March 2015 - SeaBIOS - mail.coreboot.org

Re: [SeaBIOS] [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine
by Kevin O'Connor March 12, 2015

March 12, 2015

On Tue, Mar 10, 2015 at 08:16:03AM -0400, Quan Xu wrote: > This patch series are only the SeaBios part to enable stubdom vTPM for HVM > virtual machine. It will work with Qemu patch series and Xen patch series. > > ======================== > *INTRODUCTION* > ======================== > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM functionality > to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This allows programs > to interact with a TPM in a virtual machine the same way they interact with a TPM > on the physical system. Each virtual machine gets its own unique, emulated, software > TPM. Each major component of vTPM is implemented as a stubdom, providing secure > separation guaranteed by the hypervisor. > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual machine > to use. It is a small wrapper around the Berlios TPM emulator. TPM commands are passed > from mini-os TPM backend driver. Thanks. Does this seabios patch require additional seabios patches before it is useful? Does it depend on upstream patches in Xen/QEMU that are not yet committed? -Kevin

2 1

KVM Forum 2015 Call for Participation
by Paolo Bonzini March 11, 2015

March 11, 2015

================================================================= KVM Forum 2015: Call For Participation August 19-21, 2015 - Sheraton Seattle - Seattle, WA (All submissions must be received before midnight May 1, 2015) ================================================================= KVM is an industry leading open source hypervisor that provides an ideal platform for datacenter virtualization, virtual desktop infrastructure, and cloud computing. Once again, it's time to bring together the community of developers and users that define the KVM ecosystem for our annual technical conference. We will discuss the current state of affairs and plan for the future of KVM, its surrounding infrastructure, and management tools. Mark your calendar and join us in advancing KVM. http://events.linuxfoundation.org/events/kvm-forum/ This year, the KVM Forum is moving back to North America. We will be colocated with the Linux Foundation's LinuxCon North America, CloudOpen North America, ContainerCon and Linux Plumbers Conference events. Attendees of KVM Forum will also be able to attend a shared hackathon event with Xen Project Developer Summit on August 18, 2015. We invite you to lead part of the discussion by submitting a speaking proposal for KVM Forum 2015. http://events.linuxfoundation.org/cfp Suggested topics: KVM/Kernel * Scaling and optimizations * Nested virtualization * Linux kernel performance improvements * Resource management (CPU, I/O, memory) * Hardening and security * VFIO: SR-IOV, GPU, platform device assignment * Architecture ports QEMU * Management interfaces: QOM and QMP * New devices, new boards, new architectures * Scaling and optimizations * Desktop virtualization and SPICE * Virtual GPU * virtio and vhost, including non-Linux or non-virtualized uses * Hardening and security * New storage features * Live migration and fault tolerance * High availability and continuous backup * Real-time guest support * Emulation and TCG * Firmware: ACPI, UEFI, coreboot, u-Boot, etc. * Testing Management and infrastructure * Managing KVM: Libvirt, OpenStack, oVirt, etc. * Storage: glusterfs, Ceph, etc. * Software defined networking: Open vSwitch, OpenDaylight, etc. * Network Function Virtualization * Security * Provisioning * Performance tuning =============== SUBMITTING YOUR PROPOSAL =============== Abstracts due: May 1, 2015 Please submit a short abstract (~150 words) describing your presentation proposal. Slots vary in length up to 45 minutes. Also include in your proposal the proposal type -- one of: - technical talk - end-user talk Submit your proposal here: http://events.linuxfoundation.org/cfp Please only use the categories "presentation" and "panel discussion" You will receive a notification whether or not your presentation proposal was accepted by May 29, 2015. Speakers will receive a complimentary pass for the event. In the instance that your submission has multiple presenters, only the primary speaker for a proposal will receive a complementary event pass. For panel discussions, all panelists will receive a complimentary event pass. TECHNICAL TALKS A good technical talk should not just report on what has happened over the last year; it should present a concrete problem and how it impacts the user and/or developer community. Whenever applicable, focus on work that needs to be done, difficulties that haven't yet been solved, and on decisions that other developers should be aware of. Summarizing recent developments is okay but it should not be more than a small portion of the overall talk. END-USER TALKS One of the big challenges as developers is to know what, where and how people actually use our software. We will reserve a few slots for end users talking about their deployment challenges and achievements. If you are using KVM in production you are encouraged submit a speaking proposal. Simply mark it as an end-user talk. As an end user, this is a unique opportunity to get your input to developers. HANDS-ON / BOF SESSIONS We will reserve some time for people to get together and discuss strategic decisions as well as other topics that are best solved within smaller groups. These sessions will be announced during the event. If you are interested in organizing such a session, please add it to the list at http://www.linux-kvm.org/page/KVM_Forum_2015_BOF Let people you think might be interested know about it, and encourage them to add their names to the wiki page as well. Please try to add your ideas to the list before KVM Forum starts. PANEL DISCUSSIONS If you are proposing a panel discussion, please make sure that you list all of your potential panelists in your abstract. We will request full biographies if a panel is accepted. =============== HOTEL / TRAVEL =============== KVM Forum 2015 will be taking place at the Sheraton Seattle Hotel. We are pleased to offer attendees a discounted room rate of US$199/night (plus applicable taxes) which includes wifi in your guest room. http://events.linuxfoundation.org/events/kvm-forum/attend/hotel-and-travel includes further information on the Sheraton Seattle and the discounted room rate, as well as on transportation and parking options for the hotel. =============== IMPORTANT DATES =============== Notification: May 29, 2015 Schedule announced: June 3, 2015 Event dates: August 19-21, 2015 Thank you for your interest in KVM. We're looking forward to your submissions and seeing you at the KVM Forum 2015 in August! -your KVM Forum 2015 Program Committee Please contact us with any questions or comments.

