qemu: use upstream swtpm support

Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.

However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.

A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:

  qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
  qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument

With a recent enough swtpm, one can create a TPM device like this:

  - bitbake swtpm-native
  - create a TPM instance and initialize it with:

       $ mkdir -p my-machine/myvtpm0
       $ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
       Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
       TPM is listening on TCP port 34613.
       Successfully created EK.
       Successfully authored TPM state.
       Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET

  - runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
    swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
    --tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
    -tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
    tpm-tis,tpmdev=tpm0" ...

Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.

swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).

With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 0 insertions, 86 deletions

diff --git a/meta/recipes-devtools/qemu/qemu/0002-Introduce-condition-to-notify-waiters-of-completed-c.patch b/meta/recipes-devtools/qemu/qemu/0002-Introduce-condition-to-notify-waiters-of-completed-c.patch
deleted file mode 100644
index c88c98e565..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0002-Introduce-condition-to-notify-waiters-of-completed-c.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From b5ffd3aa4e9bd4edb09cc84c46f78da72697a946 Mon Sep 17 00:00:00 2001
-From: Stefan Berger <stefanb@linux.vnet.ibm.com>
-Date: Sat, 31 Dec 2016 11:23:32 -0500
-Subject: [PATCH 2/4] Introduce condition to notify waiters of completed
- command
-
-Introduce a lock and a condition to notify anyone waiting for the completion
-of the execution of a TPM command by the backend (thread). The backend
-uses the condition to signal anyone waiting for command completion.
-We need to place the condition in two locations: one is invoked by the
-backend thread, the other by the bottom half thread.
-We will use the signalling to wait for command completion before VM
-suspend.
-
-Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
-
-Upstream-Status: Pending [https://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg00252.html]
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
----
- hw/tpm/tpm_int.h |  3 +++
- hw/tpm/tpm_tis.c | 14 ++++++++++++++
- 2 files changed, 17 insertions(+)
-
-diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
-index 6b2c9c953a..70be1ad8d9 100644
---- a/hw/tpm/tpm_int.h
-+++ b/hw/tpm/tpm_int.h
-@@ -30,6 +30,9 @@ struct TPMState {
-     char *backend;
-     TPMBackend *be_driver;
-     TPMVersion be_tpm_version;
-+
-+    QemuMutex state_lock;
-+    QemuCond cmd_complete;
- };
- 
- #define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
-diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
-index 381e7266ea..14d9e83ea2 100644
---- a/hw/tpm/tpm_tis.c
-+++ b/hw/tpm/tpm_tis.c
-@@ -368,6 +368,8 @@ static void tpm_tis_receive_bh(void *opaque)
-     TPMTISEmuState *tis = &s->s.tis;
-     uint8_t locty = s->locty_number;
- 
-+    qemu_mutex_lock(&s->state_lock);
-+
-     tpm_tis_sts_set(&tis->loc[locty],
-                     TPM_TIS_STS_VALID | TPM_TIS_STS_DATA_AVAILABLE);
-     tis->loc[locty].state = TPM_TIS_STATE_COMPLETION;
-@@ -384,6 +386,10 @@ static void tpm_tis_receive_bh(void *opaque)
-     tpm_tis_raise_irq(s, locty,
-                       TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
- #endif
-+
-+    /* notify of completed command */
-+    qemu_cond_signal(&s->cmd_complete);
-+    qemu_mutex_unlock(&s->state_lock);
- }
- 
- /*
-@@ -403,6 +409,11 @@ static void tpm_tis_receive_cb(TPMState *s, uint8_t locty,
-         }
-     }
- 
-+    qemu_mutex_lock(&s->state_lock);
-+    /* notify of completed command */
-+    qemu_cond_signal(&s->cmd_complete);
-+    qemu_mutex_unlock(&s->state_lock);
-+
-     qemu_bh_schedule(tis->bh);
- }
- 
-@@ -1072,6 +1083,9 @@ static void tpm_tis_initfn(Object *obj)
-     memory_region_init_io(&s->mmio, OBJECT(s), &tpm_tis_memory_ops,
-                           s, "tpm-tis-mmio",
-                           TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT);
-+
-+    qemu_mutex_init(&s->state_lock);
-+    qemu_cond_init(&s->cmd_complete);
- }
- 
- static void tpm_tis_class_init(ObjectClass *klass, void *data)
--- 
-2.11.0
-