case TPM_TIS_REG_INTF_CAPABILITY: + val = TPM_TIS_CAPABILITIES_SUPPORTED; + break; + case TPM_TIS_REG_STS: + if (tis->active_locty == locty) { + if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) { + val = TPM_TIS_BURST_COUNT( + tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer) + - tis->loc[locty].r_offset) | tis->loc[locty].sts; + } else { + avail = tis->loc[locty].w_buffer.size + - tis->loc[locty].w_offset; + /* + * byte-sized reads should not return 0x00 for 0x100 + * available bytes. + */ + if (size == 1 && avail > 0xff) { + avail = 0xff; + } + val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts; + } + } + break; + case TPM_TIS_REG_DATA_FIFO: + if (tis->active_locty == locty) { + switch (tis->loc[locty].state) { + case TPM_TIS_STATE_COMPLETION: + val = tpm_tis_data_read(s, locty); + break; + default: + val = TPM_TIS_NO_DATA_BYTE; + break; + } + } + break; + case TPM_TIS_REG_DID_VID: + val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID; + break; + case TPM_TIS_REG_RID: + val = TPM_TIS_TPM_RID; + break; +#ifdef DEBUG_TIS + case TPM_TIS_REG_DEBUG: + tpm_tis_dump_state(opaque, addr); + break; +#endif + } + + if (shift) { + val >>= shift; + } + + DPRINTF("tpm_tis: read.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val); + + return val; +} + +/* + * Write a value to a register of the TIS interface + * See specs pages 33-63 for description of the registers + */ +static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr, + uint64_t val, unsigned size, + bool hw_access) +{ + TPMState *s = opaque; + TPMTISEmuState *tis = &s->s.tis; + uint16_t off = addr & 0xfff; + uint8_t locty = tpm_tis_locality_from_addr(addr); + uint8_t active_locty, l; + int c, set_new_locty = 1; + uint16_t len; + + DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val); + + if (locty == 4 && !hw_access) { + DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n"); + return; + } + + if (tpm_backend_had_startup_error(s->be_driver)) { + return; + } + + switch (off) { + case TPM_TIS_REG_ACCESS: + + if ((val & TPM_TIS_ACCESS_SEIZE)) { + val &= ~(TPM_TIS_ACCESS_REQUEST_USE | + TPM_TIS_ACCESS_ACTIVE_LOCALITY); + } + + active_locty = tis->active_locty; + + if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) { + /* give up locality if currently owned */ + if (tis->active_locty == locty) { + DPRINTF("tpm_tis: Releasing locality %d\n", locty); + + uint8_t newlocty = TPM_TIS_NO_LOCALITY; + /* anybody wants the locality ? */ + for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) { + if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) { + DPRINTF("tpm_tis: Locality %d requests use.\n", c); + newlocty = c; + break; + } + } + DPRINTF("tpm_tis: TPM_TIS_ACCESS_ACTIVE_LOCALITY: " + "Next active locality: %d\n", + newlocty); + + if (TPM_TIS_IS_VALID_LOCTY(newlocty)) { + set_new_locty = 0; + tpm_tis_prep_abort(s, locty, newlocty); + } else { + active_locty = TPM_TIS_NO_LOCALITY; + } + } else { + /* not currently the owner; clear a pending request */ + tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE; + } + } + + if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) { + tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED; + } + + if ((val & TPM_TIS_ACCESS_SEIZE)) { + /* + * allow seize if a locality is active and the requesting + * locality is higher than the one that's active + * OR + * allow seize for requesting locality if no locality is + * active + */ + while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) && + locty > tis->active_locty) || + !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) { + bool higher_seize = FALSE; + + /* already a pending SEIZE ? */ + if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) { + break; + } + + /* check for ongoing seize by a higher locality */ + for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) { + if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) { + higher_seize = TRUE; + break; + } + } + + if (higher_seize) { + break; + } + + /* cancel any seize by a lower locality */ + for (l = 0; l < locty - 1; l++) { + tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE; + } + + tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE; + DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: " + "Locality %d seized from locality %d\n", + locty, tis->active_locty); + DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n"); + set_new_locty = 0; + tpm_tis_prep_abort(s, tis->active_locty, locty); + break; + } + } + + if ((val & TPM_TIS_ACCESS_REQUEST_USE)) { + if (tis->active_locty != locty) { + if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) { + tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE; + } else { + /* no locality active -> make this one active now */ + active_locty = locty; + } + } + } + + if (set_new_locty) { + tpm_tis_new_active_locality(s, active_locty); + } + + break; + case TPM_TIS_REG_INT_ENABLE: + if (tis->active_locty != locty) { + break; + } + + tis->loc[locty].inte = (val & (TPM_TIS_INT_ENABLED | + TPM_TIS_INT_POLARITY_MASK | + TPM_TIS_INTERRUPTS_SUPPORTED)); + break; + case TPM_TIS_REG_INT_VECTOR: + /* hard wired -- ignore */ + break; + case TPM_TIS_REG_INT_STATUS: + if (tis->active_locty != locty) { + break; + } + + /* clearing of interrupt flags */ + if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) && + (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) { + tis->loc[locty].ints &= ~val; + if (tis->loc[locty].ints == 0) { + qemu_irq_lower(tis->irq); + DPRINTF("tpm_tis: Lowering IRQ\n"); + } + } + tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED); + break; + case TPM_TIS_REG_STS: + if (tis->active_locty != locty) { + break; + } + + val &= (TPM_TIS_STS_COMMAND_READY | TPM_TIS_STS_TPM_GO | + TPM_TIS_STS_RESPONSE_RETRY); + + if (val == TPM_TIS_STS_COMMAND_READY) { + switch (tis->loc[locty].state) { + + case TPM_TIS_STATE_READY: + tis->loc[locty].w_offset = 0; + tis->loc[locty].r_offset = 0; + break; + + case TPM_TIS_STATE_IDLE: + tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY; + tis->loc[locty].state = TPM_TIS_STATE_READY; + tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY); + break; + + case TPM_TIS_STATE_EXECUTION: + case TPM_TIS_STATE_RECEPTION: + /* abort currently running command */ + DPRINTF("tpm_tis: %s: Initiating abort.\n", + __func__); + tpm_tis_prep_abort(s, locty, locty); + break; + + case TPM_TIS_STATE_COMPLETION: + tis->loc[locty].w_offset = 0; + tis->loc[locty].r_offset = 0; + /* shortcut to ready state with C/R set */ + tis->loc[locty].state = TPM_TIS_STATE_READY; + if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) { + tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY; + tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY); + } + tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE); + break; + + } + } else if (val == TPM_TIS_STS_TPM_GO) { + switch (tis->loc[locty].state) { + case TPM_TIS_STATE_RECEPTION: + if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) { + tpm_tis_tpm_send(s, locty); + } + break; + default: + /* ignore */ + break; + } + } else if (val == TPM_TIS_STS_RESPONSE_RETRY) { + switch (tis->loc[locty].state) { + case TPM_TIS_STATE_COMPLETION: + tis->loc[locty].r_offset = 0; + tis->loc[locty].sts = TPM_TIS_STS_VALID | + TPM_TIS_STS_DATA_AVAILABLE; + break; + default: + /* ignore */ + break; + } + } + break; + case TPM_TIS_REG_DATA_FIFO: + /* data fifo */ + if (tis->active_locty != locty) { + break; + } + + if (tis->loc[locty].state == TPM_TIS_STATE_IDLE || + tis->loc[locty].state == TPM_TIS_STATE_EXECUTION || + tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) { + /* drop the byte */ + } else { + DPRINTF("tpm_tis: Byte to send to TPM: %02x\n", (uint8_t)val); + if (tis->loc[locty].state == TPM_TIS_STATE_READY) { + tis->loc[locty].state = TPM_TIS_STATE_RECEPTION; + tis->loc[locty].sts = TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID; + } + + if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) { + if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) { + tis->loc[locty].w_buffer. + buffer[tis->loc[locty].w_offset++] = (uint8_t)val; + } else { + tis->loc[locty].sts = TPM_TIS_STS_VALID; + } + } + + /* check for complete packet */ + if (tis->loc[locty].w_offset > 5 && + (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) { + /* we have a packet length - see if we have all of it */ +#ifdef RAISE_STS_IRQ + bool needIrq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID); +#endif + len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer); + if (len > tis->loc[locty].w_offset) { + tis->loc[locty].sts = TPM_TIS_STS_EXPECT | + TPM_TIS_STS_VALID; + } else { + /* packet complete */ + tis->loc[locty].sts = TPM_TIS_STS_VALID; + } +#ifdef RAISE_STS_IRQ + if (needIrq) { + tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID); + } +#endif + } + } + break; + } +} + +static void tpm_tis_mmio_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + return tpm_tis_mmio_write_intern(opaque, addr, val, size, false); +} + +static const MemoryRegionOps tpm_tis_memory_ops = { + .read = tpm_tis_mmio_read, + .write = tpm_tis_mmio_write, + .endianness = DEVICE_LITTLE_ENDIAN, + .valid = { + .min_access_size = 1, + .max_access_size = 4, + }, +}; + +static int tpm_tis_do_startup_tpm(TPMState *s) +{ + return tpm_backend_startup_tpm(s->be_driver); +} + +/* + * This function is called when the machine starts, resets or due to + * S3 resume. + */ +static void tpm_tis_reset(DeviceState *dev) +{ + TPMState *s = TPM(dev); + TPMTISEmuState *tis = &s->s.tis; + int c; + + tpm_backend_reset(s->be_driver); + + tis->active_locty = TPM_TIS_NO_LOCALITY; + tis->next_locty = TPM_TIS_NO_LOCALITY; + tis->aborting_locty = TPM_TIS_NO_LOCALITY; + + for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) { + tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS; + tis->loc[c].sts = 0; + tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL; + tis->loc[c].ints = 0; + tis->loc[c].state = TPM_TIS_STATE_IDLE; + + tis->loc[c].w_offset = 0; + tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].w_buffer); + tis->loc[c].r_offset = 0; + tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].r_buffer); + } + + tpm_tis_do_startup_tpm(s); +} + +static const VMStateDescription vmstate_tpm_tis = { + .name = "tpm", + .unmigratable = 1, +}; + +static Property tpm_tis_properties[] = { + DEFINE_PROP_UINT32("irq", TPMState, + s.tis.irq_num, TPM_TIS_IRQ), + DEFINE_PROP_STRING("tpmdev", TPMState, backend), + DEFINE_PROP_END_OF_LIST(), +}; + +static void tpm_tis_realizefn(DeviceState *dev, Error **errp) +{ + TPMState *s = TPM(dev); + TPMTISEmuState *tis = &s->s.tis; + + s->be_driver = qemu_find_tpm(s->backend); + if (!s->be_driver) { + error_setg(errp, "tpm_tis: backend driver with id %s could not be " + "found", s->backend); + return; + } + + s->be_driver->fe_model = TPM_MODEL_TPM_TIS; + + if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) { + error_setg(errp, "tpm_tis: backend driver with id %s could not be " + "initialized", s->backend); + return; + } + + if (tis->irq_num > 15) { + error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range " + "of 0 to 15.\n", tis->irq_num); + return; + } + + tis->bh = qemu_bh_new(tpm_tis_receive_bh, s); + + isa_init_irq(&s->busdev, &tis->irq, tis->irq_num); +} + +static void tpm_tis_initfn(Object *obj) +{ + ISADevice *dev = ISA_DEVICE(obj); + TPMState *s = TPM(obj); + + memory_region_init_io(&s->mmio, &tpm_tis_memory_ops, s, "tpm-tis-mmio", + TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT); + memory_region_add_subregion(isa_address_space(dev), TPM_TIS_ADDR_BASE, + &s->mmio); +} + +static void tpm_tis_uninitfn(Object *obj) +{ + TPMState *s = TPM(obj); + + memory_region_del_subregion(get_system_memory(), &s->mmio); + memory_region_destroy(&s->mmio); +} + +static void tpm_tis_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = tpm_tis_realizefn; + dc->props = tpm_tis_properties; + dc->reset = tpm_tis_reset; + dc->vmsd = &vmstate_tpm_tis; +} + +static const TypeInfo tpm_tis_info = { + .name = TYPE_TPM_TIS, + .parent = TYPE_ISA_DEVICE, + .instance_size = sizeof(TPMState), + .instance_init = tpm_tis_initfn, + .instance_finalize = tpm_tis_uninitfn, + .class_init = tpm_tis_class_init, +}; + +static void tpm_tis_register(void) +{ + type_register_static(&tpm_tis_info); + tpm_register_model(TPM_MODEL_TPM_TIS); +} + +type_init(tpm_tis_register) diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h new file mode 100644 index 0000000000..916152ae3e --- /dev/null +++ b/hw/tpm/tpm_tis.h @@ -0,0 +1,75 @@ +/* + * tpm_tis.h - QEMU's TPM TIS interface emulator + * + * Copyright (C) 2006, 2010-2013 IBM Corporation + * + * Authors: + * Stefan Berger + * David Safford + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + * Implementation of the TIS interface according to specs found at + * http://www.trustedcomputinggroup.org + * + */ +#ifndef TPM_TPM_TIS_H +#define TPM_TPM_TIS_H + +#include "hw/isa/isa.h" +#include "qemu-common.h" + +#define TPM_TIS_ADDR_BASE 0xFED40000 + +#define TPM_TIS_NUM_LOCALITIES 5 /* per spec */ +#define TPM_TIS_LOCALITY_SHIFT 12 +#define TPM_TIS_NO_LOCALITY 0xff + +#define TPM_TIS_IS_VALID_LOCTY(x) ((x) < TPM_TIS_NUM_LOCALITIES) + +#define TPM_TIS_IRQ 5 + +#define TPM_TIS_BUFFER_MAX 4096 + +#define TYPE_TPM_TIS "tpm-tis" + + +typedef enum { + TPM_TIS_STATE_IDLE = 0, + TPM_TIS_STATE_READY, + TPM_TIS_STATE_COMPLETION, + TPM_TIS_STATE_EXECUTION, + TPM_TIS_STATE_RECEPTION, +} TPMTISState; + +/* locality data -- all fields are persisted */ +typedef struct TPMLocality { + TPMTISState state; + uint8_t access; + uint8_t sts; + uint32_t inte; + uint32_t ints; + + uint16_t w_offset; + uint16_t r_offset; + TPMSizedBuffer w_buffer; + TPMSizedBuffer r_buffer; +} TPMLocality; + +typedef struct TPMTISEmuState { + QEMUBH *bh; + uint32_t offset; + uint8_t buf[TPM_TIS_BUFFER_MAX]; + + uint8_t active_locty; + uint8_t aborting_locty; + uint8_t next_locty; + + TPMLocality loc[TPM_TIS_NUM_LOCALITIES]; + + qemu_irq irq; + uint32_t irq_num; +} TPMTISEmuState; + +#endif /* TPM_TPM_TIS_H */ diff --git a/include/backends/tpm.h b/include/backends/tpm.h index 9e93cc5060..466787453d 100644 --- a/include/backends/tpm.h +++ b/include/backends/tpm.h @@ -18,7 +18,7 @@ #include "qapi/error.h" #include "qapi-types.h" #include "qemu/option.h" -#include "tpm/tpm.h" +#include "sysemu/tpm.h" #define TYPE_TPM_BACKEND "tpm-backend" #define TPM_BACKEND(obj) \ @@ -56,6 +56,39 @@ struct TPMBackend { QLIST_ENTRY(TPMBackend) list; }; +typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty); + +typedef struct TPMSizedBuffer { + uint32_t size; + uint8_t *buffer; +} TPMSizedBuffer; + +struct TPMDriverOps { + enum TpmType type; + /* get a descriptive text of the backend to display to the user */ + const char *(*desc)(void); + + TPMBackend *(*create)(QemuOpts *opts, const char *id); + void (*destroy)(TPMBackend *t); + + /* initialize the backend */ + int (*init)(TPMBackend *t, TPMState *s, TPMRecvDataCB *datacb); + /* start up the TPM on the backend */ + int (*startup_tpm)(TPMBackend *t); + /* returns true if nothing will ever answer TPM requests */ + bool (*had_startup_error)(TPMBackend *t); + + size_t (*realloc_buffer)(TPMSizedBuffer *sb); + + void (*deliver_request)(TPMBackend *t); + + void (*reset)(TPMBackend *t); + + void (*cancel_cmd)(TPMBackend *t); + + bool (*get_tpm_established_flag)(TPMBackend *t); +}; + /** * tpm_backend_get_type: @@ -167,4 +200,10 @@ bool tpm_backend_get_tpm_established_flag(TPMBackend *s); */ void tpm_backend_open(TPMBackend *s, Error **errp); +TPMBackend *qemu_find_tpm(const char *id); + +const TPMDriverOps *tpm_get_backend_driver(const char *type); +int tpm_register_model(enum TpmModel model); +int tpm_register_driver(const TPMDriverOps *tdo); + #endif diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h new file mode 100644 index 0000000000..13febddbee --- /dev/null +++ b/include/sysemu/tpm.h @@ -0,0 +1,23 @@ +/* + * Public TPM functions + * + * Copyright (C) 2011-2013 IBM Corporation + * + * Authors: + * Stefan Berger + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef QEMU_TPM_H +#define QEMU_TPM_H + +#include "qemu/option.h" + +typedef struct TPMState TPMState; + +int tpm_config_parse(QemuOptsList *opts_list, const char *optarg); +int tpm_init(void); +void tpm_cleanup(void); + +#endif /* QEMU_TPM_H */ diff --git a/include/sysemu/tpm_backend_int.h b/include/sysemu/tpm_backend_int.h new file mode 100644 index 0000000000..05d94d0f5b --- /dev/null +++ b/include/sysemu/tpm_backend_int.h @@ -0,0 +1,45 @@ +/* + * common TPM backend driver functions + * + * Copyright (c) 2012-2013 IBM Corporation + * Authors: + * Stefan Berger + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see + */ + +#ifndef TPM_TPM_BACKEND_H +#define TPM_TPM_BACKEND_H + +#include + +typedef struct TPMBackendThread { + GThreadPool *pool; +} TPMBackendThread; + +void tpm_backend_thread_deliver_request(TPMBackendThread *tbt); +void tpm_backend_thread_create(TPMBackendThread *tbt, + GFunc func, gpointer user_data); +void tpm_backend_thread_end(TPMBackendThread *tbt); +void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, + GFunc func, gpointer user_data); + +typedef enum TPMBackendCmd { + TPM_BACKEND_CMD_INIT = 1, + TPM_BACKEND_CMD_PROCESS_CMD, + TPM_BACKEND_CMD_END, + TPM_BACKEND_CMD_TPM_RESET, +} TPMBackendCmd; + +#endif /* TPM_TPM_BACKEND_H */ diff --git a/include/tpm/tpm.h b/include/tpm/tpm.h deleted file mode 100644 index 2d457c4439..0000000000 --- a/include/tpm/tpm.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Public TPM functions - * - * Copyright (C) 2011-2013 IBM Corporation - * - * Authors: - * Stefan Berger - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - */ -#ifndef QEMU_TPM_H -#define QEMU_TPM_H - -#include "qemu/option.h" - -typedef struct TPMState TPMState; -typedef struct TPMSizedBuffer TPMSizedBuffer; -typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty); - -int tpm_config_parse(QemuOptsList *opts_list, const char *optarg); -int tpm_init(void); -void tpm_cleanup(void); - -#endif /* QEMU_TPM_H */ diff --git a/monitor.c b/monitor.c index c897e8033f..e605822445 100644 --- a/monitor.c +++ b/monitor.c @@ -47,7 +47,7 @@ #include "migration/migration.h" #include "sysemu/kvm.h" #include "qemu/acl.h" -#include "tpm/tpm.h" +#include "sysemu/tpm.h" #include "qapi/qmp/qint.h" #include "qapi/qmp/qfloat.h" #include "qapi/qmp/qlist.h" diff --git a/tpm.c b/tpm.c new file mode 100644 index 0000000000..1e943148d2 --- /dev/null +++ b/tpm.c @@ -0,0 +1,350 @@ +/* + * TPM configuration + * + * Copyright (C) 2011-2013 IBM Corporation + * + * Authors: + * Stefan Berger + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + * Based on net.c + */ +#include "config-host.h" + +#include "monitor/monitor.h" +#include "qapi/qmp/qerror.h" +#include "backends/tpm.h" +#include "sysemu/tpm.h" +#include "qemu/config-file.h" +#include "qmp-commands.h" + +static QLIST_HEAD(, TPMBackend) tpm_backends = + QLIST_HEAD_INITIALIZER(tpm_backends); + + +#define TPM_MAX_MODELS 1 +#define TPM_MAX_DRIVERS 1 + +static TPMDriverOps const *be_drivers[TPM_MAX_DRIVERS] = { + NULL, +}; + +static enum TpmModel tpm_models[TPM_MAX_MODELS] = { + -1, +}; + +int tpm_register_model(enum TpmModel model) +{ + int i; + + for (i = 0; i < TPM_MAX_MODELS; i++) { + if (tpm_models[i] == -1) { + tpm_models[i] = model; + return 0; + } + } + error_report("Could not register TPM model"); + return 1; +} + +static bool tpm_model_is_registered(enum TpmModel model) +{ + int i; + + for (i = 0; i < TPM_MAX_MODELS; i++) { + if (tpm_models[i] == model) { + return true; + } + } + return false; +} + +const TPMDriverOps *tpm_get_backend_driver(const char *type) +{ + int i; + + for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { + if (!strcmp(TpmType_lookup[be_drivers[i]->type], type)) { + return be_drivers[i]; + } + } + + return NULL; +} + +#ifdef CONFIG_TPM + +int tpm_register_driver(const TPMDriverOps *tdo) +{ + int i; + + for (i = 0; i < TPM_MAX_DRIVERS; i++) { + if (!be_drivers[i]) { + be_drivers[i] = tdo; + return 0; + } + } + error_report("Could not register TPM driver"); + return 1; +} + +/* + * Walk the list of available TPM backend drivers and display them on the + * screen. + */ +static void tpm_display_backend_drivers(void) +{ + int i; + + fprintf(stderr, "Supported TPM types (choose only one):\n"); + + for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { + fprintf(stderr, "%12s %s\n", + TpmType_lookup[be_drivers[i]->type], be_drivers[i]->desc()); + } + fprintf(stderr, "\n"); +} + +/* + * Find the TPM with the given Id + */ +TPMBackend *qemu_find_tpm(const char *id) +{ + TPMBackend *drv; + + if (id) { + QLIST_FOREACH(drv, &tpm_backends, list) { + if (!strcmp(drv->id, id)) { + return drv; + } + } + } + + return NULL; +} + +static int configure_tpm(QemuOpts *opts) +{ + const char *value; + const char *id; + const TPMDriverOps *be; + TPMBackend *drv; + Error *local_err = NULL; + + if (!QLIST_EMPTY(&tpm_backends)) { + error_report("Only one TPM is allowed.\n"); + return 1; + } + + id = qemu_opts_id(opts); + if (id == NULL) { + qerror_report(QERR_MISSING_PARAMETER, "id"); + return 1; + } + + value = qemu_opt_get(opts, "type"); + if (!value) { + qerror_report(QERR_MISSING_PARAMETER, "type"); + tpm_display_backend_drivers(); + return 1; + } + + be = tpm_get_backend_driver(value); + if (be == NULL) { + qerror_report(QERR_INVALID_PARAMETER_VALUE, "type", + "a TPM backend type"); + tpm_display_backend_drivers(); + return 1; + } + + drv = be->create(opts, id); + if (!drv) { + return 1; + } + + tpm_backend_open(drv, &local_err); + if (local_err) { + qerror_report_err(local_err); + error_free(local_err); + return 1; + } + + QLIST_INSERT_HEAD(&tpm_backends, drv, list); + + return 0; +} + +static int tpm_init_tpmdev(QemuOpts *opts, void *dummy) +{ + return configure_tpm(opts); +} + +/* + * Walk the list of TPM backend drivers that are in use and call their + * destroy function to have them cleaned up. + */ +void tpm_cleanup(void) +{ + TPMBackend *drv, *next; + + QLIST_FOREACH_SAFE(drv, &tpm_backends, list, next) { + QLIST_REMOVE(drv, list); + tpm_backend_destroy(drv); + } +} + +/* + * Initialize the TPM. Process the tpmdev command line options describing the + * TPM backend. + */ +int tpm_init(void) +{ + if (qemu_opts_foreach(qemu_find_opts("tpmdev"), + tpm_init_tpmdev, NULL, 1) != 0) { + return -1; + } + + atexit(tpm_cleanup); + + return 0; +} + +/* + * Parse the TPM configuration options. + * To display all available TPM backends the user may use '-tpmdev help' + */ +int tpm_config_parse(QemuOptsList *opts_list, const char *optarg) +{ + QemuOpts *opts; + + if (!strcmp(optarg, "help")) { + tpm_display_backend_drivers(); + return -1; + } + opts = qemu_opts_parse(opts_list, optarg, 1); + if (!opts) { + return -1; + } + return 0; +} + +#endif /* CONFIG_TPM */ + +static const TPMDriverOps *tpm_driver_find_by_type(enum TpmType type) +{ + int i; + + for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { + if (be_drivers[i]->type == type) { + return be_drivers[i]; + } + } + return NULL; +} + +static TPMInfo *qmp_query_tpm_inst(TPMBackend *drv) +{ + TPMInfo *res = g_new0(TPMInfo, 1); + TPMPassthroughOptions *tpo; + + res->id = g_strdup(drv->id); + res->model = drv->fe_model; + res->options = g_new0(TpmTypeOptions, 1); + + switch (drv->ops->type) { + case TPM_TYPE_PASSTHROUGH: + res->options->kind = TPM_TYPE_OPTIONS_KIND_PASSTHROUGH; + tpo = g_new0(TPMPassthroughOptions, 1); + res->options->passthrough = tpo; + if (drv->path) { + tpo->path = g_strdup(drv->path); + tpo->has_path = true; + } + if (drv->cancel_path) { + tpo->cancel_path = g_strdup(drv->cancel_path); + tpo->has_cancel_path = true; + } + break; + case TPM_TYPE_MAX: + break; + } + + return res; +} + +/* + * Walk the list of active TPM backends and collect information about them + * following the schema description in qapi-schema.json. + */ +TPMInfoList *qmp_query_tpm(Error **errp) +{ + TPMBackend *drv; + TPMInfoList *info, *head = NULL, *cur_item = NULL; + + QLIST_FOREACH(drv, &tpm_backends, list) { + if (!tpm_model_is_registered(drv->fe_model)) { + continue; + } + info = g_new0(TPMInfoList, 1); + info->value = qmp_query_tpm_inst(drv); + + if (!cur_item) { + head = cur_item = info; + } else { + cur_item->next = info; + cur_item = info; + } + } + + return head; +} + +TpmTypeList *qmp_query_tpm_types(Error **errp) +{ + unsigned int i = 0; + TpmTypeList *head = NULL, *prev = NULL, *cur_item; + + for (i = 0; i < TPM_TYPE_MAX; i++) { + if (!tpm_driver_find_by_type(i)) { + continue; + } + cur_item = g_new0(TpmTypeList, 1); + cur_item->value = i; + + if (prev) { + prev->next = cur_item; + } + if (!head) { + head = cur_item; + } + prev = cur_item; + } + + return head; +} + +TpmModelList *qmp_query_tpm_models(Error **errp) +{ + unsigned int i = 0; + TpmModelList *head = NULL, *prev = NULL, *cur_item; + + for (i = 0; i < TPM_MODEL_MAX; i++) { + if (!tpm_model_is_registered(i)) { + continue; + } + cur_item = g_new0(TpmModelList, 1); + cur_item->value = i; + + if (prev) { + prev->next = cur_item; + } + if (!head) { + head = cur_item; + } + prev = cur_item; + } + + return head; +} diff --git a/tpm/Makefile.objs b/tpm/Makefile.objs deleted file mode 100644 index 366e4a7128..0000000000 --- a/tpm/Makefile.objs +++ /dev/null @@ -1,4 +0,0 @@ -common-obj-y = tpm.o -common-obj-$(CONFIG_TPM) += tpm_backend.o -common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o -common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o diff --git a/tpm/tpm.c b/tpm/tpm.c deleted file mode 100644 index 1f4ac8da00..0000000000 --- a/tpm/tpm.c +++ /dev/null @@ -1,365 +0,0 @@ -/* - * TPM configuration - * - * Copyright (C) 2011-2013 IBM Corporation - * - * Authors: - * Stefan Berger - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - * Based on net.c - */ -#include "config-host.h" - -#include "monitor/monitor.h" -#include "qapi/qmp/qerror.h" -#include "backends/tpm.h" -#include "tpm_int.h" -#include "tpm/tpm.h" -#include "qemu/config-file.h" -#include "qmp-commands.h" - -static QLIST_HEAD(, TPMBackend) tpm_backends = - QLIST_HEAD_INITIALIZER(tpm_backends); - - -#define TPM_MAX_MODELS 1 -#define TPM_MAX_DRIVERS 1 - -static TPMDriverOps const *be_drivers[TPM_MAX_DRIVERS] = { - NULL, -}; - -static enum TpmModel tpm_models[TPM_MAX_MODELS] = { - -1, -}; - -int tpm_register_model(enum TpmModel model) -{ - int i; - - for (i = 0; i < TPM_MAX_MODELS; i++) { - if (tpm_models[i] == -1) { - tpm_models[i] = model; - return 0; - } - } - error_report("Could not register TPM model"); - return 1; -} - -static bool tpm_model_is_registered(enum TpmModel model) -{ - int i; - - for (i = 0; i < TPM_MAX_MODELS; i++) { - if (tpm_models[i] == model) { - return true; - } - } - return false; -} - -/* - * Write an error message in the given output buffer. - */ -void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len) -{ - if (out_len >= sizeof(struct tpm_resp_hdr)) { - struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; - - resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); - resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); - resp->errcode = cpu_to_be32(TPM_FAIL); - } -} - -const TPMDriverOps *tpm_get_backend_driver(const char *type) -{ - int i; - - for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { - if (!strcmp(TpmType_lookup[be_drivers[i]->type], type)) { - return be_drivers[i]; - } - } - - return NULL; -} - -#ifdef CONFIG_TPM - -int tpm_register_driver(const TPMDriverOps *tdo) -{ - int i; - - for (i = 0; i < TPM_MAX_DRIVERS; i++) { - if (!be_drivers[i]) { - be_drivers[i] = tdo; - return 0; - } - } - error_report("Could not register TPM driver"); - return 1; -} - -/* - * Walk the list of available TPM backend drivers and display them on the - * screen. - */ -void tpm_display_backend_drivers(void) -{ - int i; - - fprintf(stderr, "Supported TPM types (choose only one):\n"); - - for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { - fprintf(stderr, "%12s %s\n", - TpmType_lookup[be_drivers[i]->type], be_drivers[i]->desc()); - } - fprintf(stderr, "\n"); -} - -/* - * Find the TPM with the given Id - */ -TPMBackend *qemu_find_tpm(const char *id) -{ - TPMBackend *drv; - - if (id) { - QLIST_FOREACH(drv, &tpm_backends, list) { - if (!strcmp(drv->id, id)) { - return drv; - } - } - } - - return NULL; -} - -static int configure_tpm(QemuOpts *opts) -{ - const char *value; - const char *id; - const TPMDriverOps *be; - TPMBackend *drv; - Error *local_err = NULL; - - if (!QLIST_EMPTY(&tpm_backends)) { - error_report("Only one TPM is allowed.