]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d9b59df) | patch
qemu: use upstream swtpm support
authorPatrick Ohly <patrick.ohly@intel.com>
Wed, 6 Dec 2017 11:03:32 +0000 (12:03 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 10 Dec 2017 22:41:43 +0000 (22:41 +0000)
commit82f37aa4c5152f104897fff04f09ad55c20c2a3f
tree1f12cceb9390f7d3715d2d9cfbeaecfbcedf1e51tree | snapshot
parentd9b59df1230a20c7a5c9f4fb0325bb9216025a16commit | diff
qemu: use upstream swtpm support

Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.

However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.

A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:

  qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
  qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument

With a recent enough swtpm, one can create a TPM device like this:

  - bitbake swtpm-native
  - create a TPM instance and initialize it with:

       $ mkdir -p my-machine/myvtpm0
       $ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
       Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
       TPM is listening on TCP port 34613.
       Successfully created EK.
       Successfully authored TPM state.
       Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET

  - runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
    swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
    --tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
    -tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
    tpm-tis,tpmdev=tpm0" ...

Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.

swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).

With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
18 files changed:
meta/recipes-devtools/qemu/qemu/0001-Provide-support-for-the-CUSE-TPM.patch [deleted file] blob | history
meta/recipes-devtools/qemu/qemu/0001-tpm-Clean-up-driver-registration-lookup.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0002-Introduce-condition-to-notify-waiters-of-completed-c.patch [deleted file] blob | history
meta/recipes-devtools/qemu/qemu/0002-tpm-Clean-up-model-registration-lookup.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0003-Introduce-condition-in-TPM-backend-for-notification.patch [deleted file] blob | history
meta/recipes-devtools/qemu/qemu/0003-tpm-backend-Remove-unneeded-member-variable-from-bac.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0004-Add-support-for-VM-suspend-resume-for-TPM-TIS-v2.9.patch [deleted file] blob | history
meta/recipes-devtools/qemu/qemu/0004-tpm-backend-Move-thread-handling-inside-TPMBackend.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0005-tpm-backend-Initialize-and-free-data-members-in-it-s.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0006-tpm-backend-Made-few-interface-methods-optional.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0007-tpm-backend-Add-new-api-to-read-backend-TpmInfo.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0008-tpm-backend-Move-realloc_buffer-implementation-to-tp.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0009-tpm-passthrough-move-reusable-code-to-utils.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0010-tpm-Added-support-for-TPM-emulator.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0011-tpm-Move-tpm_cleanup-to-right-place.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/0012-tpm-Use-EMSGSIZE-instead-of-EBADMSG-to-compile-on-Op.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.10.1.bb diff | blob | history
Mirror of the official openembedded-core repository