diff options
| author |   Patrick Ohly <patrick.ohly@intel.com> | 2017-12-06 12:03:32 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-10 22:41:43 +0000 |
| commit | 82f37aa4c5152f104897fff04f09ad55c20c2a3f (patch) | |
| tree | 1f12cceb9390f7d3715d2d9cfbeaecfbcedf1e51 /meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch | |
| parent | d9b59df1230a20c7a5c9f4fb0325bb9216025a16 (diff) | |
| download | openembedded-core-contrib-82f37aa4c5152f104897fff04f09ad55c20c2a3f.tar.gz | |
qemu: use upstream swtpm support
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch | 182 |
1 files changed, 182 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch b/meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch new file mode 100644 index 0000000000..8670b8a0d3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch @@ -0,0 +1,182 @@ +From b8322aaa2f31995e1b7b776e7efae68416573bc3 Mon Sep 17 00:00:00 2001 +From: Amarnath Valluri <amarnath.valluri@intel.com> +Date: Wed, 29 Mar 2017 15:36:47 +0300 +Subject: [PATCH 09/12] tpm-passthrough: move reusable code to utils +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> +Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> + +Upstream-Status: Backport [4a3d80980ebf71d8faf9d0ce2e2e23bdda5728df] +--- + hw/tpm/tpm_passthrough.c | 64 ++++-------------------------------------------- + hw/tpm/tpm_util.c | 25 +++++++++++++++++++ + hw/tpm/tpm_util.h | 4 +++ + 3 files changed, 34 insertions(+), 59 deletions(-) + +diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c +index 22d3460550..e6ace28b04 100644 +--- a/hw/tpm/tpm_passthrough.c ++++ b/hw/tpm/tpm_passthrough.c +@@ -68,27 +68,6 @@ typedef struct TPMPassthruState TPMPassthruState; + + static void tpm_passthrough_cancel_cmd(TPMBackend *tb); + +-static int tpm_passthrough_unix_write(int fd, const uint8_t *buf, uint32_t len) +-{ +- int ret, remain; +- +- remain = len; +- while (remain > 0) { +- ret = write(fd, buf, remain); +- if (ret < 0) { +- if (errno != EINTR && errno != EAGAIN) { +- return -1; +- } +- } else if (ret == 0) { +- break; +- } else { +- buf += ret; +- remain -= ret; +- } +- } +- return len - remain; +-} +- + static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) + { + int ret; +@@ -102,45 +81,12 @@ static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) + } + return ret; + } +- +-static uint32_t tpm_passthrough_get_size_from_buffer(const uint8_t *buf) +-{ +- struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)buf; +- +- return be32_to_cpu(resp->len); +-} +- +-/* +- * Write an error message in the given output buffer. +- */ +-static void tpm_write_fatal_error_response(uint8_t *out, uint32_t out_len) +-{ +- if (out_len >= sizeof(struct tpm_resp_hdr)) { +- struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; +- +- resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); +- resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); +- resp->errcode = cpu_to_be32(TPM_FAIL); +- } +-} +- +-static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len) +-{ +- struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in; +- +- if (in_len >= sizeof(*hdr)) { +- return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest); +- } +- +- return false; +-} +- + static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + const uint8_t *in, uint32_t in_len, + uint8_t *out, uint32_t out_len, + bool *selftest_done) + { +- int ret; ++ ssize_t ret; + bool is_selftest; + const struct tpm_resp_hdr *hdr; + +@@ -148,9 +94,9 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + tpm_pt->tpm_executing = true; + *selftest_done = false; + +- is_selftest = tpm_passthrough_is_selftest(in, in_len); ++ is_selftest = tpm_util_is_selftest(in, in_len); + +- ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len); ++ ret = qemu_write_full(tpm_pt->tpm_fd, (const void *)in, (size_t)in_len); + if (ret != in_len) { + if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) { + error_report("tpm_passthrough: error while transmitting data " +@@ -170,7 +116,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + strerror(errno), errno); + } + } else if (ret < sizeof(struct tpm_resp_hdr) || +- tpm_passthrough_get_size_from_buffer(out) != ret) { ++ be32_to_cpu(((struct tpm_resp_hdr *)out)->len) != ret) { + ret = -1; + error_report("tpm_passthrough: received invalid response " + "packet from TPM"); +@@ -183,7 +129,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + + err_exit: + if (ret < 0) { +- tpm_write_fatal_error_response(out, out_len); ++ tpm_util_write_fatal_error_response(out, out_len); + } + + tpm_pt->tpm_executing = false; +diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c +index 7b35429725..fb929f6e92 100644 +--- a/hw/tpm/tpm_util.c ++++ b/hw/tpm/tpm_util.c +@@ -24,6 +24,31 @@ + #include "tpm_int.h" + + /* ++ * Write an error message in the given output buffer. ++ */ ++void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len) ++{ ++ if (out_len >= sizeof(struct tpm_resp_hdr)) { ++ struct tpm_resp_hdr *resp = (struct tpm_resp_hdr *)out; ++ ++ resp->tag = cpu_to_be16(TPM_TAG_RSP_COMMAND); ++ resp->len = cpu_to_be32(sizeof(struct tpm_resp_hdr)); ++ resp->errcode = cpu_to_be32(TPM_FAIL); ++ } ++} ++ ++bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len) ++{ ++ struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in; ++ ++ if (in_len >= sizeof(*hdr)) { ++ return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest); ++ } ++ ++ return false; ++} ++ ++/* + * A basic test of a TPM device. We expect a well formatted response header + * (error response is fine) within one second. + */ +diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h +index df76245e6e..2f7c96146d 100644 +--- a/hw/tpm/tpm_util.h ++++ b/hw/tpm/tpm_util.h +@@ -24,6 +24,10 @@ + + #include "sysemu/tpm_backend.h" + ++void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len); ++ ++bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len); ++ + int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version); + + #endif /* TPM_TPM_UTIL_H */ +-- +2.11.0 + |