\n"); - return 1; - } - - id = qemu_opts_id(opts); - if (id == NULL) { - qerror_report(QERR_MISSING_PARAMETER, "id"); - return 1; - } - - value = qemu_opt_get(opts, "type"); - if (!value) { - qerror_report(QERR_MISSING_PARAMETER, "type"); - tpm_display_backend_drivers(); - return 1; - } - - be = tpm_get_backend_driver(value); - if (be == NULL) { - qerror_report(QERR_INVALID_PARAMETER_VALUE, "type", - "a TPM backend type"); - tpm_display_backend_drivers(); - return 1; - } - - drv = be->create(opts, id); - if (!drv) { - return 1; - } - - tpm_backend_open(drv, &local_err); - if (local_err) { - qerror_report_err(local_err); - error_free(local_err); - return 1; - } - - QLIST_INSERT_HEAD(&tpm_backends, drv, list); - - return 0; -} - -static int tpm_init_tpmdev(QemuOpts *opts, void *dummy) -{ - return configure_tpm(opts); -} - -/* - * Walk the list of TPM backend drivers that are in use and call their - * destroy function to have them cleaned up. - */ -void tpm_cleanup(void) -{ - TPMBackend *drv, *next; - - QLIST_FOREACH_SAFE(drv, &tpm_backends, list, next) { - QLIST_REMOVE(drv, list); - tpm_backend_destroy(drv); - } -} - -/* - * Initialize the TPM. Process the tpmdev command line options describing the - * TPM backend. - */ -int tpm_init(void) -{ - if (qemu_opts_foreach(qemu_find_opts("tpmdev"), - tpm_init_tpmdev, NULL, 1) != 0) { - return -1; - } - - atexit(tpm_cleanup); - - return 0; -} - -/* - * Parse the TPM configuration options. - * To display all available TPM backends the user may use '-tpmdev help' - */ -int tpm_config_parse(QemuOptsList *opts_list, const char *optarg) -{ - QemuOpts *opts; - - if (!strcmp(optarg, "help")) { - tpm_display_backend_drivers(); - return -1; - } - opts = qemu_opts_parse(opts_list, optarg, 1); - if (!opts) { - return -1; - } - return 0; -} - -#endif /* CONFIG_TPM */ - -static const TPMDriverOps *tpm_driver_find_by_type(enum TpmType type) -{ - int i; - - for (i = 0; i < TPM_MAX_DRIVERS && be_drivers[i] != NULL; i++) { - if (be_drivers[i]->type == type) { - return be_drivers[i]; - } - } - return NULL; -} - -static TPMInfo *qmp_query_tpm_inst(TPMBackend *drv) -{ - TPMInfo *res = g_new0(TPMInfo, 1); - TPMPassthroughOptions *tpo; - - res->id = g_strdup(drv->id); - res->model = drv->fe_model; - res->options = g_new0(TpmTypeOptions, 1); - - switch (drv->ops->type) { - case TPM_TYPE_PASSTHROUGH: - res->options->kind = TPM_TYPE_OPTIONS_KIND_PASSTHROUGH; - tpo = g_new0(TPMPassthroughOptions, 1); - res->options->passthrough = tpo; - if (drv->path) { - tpo->path = g_strdup(drv->path); - tpo->has_path = true; - } - if (drv->cancel_path) { - tpo->cancel_path = g_strdup(drv->cancel_path); - tpo->has_cancel_path = true; - } - break; - case TPM_TYPE_MAX: - break; - } - - return res; -} - -/* - * Walk the list of active TPM backends and collect information about them - * following the schema description in qapi-schema.json. - */ -TPMInfoList *qmp_query_tpm(Error **errp) -{ - TPMBackend *drv; - TPMInfoList *info, *head = NULL, *cur_item = NULL; - - QLIST_FOREACH(drv, &tpm_backends, list) { - if (!tpm_model_is_registered(drv->fe_model)) { - continue; - } - info = g_new0(TPMInfoList, 1); - info->value = qmp_query_tpm_inst(drv); - - if (!cur_item) { - head = cur_item = info; - } else { - cur_item->next = info; - cur_item = info; - } - } - - return head; -} - -TpmTypeList *qmp_query_tpm_types(Error **errp) -{ - unsigned int i = 0; - TpmTypeList *head = NULL, *prev = NULL, *cur_item; - - for (i = 0; i < TPM_TYPE_MAX; i++) { - if (!tpm_driver_find_by_type(i)) { - continue; - } - cur_item = g_new0(TpmTypeList, 1); - cur_item->value = i; - - if (prev) { - prev->next = cur_item; - } - if (!head) { - head = cur_item; - } - prev = cur_item; - } - - return head; -} - -TpmModelList *qmp_query_tpm_models(Error **errp) -{ - unsigned int i = 0; - TpmModelList *head = NULL, *prev = NULL, *cur_item; - - for (i = 0; i < TPM_MODEL_MAX; i++) { - if (!tpm_model_is_registered(i)) { - continue; - } - cur_item = g_new0(TpmModelList, 1); - cur_item->value = i; - - if (prev) { - prev->next = cur_item; - } - if (!head) { - head = cur_item; - } - prev = cur_item; - } - - return head; -} diff --git a/tpm/tpm_backend.c b/tpm/tpm_backend.c deleted file mode 100644 index 4144ef7d76..0000000000 --- a/tpm/tpm_backend.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * common TPM backend driver functions - * - * Copyright (c) 2012-2013 IBM Corporation - * Authors: - * Stefan Berger - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see - */ - -#include "tpm/tpm.h" -#include "qemu/thread.h" -#include "tpm_backend.h" - -void tpm_backend_thread_deliver_request(TPMBackendThread *tbt) -{ - g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD, NULL); -} - -void tpm_backend_thread_create(TPMBackendThread *tbt, - GFunc func, gpointer user_data) -{ - if (!tbt->pool) { - tbt->pool = g_thread_pool_new(func, user_data, 1, TRUE, NULL); - g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL); - } -} - -void tpm_backend_thread_end(TPMBackendThread *tbt) -{ - if (tbt->pool) { - g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_END, NULL); - g_thread_pool_free(tbt->pool, FALSE, TRUE); - tbt->pool = NULL; - } -} - -void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, - GFunc func, gpointer user_data) -{ - if (!tbt->pool) { - tpm_backend_thread_create(tbt, func, user_data); - } else { - g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET, - NULL); - } -} diff --git a/tpm/tpm_backend.h b/tpm/tpm_backend.h deleted file mode 100644 index 05d94d0f5b..0000000000 --- a/tpm/tpm_backend.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * common TPM backend driver functions - * - * Copyright (c) 2012-2013 IBM Corporation - * Authors: - * Stefan Berger - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see - */ - -#ifndef TPM_TPM_BACKEND_H -#define TPM_TPM_BACKEND_H - -#include - -typedef struct TPMBackendThread { - GThreadPool *pool; -} TPMBackendThread; - -void tpm_backend_thread_deliver_request(TPMBackendThread *tbt); -void tpm_backend_thread_create(TPMBackendThread *tbt, - GFunc func, gpointer user_data); -void tpm_backend_thread_end(TPMBackendThread *tbt); -void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt, - GFunc func, gpointer user_data); - -typedef enum TPMBackendCmd { - TPM_BACKEND_CMD_INIT = 1, - TPM_BACKEND_CMD_PROCESS_CMD, - TPM_BACKEND_CMD_END, - TPM_BACKEND_CMD_TPM_RESET, -} TPMBackendCmd; - -#endif /* TPM_TPM_BACKEND_H */ diff --git a/tpm/tpm_int.h b/tpm/tpm_int.h deleted file mode 100644 index 340bfd52f1..0000000000 --- a/tpm/tpm_int.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * TPM configuration - * - * Copyright (C) 2011-2013 IBM Corporation - * - * Authors: - * Stefan Berger - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - */ -#ifndef TPM_TPM_INT_H -#define TPM_TPM_INT_H - -#include "exec/memory.h" -#include "tpm/tpm_tis.h" - -/* overall state of the TPM interface */ -struct TPMState { - ISADevice busdev; - MemoryRegion mmio; - - union { - TPMTISEmuState tis; - } s; - - uint8_t locty_number; - TPMLocality *locty_data; - - char *backend; - TPMBackend *be_driver; -}; - -#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS) - -struct TPMDriverOps { - enum TpmType type; - /* get a descriptive text of the backend to display to the user */ - const char *(*desc)(void); - - TPMBackend *(*create)(QemuOpts *opts, const char *id); - void (*destroy)(TPMBackend *t); - - /* initialize the backend */ - int (*init)(TPMBackend *t, TPMState *s, TPMRecvDataCB *datacb); - /* start up the TPM on the backend */ - int (*startup_tpm)(TPMBackend *t); - /* returns true if nothing will ever answer TPM requests */ - bool (*had_startup_error)(TPMBackend *t); - - size_t (*realloc_buffer)(TPMSizedBuffer *sb); - - void (*deliver_request)(TPMBackend *t); - - void (*reset)(TPMBackend *t); - - void (*cancel_cmd)(TPMBackend *t); - - bool (*get_tpm_established_flag)(TPMBackend *t); -}; - -struct tpm_req_hdr { - uint16_t tag; - uint32_t len; - uint32_t ordinal; -} QEMU_PACKED; - -struct tpm_resp_hdr { - uint16_t tag; - uint32_t len; - uint32_t errcode; -} QEMU_PACKED; - -#define TPM_TAG_RQU_COMMAND 0xc1 -#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2 -#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3 - -#define TPM_TAG_RSP_COMMAND 0xc4 -#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5 -#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6 - -#define TPM_FAIL 9 - -#define TPM_ORD_GetTicks 0xf1 - -TPMBackend *qemu_find_tpm(const char *id); -int tpm_register_model(enum TpmModel model); -int tpm_register_driver(const TPMDriverOps *tdo); -void tpm_display_backend_drivers(void); -const TPMDriverOps *tpm_get_backend_driver(const char *type); -void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len); - -extern const TPMDriverOps tpm_passthrough_driver; - -#endif /* TPM_TPM_INT_H */ diff --git a/tpm/tpm_passthrough.c b/tpm/tpm_passthrough.c deleted file mode 100644 index 1fdd66d356..0000000000 --- a/tpm/tpm_passthrough.c +++ /dev/null @@ -1,560 +0,0 @@ -/* - * passthrough TPM driver - * - * Copyright (c) 2010 - 2013 IBM Corporation - * Authors: - * Stefan Berger - * - * Copyright (C) 2011 IAIK, Graz University of Technology - * Author: Andreas Niederl - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see - */ - -#include - -#include "qemu-common.h" -#include "qapi/error.h" -#include "qemu/sockets.h" -#include "backends/tpm.h" -#include "tpm_int.h" -#include "hw/hw.h" -#include "hw/i386/pc.h" -#include "tpm_tis.h" -#include "tpm_backend.h" - -/* #define DEBUG_TPM */ - -#ifdef DEBUG_TPM -#define DPRINTF(fmt, ...) \ - do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) -#else -#define DPRINTF(fmt, ...) \ - do { } while (0) -#endif - -#define TYPE_TPM_PASSTHROUGH "tpm-passthrough" -#define TPM_PASSTHROUGH(obj) \ - OBJECT_CHECK(TPMPassthruState, (obj), TYPE_TPM_PASSTHROUGH) - -/* data structures */ -typedef struct TPMPassthruThreadParams { - TPMState *tpm_state; - - TPMRecvDataCB *recv_data_callback; - TPMBackend *tb; -} TPMPassthruThreadParams; - -struct TPMPassthruState { - TPMBackend