mirror of
https://github.com/xemu-project/xemu.git
synced 2024-11-24 20:19:44 +00:00
f4ede81eed
This change introduces a new TPM backend driver that can communicate with swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to the TPM emulator using QEMU's socket-based chardev backend device. Swtpm uses two Unix sockets for communications, one for plain TPM commands and responses, and one for out-of-band control messages. QEMU passes the data socket to be used over the control channel. The swtpm and associated tools can be found here: https://github.com/stefanberger/swtpm The swtpm's control channel protocol specification can be found here: https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification Usage: # setup TPM state directory mkdir /tmp/mytpm chown -R tss:root /tmp/mytpm /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek # Ask qemu to use TPM emulator with given tpm state directory qemu-system-x86_64 \ [...] \ -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis,tpmdev=tpm0 \ [...] Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
153 lines
2.8 KiB
Python
153 lines
2.8 KiB
Python
# -*- Mode: Python -*-
|
|
#
|
|
|
|
##
|
|
# = TPM (trusted platform module) devices
|
|
##
|
|
|
|
##
|
|
# @TpmModel:
|
|
#
|
|
# An enumeration of TPM models
|
|
#
|
|
# @tpm-tis: TPM TIS model
|
|
#
|
|
# Since: 1.5
|
|
##
|
|
{ 'enum': 'TpmModel', 'data': [ 'tpm-tis' ] }
|
|
|
|
##
|
|
# @query-tpm-models:
|
|
#
|
|
# Return a list of supported TPM models
|
|
#
|
|
# Returns: a list of TpmModel
|
|
#
|
|
# Since: 1.5
|
|
#
|
|
# Example:
|
|
#
|
|
# -> { "execute": "query-tpm-models" }
|
|
# <- { "return": [ "tpm-tis" ] }
|
|
#
|
|
##
|
|
{ 'command': 'query-tpm-models', 'returns': ['TpmModel'] }
|
|
|
|
##
|
|
# @TpmType:
|
|
#
|
|
# An enumeration of TPM types
|
|
#
|
|
# @passthrough: TPM passthrough type
|
|
# @emulator: Software Emulator TPM type
|
|
# Since: 2.11
|
|
#
|
|
# Since: 1.5
|
|
##
|
|
{ 'enum': 'TpmType', 'data': [ 'passthrough', 'emulator' ] }
|
|
|
|
##
|
|
# @query-tpm-types:
|
|
#
|
|
# Return a list of supported TPM types
|
|
#
|
|
# Returns: a list of TpmType
|
|
#
|
|
# Since: 1.5
|
|
#
|
|
# Example:
|
|
#
|
|
# -> { "execute": "query-tpm-types" }
|
|
# <- { "return": [ "passthrough", "emulator" ] }
|
|
#
|
|
##
|
|
{ 'command': 'query-tpm-types', 'returns': ['TpmType'] }
|
|
|
|
##
|
|
# @TPMPassthroughOptions:
|
|
#
|
|
# Information about the TPM passthrough type
|
|
#
|
|
# @path: string describing the path used for accessing the TPM device
|
|
#
|
|
# @cancel-path: string showing the TPM's sysfs cancel file
|
|
# for cancellation of TPM commands while they are executing
|
|
#
|
|
# Since: 1.5
|
|
##
|
|
{ 'struct': 'TPMPassthroughOptions', 'data': { '*path' : 'str',
|
|
'*cancel-path' : 'str'} }
|
|
|
|
##
|
|
# @TPMEmulatorOptions:
|
|
#
|
|
# Information about the TPM emulator type
|
|
#
|
|
# @chardev: Name of a unix socket chardev
|
|
#
|
|
# Since: 2.11
|
|
##
|
|
{ 'struct': 'TPMEmulatorOptions', 'data': { 'chardev' : 'str' } }
|
|
|
|
##
|
|
# @TpmTypeOptions:
|
|
#
|
|
# A union referencing different TPM backend types' configuration options
|
|
#
|
|
# @type: 'passthrough' The configuration options for the TPM passthrough type
|
|
# 'emulator' The configuration options for TPM emulator backend type
|
|
#
|
|
# Since: 1.5
|
|
##
|
|
{ 'union': 'TpmTypeOptions',
|
|
'data': { 'passthrough' : 'TPMPassthroughOptions',
|
|
'emulator': 'TPMEmulatorOptions' } }
|
|
|
|
##
|
|
# @TPMInfo:
|
|
#
|
|
# Information about the TPM
|
|
#
|
|
# @id: The Id of the TPM
|
|
#
|
|
# @model: The TPM frontend model
|
|
#
|
|
# @options: The TPM (backend) type configuration options
|
|
#
|
|
# Since: 1.5
|
|
##
|
|
{ 'struct': 'TPMInfo',
|
|
'data': {'id': 'str',
|
|
'model': 'TpmModel',
|
|
'options': 'TpmTypeOptions' } }
|
|
|
|
##
|
|
# @query-tpm:
|
|
#
|
|
# Return information about the TPM device
|
|
#
|
|
# Returns: @TPMInfo on success
|
|
#
|
|
# Since: 1.5
|
|
#
|
|
# Example:
|
|
#
|
|
# -> { "execute": "query-tpm" }
|
|
# <- { "return":
|
|
# [
|
|
# { "model": "tpm-tis",
|
|
# "options":
|
|
# { "type": "passthrough",
|
|
# "data":
|
|
# { "cancel-path": "/sys/class/misc/tpm0/device/cancel",
|
|
# "path": "/dev/tpm0"
|
|
# }
|
|
# },
|
|
# "id": "tpm0"
|
|
# }
|
|
# ]
|
|
# }
|
|
#
|
|
##
|
|
{ 'command': 'query-tpm', 'returns': ['TPMInfo'] }
|