parent; - - TPMBackendThread tbt; - - TPMPassthruThreadParams tpm_thread_params; - - char *tpm_dev; - int tpm_fd; - bool tpm_executing; - bool tpm_op_canceled; - int cancel_fd; - bool had_startup_error; -}; - -typedef struct TPMPassthruState TPMPassthruState; - -#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" - -/* functions */ - -static void tpm_passthrough_cancel_cmd(TPMBackend *tb); - -static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len) -{ - return send_all(fd, buf, len); -} - -static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) -{ - return recv_all(fd, buf, len, true); -} - -static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf) -{ - struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf; - - return be32_to_cpu(resp->len); -} - -static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, - const uint8_t *in, uint32_t in_len, - uint8_t *out, uint32_t out_len) -{ - int ret; - - tpm_pt->tpm_op_canceled = false; - tpm_pt->tpm_executing = true; - - ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len); - if (ret != in_len) { - if (!tpm_pt->tpm_op_canceled || - (tpm_pt->tpm_op_canceled && errno != ECANCELED)) { - error_report("tpm_passthrough: error while transmitting data " - "to TPM: %s (%i)\n", - strerror(errno), errno); - } - goto err_exit; - } - - tpm_pt->tpm_executing = false; - - ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len); - if (ret < 0) { - if (!tpm_pt->tpm_op_canceled || - (tpm_pt->tpm_op_canceled && errno != ECANCELED)) { - error_report("tpm_passthrough: error while reading data from " - "TPM: %s (%i)\n", - strerror(errno), errno); - } - } else if (ret < sizeof(struct tpm_resp_hdr) || - tpm_passthrough_get_size_from_buffer(out) != ret) { - ret = -1; - error_report("tpm_passthrough: received invalid response " - "packet from TPM\n"); - } - -err_exit: - if (ret < 0) { - tpm_write_fatal_error_response(out, out_len); - } - - tpm_pt->tpm_executing = false; - - return ret; -} - -static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt, - const TPMLocality *locty_data) -{ - return tpm_passthrough_unix_tx_bufs(tpm_pt, - locty_data->w_buffer.buffer, - locty_data->w_offset, - locty_data->r_buffer.buffer, - locty_data->r_buffer.size); -} - -static void tpm_passthrough_worker_thread(gpointer data, - gpointer user_data) -{ - TPMPassthruThreadParams *thr_parms = user_data; - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(thr_parms->tb); - TPMBackendCmd cmd = (TPMBackendCmd)data; - - DPRINTF("tpm_passthrough: processing command type %d\n", cmd); - - switch (cmd) { - case TPM_BACKEND_CMD_PROCESS_CMD: - tpm_passthrough_unix_transfer(tpm_pt, - thr_parms->tpm_state->locty_data); - - thr_parms->recv_data_callback(thr_parms->tpm_state, - thr_parms->tpm_state->locty_number); - break; - case TPM_BACKEND_CMD_INIT: - case TPM_BACKEND_CMD_END: - case TPM_BACKEND_CMD_TPM_RESET: - /* nothing to do */ - break; - } -} - -/* - * Start the TPM (thread). If it had been started before, then terminate - * and start it again. - */ -static int tpm_passthrough_startup_tpm(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - /* terminate a running TPM */ - tpm_backend_thread_end(&tpm_pt->tbt); - - tpm_backend_thread_create(&tpm_pt->tbt, - tpm_passthrough_worker_thread, - &tpm_pt->tpm_thread_params); - - return 0; -} - -static void tpm_passthrough_reset(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - DPRINTF("tpm_passthrough: CALL TO TPM_RESET!\n"); - - tpm_passthrough_cancel_cmd(tb); - - tpm_backend_thread_end(&tpm_pt->tbt); - - tpm_pt->had_startup_error = false; -} - -static int tpm_passthrough_init(TPMBackend *tb, TPMState *s, - TPMRecvDataCB *recv_data_cb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - tpm_pt->tpm_thread_params.tpm_state = s; - tpm_pt->tpm_thread_params.recv_data_callback = recv_data_cb; - tpm_pt->tpm_thread_params.tb = tb; - - return 0; -} - -static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) -{ - return false; -} - -static bool tpm_passthrough_get_startup_error(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - return tpm_pt->had_startup_error; -} - -static size_t tpm_passthrough_realloc_buffer(TPMSizedBuffer *sb) -{ - size_t wanted_size = 4096; /* Linux tpm.c buffer size */ - - if (sb->size != wanted_size) { - sb->buffer = g_realloc(sb->buffer, wanted_size); - sb->size = wanted_size; - } - return sb->size; -} - -static void tpm_passthrough_deliver_request(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - tpm_backend_thread_deliver_request(&tpm_pt->tbt); -} - -static void tpm_passthrough_cancel_cmd(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - int n; - - /* - * As of Linux 3.7 the tpm_tis driver does not properly cancel - * commands on all TPM manufacturers' TPMs. - * Only cancel if we're busy so we don't cancel someone else's - * command, e.g., a command executed on the host. - */ - if (tpm_pt->tpm_executing) { - if (tpm_pt->cancel_fd >= 0) { - n = write(tpm_pt->cancel_fd, "-", 1); - if (n != 1) { - error_report("Canceling TPM command failed: %s\n", - strerror(errno)); - } else { - tpm_pt->tpm_op_canceled = true; - } - } else { - error_report("Cannot cancel TPM command due to missing " - "TPM sysfs cancel entry"); - } - } -} - -static const char *tpm_passthrough_create_desc(void) -{ - return "Passthrough TPM backend driver"; -} - -/* - * A basic test of a TPM device. We expect a well formatted response header - * (error response is fine) within one second. - */ -static int tpm_passthrough_test_tpmdev(int fd) -{ - struct tpm_req_hdr req = { - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), - .len = cpu_to_be32(sizeof(req)), - .ordinal = cpu_to_be32(TPM_ORD_GetTicks), - }; - struct tpm_resp_hdr *resp; - fd_set readfds; - int n; - struct timeval tv = { - .tv_sec = 1, - .tv_usec = 0, - }; - unsigned char buf[1024]; - - n = write(fd, &req, sizeof(req)); - if (n < 0) { - return errno; - } - if (n != sizeof(req)) { - return EFAULT; - } - - FD_ZERO(&readfds); - FD_SET(fd, &readfds); - - /* wait for a second */ - n = select(fd + 1, &readfds, NULL, NULL, &tv); - if (n != 1) { - return errno; - } - - n = read(fd, &buf, sizeof(buf)); - if (n < sizeof(struct tpm_resp_hdr)) { - return EFAULT; - } - - resp = (struct tpm_resp_hdr *)buf; - /* check the header */ - if (be16_to_cpu(resp->tag) != TPM_TAG_RSP_COMMAND || - be32_to_cpu(resp->len) != n) { - return EBADMSG; - } - - return 0; -} - -/* - * Check whether the given base path, e.g., /sys/class/misc/tpm0/device, - * is the sysfs directory of a TPM. A TPM sysfs directory should be uniquely - * recognizable by the file entries 'pcrs' and 'cancel'. - * Upon success 'true' is returned and the basebath buffer has '/cancel' - * appended. - */ -static bool tpm_passthrough_check_sysfs_cancel(char *basepath, size_t bufsz) -{ - char path[PATH_MAX]; - struct stat statbuf; - - snprintf(path, sizeof(path), "%s/pcrs", basepath); - if (stat(path, &statbuf) == -1 || !S_ISREG(statbuf.st_mode)) { - return false; - } - - snprintf(path, sizeof(path), "%s/cancel", basepath); - if (stat(path, &statbuf) == -1 || !S_ISREG(statbuf.st_mode)) { - return false; - } - - strncpy(basepath, path, bufsz); - - return true; -} - -/* - * Unless path or file descriptor set has been provided by user, - * determine the sysfs cancel file following kernel documentation - * in Documentation/ABI/stable/sysfs-class-tpm. - */ -static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb) -{ - int fd = -1; - unsigned int idx; - DIR *pnp_dir; - char path[PATH_MAX]; - struct dirent entry, *result; - int len; - - if (tb->cancel_path) { - fd = qemu_open(tb->cancel_path, O_WRONLY); - if (fd < 0) { - error_report("Could not open TPM cancel path : %s", - strerror(errno)); - } - return fd; - } - - snprintf(path, sizeof(path), "/sys/class/misc"); - pnp_dir = opendir(path); - if (pnp_dir != NULL) { - while (readdir_r(pnp_dir, &entry, &result) == 0 && - result != NULL) { - /* - * only allow /sys/class/misc/tpm%u type of paths - */ - if (sscanf(entry.d_name, "tpm%u%n", &idx, &len) < 1 || - len <= strlen("tpm") || - len != strlen(entry.d_name)) { - continue; - } - - snprintf(path, sizeof(path), "/sys/class/misc/%s/device", - entry.d_name); - if (!tpm_passthrough_check_sysfs_cancel(path, sizeof(path))) { - continue; - } - - fd = qemu_open(path, O_WRONLY); - break; - } - closedir(pnp_dir); - } - - if (fd >= 0) { - tb->cancel_path = g_strdup(path); - } - - return fd; -} - -static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - const char *value; - - value = qemu_opt_get(opts, "cancel-path"); - if (value) { - tb->cancel_path = g_strdup(value); - } - - value = qemu_opt_get(opts, "path"); - if (!value) { - value = TPM_PASSTHROUGH_DEFAULT_DEVICE; - } - - tpm_pt->tpm_dev = g_strdup(value); - - tb->path = g_strdup(tpm_pt->tpm_dev); - - tpm_pt->tpm_fd = qemu_open(tpm_pt->tpm_dev, O_RDWR); - if (tpm_pt->tpm_fd < 0) { - error_report("Cannot access TPM device using '%s': %s\n", - tpm_pt->tpm_dev, strerror(errno)); - goto err_free_parameters; - } - - if (tpm_passthrough_test_tpmdev(tpm_pt->tpm_fd)) { - error_report("'%s' is not a TPM device.\n", - tpm_pt->tpm_dev); - goto err_close_tpmdev; - } - - return 0; - - err_close_tpmdev: - qemu_close(tpm_pt->tpm_fd); - tpm_pt->tpm_fd = -1; - - err_free_parameters: - g_free(tb->path); - tb->path = NULL; - - g_free(tpm_pt->tpm_dev); - tpm_pt->tpm_dev = NULL; - - return 1; -} - -static TPMBackend *tpm_passthrough_create(QemuOpts *opts, const char *id) -{ - Object *obj = object_new(TYPE_TPM_PASSTHROUGH); - TPMBackend *tb = TPM_BACKEND(obj); - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - tb->id = g_strdup(id); - /* let frontend set the fe_model to proper value */ - tb->fe_model = -1; - - tb->ops = &tpm_passthrough_driver; - - if (tpm_passthrough_handle_device_opts(opts, tb)) { - goto err_exit; - } - - tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tb); - if (tpm_pt->cancel_fd < 0) { - goto err_exit; - } - - return tb; - -err_exit: - g_free(tb->id); - - return NULL; -} - -static void tpm_passthrough_destroy(TPMBackend *tb) -{ - TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); - - tpm_passthrough_cancel_cmd(tb); - - tpm_backend_thread_end(&tpm_pt->tbt); - - qemu_close(tpm_pt->tpm_fd); - qemu_close(tpm_pt->cancel_fd); - - g_free(tb->id); - g_free(tb->path); - g_free(tb->cancel_path); - g_free(tpm_pt->tpm_dev); -} - -const TPMDriverOps tpm_passthrough_driver = { - .type = TPM_TYPE_PASSTHROUGH, - .desc = tpm_passthrough_create_desc, - .create = tpm_passthrough_create, - .destroy = tpm_passthrough_destroy, - .init = tpm_passthrough_init, - .startup_tpm = tpm_passthrough_startup_tpm, - .realloc_buffer = tpm_passthrough_realloc_buffer, - .reset = tpm_passthrough_reset, - .had_startup_error = tpm_passthrough_get_startup_error, - .deliver_request = tpm_passthrough_deliver_request, - .cancel_cmd = tpm_passthrough_cancel_cmd, - .get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag, -}; - -static void tpm_passthrough_inst_init(Object *obj) -{ -} - -static void tpm_passthrough_inst_finalize(Object *obj) -{ -} - -static void tpm_passthrough_class_init(ObjectClass *klass, void *data) -{ - TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass); - - tbc->ops = &tpm_passthrough_driver; -} - -static const TypeInfo tpm_passthrough_info = { - .name = TYPE_TPM_PASSTHROUGH, - .parent = TYPE_TPM_BACKEND, - .instance_size = sizeof(TPMPassthruState), - .class_init = tpm_passthrough_class_init, - .instance_init = tpm_passthrough_inst_init, - .instance_finalize = tpm_passthrough_inst_finalize, -}; - -static void tpm_passthrough_register(void) -{ - type_register_static(&tpm_passthrough_info); - tpm_register_driver(&tpm_passthrough_driver); -} - -type_init(tpm_passthrough_register) diff --git a/tpm/tpm_tis.c b/tpm/tpm_tis.c deleted file mode 100644 index f0a4584607..0000000000 --- a/tpm/tpm_tis.c +++ /dev/null @@ -1,930 +0,0 @@ -/* - * tpm_tis.c - QEMU's TPM TIS interface emulator - * - * Copyright (C) 2006,2010-2013 IBM Corporation - * - * Authors: - * Stefan Berger - * David Safford - * - * Xen 4 support: Andrease Niederl - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - * Implementation of the TIS interface according to specs found at - * http://www.trustedcomputinggroup.org. This implementation currently - * supports version 1.21, revision 1.0. - * In the developers menu choose the PC Client section then find the TIS - * specification. - */ - -#include "backends/tpm.h" -#include "tpm_int.h" -#include "block/block.h" -#include "exec/address-spaces.h" -#include "hw/hw.h" -#include "hw/i386/pc.h" -#include "hw/pci/pci_ids.h" -#include "tpm/tpm_tis.h" -#include "qemu-common.h" - -/*#define DEBUG_TIS */ - -#ifdef DEBUG_TIS -#define DPRINTF(fmt, ...) \ - do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0) -#else -#define DPRINTF(fmt, ...) \ - do { } while (0) -#endif - -/* whether the STS interrupt is supported */ -#define RAISE_STS_IRQ - -/* tis registers */ -#define TPM_TIS_REG_ACCESS 0x00 -#define TPM_TIS_REG_INT_ENABLE 0x08 -#define TPM_TIS_REG_INT_VECTOR 0x0c -#define TPM_TIS_REG_INT_STATUS 0x10 -#define TPM_TIS_REG_INTF_CAPABILITY 0x14 -#define TPM_TIS_REG_STS 0x18 -#define TPM_TIS_REG_DATA_FIFO 0x24 -#define TPM_TIS_REG_DID_VID 0xf00 -#define TPM_TIS_REG_RID 0xf04 - -/* vendor-specific registers */ -#define TPM_TIS_REG_DEBUG 0xf90 - -#define TPM_TIS_STS_VALID (1 << 7) -#define TPM_TIS_STS_COMMAND_READY (1 << 6) -#define TPM_TIS_STS_TPM_GO (1 << 5) -#define TPM_TIS_STS_DATA_AVAILABLE (1 << 4) -#define TPM_TIS_STS_EXPECT (1 << 3) -#define TPM_TIS_STS_RESPONSE_RETRY (1 << 1) - -#define TPM_TIS_BURST_COUNT_SHIFT 8 -#define TPM_TIS_BURST_COUNT(X) \ - ((X) << TPM_TIS_BURST_COUNT_SHIFT) - -#define TPM_TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) -#define TPM_TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) -#define TPM_TIS_ACCESS_BEEN_SEIZED (1 << 4) -#define TPM_TIS_ACCESS_SEIZE (1 << 3) -#define TPM_TIS_ACCESS_PENDING_REQUEST (1 << 2) -#define TPM_TIS_ACCESS_REQUEST_USE (1 << 1) -#define TPM_TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) - -#define TPM_TIS_INT_ENABLED (1 << 31) -#define TPM_TIS_INT_DATA_AVAILABLE (1 << 0) -#define TPM_TIS_INT_STS_VALID (1 << 1) -#define TPM_TIS_INT_LOCALITY_CHANGED (1 << 2) -#define TPM_TIS_INT_COMMAND_READY (1 << 7) - -#define TPM_TIS_INT_POLARITY_MASK (3 << 3) -#define TPM_TIS_INT_POLARITY_LOW_LEVEL (1 << 3) - -#ifndef RAISE_STS_IRQ - -#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \ - TPM_TIS_INT_DATA_AVAILABLE | \ - TPM_TIS_INT_COMMAND_READY) - -#else - -#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \ - TPM_TIS_INT_DATA_AVAILABLE | \ - TPM_TIS_INT_STS_VALID | \ - TPM_TIS_INT_COMMAND_READY) - -#endif - -#define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL (1 << 4) /* support is mandatory */ -#define TPM_TIS_CAPABILITIES_SUPPORTED (TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \ - TPM_TIS_INTERRUPTS_SUPPORTED) - -#define TPM_TIS_TPM_DID 0x0001 -#define TPM_TIS_TPM_VID PCI_VENDOR_ID_IBM -#define TPM_TIS_TPM_RID 0x0001 - -#define TPM_TIS_NO_DATA_BYTE 0xff - -/* local prototypes */ - -static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr, - unsigned size); - -/* utility functions */ - -static uint8_t tpm_tis_locality_from_addr(hwaddr addr) -{ - return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7); -} - -static uint32_t tpm_tis_get_size_from_buffer(const TPMSizedBuffer *sb) -{ - return be32_to_cpu(*(uint32_t *)&sb->buffer[2]); -} - -static void tpm_tis_show_buffer(const TPMSizedBuffer *sb, const char *string) -{ -#ifdef DEBUG_TIS - uint32_t len, i; - - len = tpm_tis_get_size_from_buffer(sb); - DPRINTF("tpm_tis: %s length = %d\n", string, len); - for (i = 0; i < len; i++) { - if (i && !(i % 16)) { - DPRINTF("\n"); - } - DPRINTF("%.2X ", sb->buffer[i]); - } - DPRINTF("\n"); -#endif -} - -/* - * Send a request to the TPM. - */ -static void tpm_tis_tpm_send(TPMState *s, uint8_t locty) -{ - TPMTISEmuState *tis = &s->s.tis; - - tpm_tis_show_buffer(&tis->loc[locty].w_buffer, "tpm_tis: To TPM"); - - s->locty_number = locty; - s->locty_data = &tis->loc[locty]; - - /* - * w_offset serves as length indicator for length of data; - * it's reset when the response comes back - */ - tis->loc[locty].state = TPM_TIS_STATE_EXECUTION; - - tpm_backend_deliver_request(s->be_driver); -} - -/* raise an interrupt if allowed */ -static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask) -{ - TPMTISEmuState *tis = &s->s.tis; - - if (!TPM_TIS_IS_VALID_LOCTY(locty)) { - return; - } - - if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) && - (tis->loc[locty].inte & irqmask)) { - DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask); - qemu_irq_raise(s->s.tis.irq); - tis->loc[locty].ints |= irqmask; - } -} - -static uint32_t tpm_tis_check_request_use_except(TPMState *s, uint8_t locty) -{ - uint8_t l; - - for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) { - if (l == locty) { - continue; - } - if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) { - return 1; - } - } - - return 0; -} - -static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty) -{ - TPMTISEmuState *tis = &s->s.tis; - bool change = (s->s.tis.active_locty != new_active_locty); - bool is_seize; - uint8_t mask; - - if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) { - is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) && - tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE; - - if (is_seize) { - mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY); - } else { - mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY| - TPM_TIS_ACCESS_REQUEST_USE); - } - /* reset flags on the old active locality */ - tis->loc[s->s.tis.active_locty].access &= mask; - - if (is_seize) { - tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED; - } - } - - tis->active_locty = new_active_locty; - - DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty); - - if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) { - /* set flags on the new active locality */ - tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY; - tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE | - TPM_TIS_ACCESS_SEIZE); - } - - if (change) { - tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED); - } -} - -/* abort -- this function switches the locality */ -static void tpm_tis_abort(TPMState *s, uint8_t locty) -{ - TPMTISEmuState *tis = &s->s.tis; - - tis->loc[locty].r_offset = 0; - tis->loc[locty].w_offset = 0; - - DPRINTF("tpm_tis: tis_abort: new active locality is %d\n", tis->next_locty); - - /* - * Need to react differently depending on who's aborting now and - * which locality will become active afterwards. - */ - if (tis->aborting_locty == tis->next_locty) { - tis->loc[tis->aborting_locty].state = TPM_TIS_STATE_READY; - tis->loc[tis->aborting_locty].sts = TPM_TIS_STS_COMMAND_READY; - tpm_tis_raise_irq(s, tis->aborting_locty, TPM_TIS_INT_COMMAND_READY); - } - - /* locality after abort is another one than the current one */ - tpm_tis_new_active_locality(s, tis->next_locty); - - tis->next_locty = TPM_TIS_NO_LOCALITY; - /* nobody's aborting a command anymore */ - tis->aborting_locty = TPM_TIS_NO_LOCALITY; -} - -/* prepare aborting current command */ -static void tpm_tis_prep_abort(TPMState *s, uint8_t locty, uint8_t newlocty) -{ - TPMTISEmuState *tis = &s->s.tis; - uint8_t busy_locty; - - tis->aborting_locty = locty; - tis->next_locty = newlocty; /* locality after successful abort */ - - /* - * only abort a command using an interrupt if currently executing - * a command AND if there's a valid connection to the vTPM. - */ - for (busy_locty = 0; busy_locty < TPM_TIS_NUM_LOCALITIES; busy_locty++) { - if (tis->loc[busy_locty].state == TPM_TIS_STATE_EXECUTION) { - /* - * request the backend to cancel. Some backends may not - * support it - */ - tpm_backend_cancel_cmd(s->be_driver); - return; - } - } - - tpm_tis_abort(s, locty); -} - -static void tpm_tis_receive_bh(void *opaque) -{ - TPMState *s = opaque; - TPMTISEmuState *tis = &s->s.tis; - uint8_t locty = s->locty_number; - - tis->loc[locty].sts = TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE; - tis->loc[locty].state = TPM_TIS_STATE_COMPLETION; - tis->loc[locty].r_offset = 0; - tis->loc[locty].w_offset = 0; - - if (TPM_TIS_IS_VALID_LOCTY(tis->next_locty)) { - tpm_tis_abort(s, locty); - } - -#ifndef RAISE_STS_IRQ - tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE); -#else - tpm_tis_raise_irq(s, locty, - TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID); -#endif -} - -/* - * Callback from the TPM to indicate that the response was received. - */ -static void tpm_tis_receive_cb(TPMState *s, uint8_t locty) -{ - TPMTISEmuState *tis = &s->s.tis; - - assert(s->locty_number == locty); - - qemu_bh_schedule(tis->bh); -} - -/* - * Read a byte of response data - */ -static uint32_t tpm_tis_data_read(TPMState *s, uint8_t locty) -{ - TPMTISEmuState *tis = &s->s.tis; - uint32_t ret = TPM_TIS_NO_DATA_BYTE; - uint16_t len; - - if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) { - len = tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer); - - ret = tis->loc[locty].r_buffer.buffer[tis->loc[locty].r_offset++]; - if (tis->loc[locty].r_offset >= len) { - /* got last byte */ - tis->loc[locty].sts = TPM_TIS_STS_VALID; -#ifdef RAISE_STS_IRQ - tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID); -#endif - } - DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x [%d]\n", - ret, tis->loc[locty].r_offset-1); - } - - return ret; -} - -#ifdef DEBUG_TIS -static void tpm_tis_dump_state(void *opaque, hwaddr addr) -{ - static const unsigned regs[] = { - TPM_TIS_REG_ACCESS, - TPM_TIS_REG_INT_ENABLE, - TPM_TIS_REG_INT_VECTOR, - TPM_TIS_REG_INT_STATUS, - TPM_TIS_REG_INTF_CAPABILITY, - TPM_TIS_REG_STS, - TPM_TIS_REG_DID_VID, - TPM_TIS_REG_RID, - 0xfff}; - int idx; - uint8_t locty = tpm_tis_locality_from_addr(addr); - hwaddr base = addr & ~0xfff; - TPMState *s = opaque; - TPMTISEmuState *tis = &s->s.tis; - - DPRINTF("tpm_tis: active locality : %d\n" - "tpm_tis: state of locality %d : %d\n" - "tpm_tis: register dump:\n", - tis->active_locty, - locty, tis->loc[locty].state); - - for (idx = 0; regs[idx] != 0xfff; idx++) { - DPRINTF("tpm_tis: 0x%04x : 0x%08x\n", regs[idx], - (uint32_t)tpm_tis_mmio_read(opaque, base + regs[idx], 4)); - } - - DPRINTF("tpm_tis: read offset : %d\n" - "tpm_tis: result buffer : ", - tis->loc[locty].r_offset); - for (idx = 0; - idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer); - idx++) { - DPRINTF("%c%02x%s", - tis->loc[locty].r_offset == idx ? '>' : ' ', - tis->loc[locty].r_buffer.buffer[idx], - ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : ""); - } - DPRINTF("\n" - "tpm_tis: write offset : %d\n" - "tpm_tis: request buffer: ", - tis->loc[locty].w_offset); - for (idx = 0; - idx < tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer); - idx++) { - DPRINTF("%c%02x%s", - tis->loc[locty].w_offset == idx ? '>' : ' ', - tis->loc[locty].w_buffer.buffer[idx], - ((idx & 0xf) == 0xf) ? "\ntpm_tis: " : ""); - } - DPRINTF("\n"); -} -#endif - -/* - * Read a register of the TIS interface - * See specs pages 33-63 for description of the registers - */ -static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr, - unsigned size) -{ - TPMState *s = opaque; - TPMTISEmuState *tis = &s->s.tis; - uint16_t offset = addr & 0xffc; - uint8_t shift = (addr & 0x3) * 8; - uint32_t val = 0xffffffff; - uint8_t locty = tpm_tis_locality_from_addr(addr); - uint32_t avail; - - if (tpm_backend_had_startup_error(s->be_driver)) { - return val; - } - - switch (offset) { - case TPM_TIS_REG_ACCESS: - /* never show the SEIZE flag even though we use it internally */ - val = tis->loc[locty].access & ~TPM_TIS_ACCESS_SEIZE; - /* the pending flag is always calculated */ - if (tpm_tis_check_request_use_except(s, locty)) { - val |= TPM_TIS_ACCESS_PENDING_REQUEST; - } - val |= !tpm_backend_get_tpm_established_flag(s->be_driver); - break; - case TPM_TIS_REG_INT_ENABLE: - val = tis->loc[locty].inte; - break; - case TPM_TIS_REG_INT_VECTOR: - val = tis->irq_num; - break; - case TPM_TIS_REG_INT_STATUS: - val = tis->loc[locty].ints; - break; - case TPM_TIS_REG_INTF_CAPABILITY: - val = TPM_TIS_CAPABILITIES_SUPPORTED; - break; - case TPM_TIS_REG_STS: - if (tis->active_locty == locty) { - if ((tis->loc[locty].sts & TPM_TIS_STS_DATA_AVAILABLE)) { - val = TPM_TIS_BURST_COUNT( - tpm_tis_get_size_from_buffer(&tis->loc[locty].r_buffer) - - tis->loc[locty].r_offset) | tis->loc[locty].sts; - } else { - avail = tis->loc[locty].w_buffer.size - - tis->loc[locty].w_offset; - /* - * byte-sized reads should not return 0x00 for 0x100 - * available bytes. - */ - if (size == 1 && avail > 0xff) { - avail = 0xff; - } - val = TPM_TIS_BURST_COUNT(avail) | tis->loc[locty].sts; - } - } - break; - case TPM_TIS_REG_DATA_FIFO: - if (tis->active_locty == locty) { - switch (tis->loc[locty].state) { - case TPM_TIS_STATE_COMPLETION: - val = tpm_tis_data_read(s, locty); - break; - default: - val = TPM_TIS_NO_DATA_BYTE; - break; - } - } - break; - case TPM_TIS_REG_DID_VID: - val = (TPM_TIS_TPM_DID << 16) | TPM_TIS_TPM_VID; - break; - case TPM_TIS_REG_RID: - val = TPM_TIS_TPM_RID; - break; -#ifdef DEBUG_TIS - case TPM_TIS_REG_DEBUG: - tpm_tis_dump_state(opaque, addr); - break; -#endif - } - - if (shift) { - val >>= shift; - } - - DPRINTF("tpm_tis: read.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val); - - return val; -} - -/* - * Write a value to a register of the TIS interface - * See specs pages 33-63 for description of the registers - */ -static void tpm_tis_mmio_write_intern(void *opaque, hwaddr addr, - uint64_t val, unsigned size, - bool hw_access) -{ - TPMState *s = opaque; - TPMTISEmuState *tis = &s->s.tis; - uint16_t off = addr & 0xfff; - uint8_t locty = tpm_tis_locality_from_addr(addr); - uint8_t active_locty, l; - int c, set_new_locty = 1; - uint16_t len; - - DPRINTF("tpm_tis: write.%u(%08x) = %08x\n", size, (int)addr, (uint32_t)val); - - if (locty == 4 && !hw_access) { - DPRINTF("tpm_tis: Access to locality 4 only allowed from hardware\n"); - return; - } - - if (tpm_backend_had_startup_error(s->be_driver)) { - return; - } - - switch (off) { - case TPM_TIS_REG_ACCESS: - - if ((val & TPM_TIS_ACCESS_SEIZE)) { - val &= ~(TPM_TIS_ACCESS_REQUEST_USE | - TPM_TIS_ACCESS_ACTIVE_LOCALITY); - } - - active_locty = tis->active_locty; - - if ((val & TPM_TIS_ACCESS_ACTIVE_LOCALITY)) { - /* give up locality if currently owned */ - if (tis->active_locty == locty) { - DPRINTF("tpm_tis: Releasing locality %d\n", locty); - - uint8_t newlocty = TPM_TIS_NO_LOCALITY; - /* anybody wants the locality ? */ - for (c = TPM_TIS_NUM_LOCALITIES - 1; c >= 0; c--) { - if ((tis->loc[c].access & TPM_TIS_ACCESS_REQUEST_USE)) { - DPRINTF("tpm_tis: Locality %d requests use.\n", c); - newlocty = c; - break; - } - } - DPRINTF("tpm_tis: TPM_TIS_ACCESS_ACTIVE_LOCALITY: " - "Next active locality: %d\n", - newlocty); - - if (TPM_TIS_IS_VALID_LOCTY(newlocty)) { - set_new_locty = 0; - tpm_tis_prep_abort(s, locty, newlocty); - } else { - active_locty = TPM_TIS_NO_LOCALITY; - } - } else { - /* not currently the owner; clear a pending request */ - tis->loc[locty].access &= ~TPM_TIS_ACCESS_REQUEST_USE; - } - } - - if ((val & TPM_TIS_ACCESS_BEEN_SEIZED)) { - tis->loc[locty].access &= ~TPM_TIS_ACCESS_BEEN_SEIZED; - } - - if ((val & TPM_TIS_ACCESS_SEIZE)) { - /* - * allow seize if a locality is active and the requesting - * locality is higher than the one that's active - * OR - * allow seize for requesting locality if no locality is - * active - */ - while ((TPM_TIS_IS_VALID_LOCTY(tis->active_locty) && - locty > tis->active_locty) || - !TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) { - bool higher_seize = FALSE; - - /* already a pending SEIZE ? */ - if ((tis->loc[locty].access & TPM_TIS_ACCESS_SEIZE)) { - break; - } - - /* check for ongoing seize by a higher locality */ - for (l = locty + 1; l < TPM_TIS_NUM_LOCALITIES; l++) { - if ((tis->loc[l].access & TPM_TIS_ACCESS_SEIZE)) { - higher_seize = TRUE; - break; - } - } - - if (higher_seize) { - break; - } - - /* cancel any seize by a lower locality */ - for (l = 0; l < locty - 1; l++) { - tis->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE; - } - - tis->loc[locty].access |= TPM_TIS_ACCESS_SEIZE; - DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: " - "Locality %d seized from locality %d\n", - locty, tis->active_locty); - DPRINTF("tpm_tis: TPM_TIS_ACCESS_SEIZE: Initiating abort.\n"); - set_new_locty = 0; - tpm_tis_prep_abort(s, tis->active_locty, locty); - break; - } - } - - if ((val & TPM_TIS_ACCESS_REQUEST_USE)) { - if (tis->active_locty != locty) { - if (TPM_TIS_IS_VALID_LOCTY(tis->active_locty)) { - tis->loc[locty].access |= TPM_TIS_ACCESS_REQUEST_USE; - } else { - /* no locality active -> make this one active now */ - active_locty = locty; - } - } - } - - if (set_new_locty) { - tpm_tis_new_active_locality(s, active_locty); - } - - break; - case TPM_TIS_REG_INT_ENABLE: - if (tis->active_locty != locty) { - break; - } - - tis->loc[locty].inte = (val & (TPM_TIS_INT_ENABLED | - TPM_TIS_INT_POLARITY_MASK | - TPM_TIS_INTERRUPTS_SUPPORTED)); - break; - case TPM_TIS_REG_INT_VECTOR: - /* hard wired -- ignore */ - break; - case TPM_TIS_REG_INT_STATUS: - if (tis->active_locty != locty) { - break; - } - - /* clearing of interrupt flags */ - if (((val & TPM_TIS_INTERRUPTS_SUPPORTED)) && - (tis->loc[locty].ints & TPM_TIS_INTERRUPTS_SUPPORTED)) { - tis->loc[locty].ints &= ~val; - if (tis->loc[locty].ints == 0) { - qemu_irq_lower(tis->irq); - DPRINTF("tpm_tis: Lowering IRQ\n"); - } - } - tis->loc[locty].ints &= ~(val & TPM_TIS_INTERRUPTS_SUPPORTED); - break; - case TPM_TIS_REG_STS: - if (tis->active_locty != locty) { - break; - } - - val &= (TPM_TIS_STS_COMMAND_READY | TPM_TIS_STS_TPM_GO | - TPM_TIS_STS_RESPONSE_RETRY); - - if (val == TPM_TIS_STS_COMMAND_READY) { - switch (tis->loc[locty].state) { - - case TPM_TIS_STATE_READY: - tis->loc[locty].w_offset = 0; - tis->loc[locty].r_offset = 0; - break; - - case TPM_TIS_STATE_IDLE: - tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY; - tis->loc[locty].state = TPM_TIS_STATE_READY; - tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY); - break; - - case TPM_TIS_STATE_EXECUTION: - case TPM_TIS_STATE_RECEPTION: - /* abort currently running command */ - DPRINTF("tpm_tis: %s: Initiating abort.\n", - __func__); - tpm_tis_prep_abort(s, locty, locty); - break; - - case TPM_TIS_STATE_COMPLETION: - tis->loc[locty].w_offset = 0; - tis->loc[locty].r_offset = 0; - /* shortcut to ready state with C/R set */ - tis->loc[locty].state = TPM_TIS_STATE_READY; - if (!(tis->loc[locty].sts & TPM_TIS_STS_COMMAND_READY)) { - tis->loc[locty].sts = TPM_TIS_STS_COMMAND_READY; - tpm_tis_raise_irq(s, locty, TPM_TIS_INT_COMMAND_READY); - } - tis->loc[locty].sts &= ~(TPM_TIS_STS_DATA_AVAILABLE); - break; - - } - } else if (val == TPM_TIS_STS_TPM_GO) { - switch (tis->loc[locty].state) { - case TPM_TIS_STATE_RECEPTION: - if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT) == 0) { - tpm_tis_tpm_send(s, locty); - } - break; - default: - /* ignore */ - break; - } - } else if (val == TPM_TIS_STS_RESPONSE_RETRY) { - switch (tis->loc[locty].state) { - case TPM_TIS_STATE_COMPLETION: - tis->loc[locty].r_offset = 0; - tis->loc[locty].sts = TPM_TIS_STS_VALID | - TPM_TIS_STS_DATA_AVAILABLE; - break; - default: - /* ignore */ - break; - } - } - break; - case TPM_TIS_REG_DATA_FIFO: - /* data fifo */ - if (tis->active_locty != locty) { - break; - } - - if (tis->loc[locty].state == TPM_TIS_STATE_IDLE || - tis->loc[locty].state == TPM_TIS_STATE_EXECUTION || - tis->loc[locty].state == TPM_TIS_STATE_COMPLETION) { - /* drop the byte */ - } else { - DPRINTF("tpm_tis: Byte to send to TPM: %02x\n", (uint8_t)val); - if (tis->loc[locty].state == TPM_TIS_STATE_READY) { - tis->loc[locty].state = TPM_TIS_STATE_RECEPTION; - tis->loc[locty].sts = TPM_TIS_STS_EXPECT | TPM_TIS_STS_VALID; - } - - if ((tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) { - if (tis->loc[locty].w_offset < tis->loc[locty].w_buffer.size) { - tis->loc[locty].w_buffer. - buffer[tis->loc[locty].w_offset++] = (uint8_t)val; - } else { - tis->loc[locty].sts = TPM_TIS_STS_VALID; - } - } - - /* check for complete packet */ - if (tis->loc[locty].w_offset > 5 && - (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) { - /* we have a packet length - see if we have all of it */ -#ifdef RAISE_STS_IRQ - bool needIrq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID); -#endif - len = tpm_tis_get_size_from_buffer(&tis->loc[locty].w_buffer); - if (len > tis->loc[locty].w_offset) { - tis->loc[locty].sts = TPM_TIS_STS_EXPECT | - TPM_TIS_STS_VALID; - } else { - /* packet complete */ - tis->loc[locty].sts = TPM_TIS_STS_VALID; - } -#ifdef RAISE_STS_IRQ - if (needIrq) { - tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID); - } -#endif - } - } - break; - } -} - -static void tpm_tis_mmio_write(void *opaque, hwaddr addr, - uint64_t val, unsigned size) -{ - return tpm_tis_mmio_write_intern(opaque, addr, val, size, false); -} - -static const MemoryRegionOps tpm_tis_memory_ops = { - .read = tpm_tis_mmio_read, - .write = tpm_tis_mmio_write, - .endianness = DEVICE_LITTLE_ENDIAN, - .valid = { - .min_access_size = 1, - .max_access_size = 4, - }, -}; - -static int tpm_tis_do_startup_tpm(TPMState *s) -{ - return tpm_backend_startup_tpm(s->be_driver); -} - -/* - * This function is called when the machine starts, resets or due to - * S3 resume. - */ -static void tpm_tis_reset(DeviceState *dev) -{ - TPMState *s = TPM(dev); - TPMTISEmuState *tis = &s->s.tis; - int c; - - tpm_backend_reset(s->be_driver); - - tis->active_locty = TPM_TIS_NO_LOCALITY; - tis->next_locty = TPM_TIS_NO_LOCALITY; - tis->aborting_locty = TPM_TIS_NO_LOCALITY; - - for (c = 0; c < TPM_TIS_NUM_LOCALITIES; c++) { - tis->loc[c].access = TPM_TIS_ACCESS_TPM_REG_VALID_STS; - tis->loc[c].sts = 0; - tis->loc[c].inte = TPM_TIS_INT_POLARITY_LOW_LEVEL; - tis->loc[c].ints = 0; - tis->loc[c].state = TPM_TIS_STATE_IDLE; - - tis->loc[c].w_offset = 0; - tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].w_buffer); - tis->loc[c].r_offset = 0; - tpm_backend_realloc_buffer(s->be_driver, &tis->loc[c].r_buffer); - } - - tpm_tis_do_startup_tpm(s); -} - -static const VMStateDescription vmstate_tpm_tis = { - .name = "tpm", - .unmigratable = 1, -}; - -static Property tpm_tis_properties[] = { - DEFINE_PROP_UINT32("irq", TPMState, - s.tis.irq_num, TPM_TIS_IRQ), - DEFINE_PROP_STRING("tpmdev", TPMState, backend), - DEFINE_PROP_END_OF_LIST(), -}; - -static void tpm_tis_realizefn(DeviceState *dev, Error **errp) -{ - TPMState *s = TPM(dev); - TPMTISEmuState *tis = &s->s.tis; - - s->be_driver = qemu_find_tpm(s->backend); - if (!s->be_driver) { - error_setg(errp, "tpm_tis: backend driver with id %s could not be " - "found", s->backend); - return; - } - - s->be_driver->fe_model = TPM_MODEL_TPM_TIS; - - if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) { - error_setg(errp, "tpm_tis: backend driver with id %s could not be " - "initialized", s->backend); - return; - } - - if (tis->irq_num > 15) { - error_setg(errp, "tpm_tis: IRQ %d for TPM TIS is outside valid range " - "of 0 to 15.\n", tis->irq_num); - return; - } - - tis->bh = qemu_bh_new(tpm_tis_receive_bh, s); - - isa_init_irq(&s->busdev, &tis->irq, tis->irq_num); -} - -static void tpm_tis_initfn(Object *obj) -{ - ISADevice *dev = ISA_DEVICE(obj); - TPMState *s = TPM(obj); - - memory_region_init_io(&s->mmio, &tpm_tis_memory_ops, s, "tpm-tis-mmio", - TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT); - memory_region_add_subregion(isa_address_space(dev), TPM_TIS_ADDR_BASE, - &s->mmio); -} - -static void tpm_tis_uninitfn(Object *obj) -{ - TPMState *s = TPM(obj); - - memory_region_del_subregion(get_system_memory(), &s->mmio); - memory_region_destroy(&s->mmio); -} - -static void tpm_tis_class_init(ObjectClass *klass, void *data) -{ - DeviceClass *dc = DEVICE_CLASS(klass); - - dc->realize = tpm_tis_realizefn; - dc->props = tpm_tis_properties; - dc->reset = tpm_tis_reset; - dc->vmsd = &vmstate_tpm_tis; -} - -static const TypeInfo tpm_tis_info = { - .name = TYPE_TPM_TIS, - .parent = TYPE_ISA_DEVICE, - .instance_size = sizeof(TPMState), - .instance_init = tpm_tis_initfn, - .instance_finalize = tpm_tis_uninitfn, - .class_init = tpm_tis_class_init, -}; - -static void tpm_tis_register(void) -{ - type_register_static(&tpm_tis_info); - tpm_register_model(TPM_MODEL_TPM_TIS); -} - -type_init(tpm_tis_register) diff --git a/tpm/tpm_tis.h b/tpm/tpm_tis.h deleted file mode 100644 index 1be4ddc8a1..0000000000 --- a/tpm/tpm_tis.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * tpm_tis.h - QEMU's TPM TIS interface emulator - * - * Copyright (C) 2006, 2010-2013 IBM Corporation - * - * Authors: - * Stefan Berger - * David Safford - * - * This work is licensed under the terms of the GNU GPL, version 2 or later. - * See the COPYING file in the top-level directory. - * - * Implementation of the TIS interface according to specs found at - * http://www.trustedcomputinggroup.org - * - */ -#ifndef TPM_TPM_TIS_H -#define TPM_TPM_TIS_H - -#include "hw/isa/isa.h" -#include "qemu-common.h" - -#define TPM_TIS_ADDR_BASE 0xFED40000 - -#define TPM_TIS_NUM_LOCALITIES 5 /* per spec */ -#define TPM_TIS_LOCALITY_SHIFT 12 -#define TPM_TIS_NO_LOCALITY 0xff - -#define TPM_TIS_IS_VALID_LOCTY(x) ((x) < TPM_TIS_NUM_LOCALITIES) - -#define TPM_TIS_IRQ 5 - -#define TPM_TIS_BUFFER_MAX 4096 - -#define TYPE_TPM_TIS "tpm-tis" - - -struct TPMSizedBuffer { - uint32_t size; - uint8_t *buffer; -}; - -typedef enum { - TPM_TIS_STATE_IDLE = 0, - TPM_TIS_STATE_READY, - TPM_TIS_STATE_COMPLETION, - TPM_TIS_STATE_EXECUTION, - TPM_TIS_STATE_RECEPTION, -} TPMTISState; - -/* locality data -- all fields are persisted */ -typedef struct TPMLocality { - TPMTISState state; - uint8_t access; - uint8_t sts; - uint32_t inte; - uint32_t ints; - - uint16_t w_offset; - uint16_t r_offset; - TPMSizedBuffer w_buffer; - TPMSizedBuffer r_buffer; -} TPMLocality; - -typedef struct TPMTISEmuState { - QEMUBH *bh; - uint32_t offset; - uint8_t buf[TPM_TIS_BUFFER_MAX]; - - uint8_t active_locty; - uint8_t aborting_locty; - uint8_t next_locty; - - TPMLocality loc[TPM_TIS_NUM_LOCALITIES]; - - qemu_irq irq; - uint32_t irq_num; -} TPMTISEmuState; - -#endif /* TPM_TPM_TIS_H */ diff --git a/vl.c b/vl.c index d694a9039b..ce7bed7141 100644 --- a/vl.c +++ b/vl.c @@ -139,7 +139,7 @@ int main(int argc, char **argv) #include "sysemu/blockdev.h" #include "hw/block/block.h" #include "migration/block.h" -#include "tpm/tpm.h" +#include "sysemu/tpm.h" #include "sysemu/dma.h" #include "audio/audio.h" #include "migration/migration.h" -- cgit v1.2.1