1 0

[PATCH v2] boot: add serial-friendly alternatives for invoking the boot menu
by Paolo Bonzini March 11, 2015

March 11, 2015

F11 and F12 are trapped by some terminal emulators, and sgabios does not always recognize function keys very well. Real-world machines often provide replacements for function keys for use on the serial console: ESC+1...ESC+0 for F1...F10, ESC+SHIFT+1 and ESC+SHIFT+2 for F11...F12. Accept all of them, which can be useful in case the user has set boot-menu-key. The behavior is disabled if ESC is configured to trigger the menu. Chromebooks use this configuration. Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- v1->v2: disable new behavior if ESC triggers the boot menu [Kevin] --- src/boot.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) diff --git a/src/boot.c b/src/boot.c index f23e9e1..0572ff1 100644 --- a/src/boot.c +++ b/src/boot.c @@ -422,7 +422,21 @@ get_raw_keystroke(void) memset(&br, 0, sizeof(br)); br.flags = F_IF; call16_int(0x16, &br); - return br.ah; + return br.ax; +} + +// Read a keystroke - waiting up to 'msec' milliseconds. +static int +get_keystroke_ascii(int msec) +{ + u32 end = irqtimer_calc(msec); + for (;;) { + if (check_for_keystroke()) + return get_raw_keystroke() & 255; + if (irqtimer_check(end)) + return -1; + yield_toirq(); + } } // Read a keystroke - waiting up to 'msec' milliseconds. @@ -432,7 +446,7 @@ get_keystroke(int msec) u32 end = irqtimer_calc(msec); for (;;) { if (check_for_keystroke()) - return get_raw_keystroke(); + return get_raw_keystroke() >> 8; if (irqtimer_check(end)) return -1; yield_toirq(); @@ -446,6 +460,35 @@ get_keystroke(int msec) #define DEFAULT_BOOTMENU_WAIT 2500 +static int +get_bootmenu_keystroke(bool esc_sequence) +{ + u32 menutime = romfile_loadint("etc/boot-menu-wait", DEFAULT_BOOTMENU_WAIT); + int scan_code = get_keystroke(menutime); + if (esc_sequence && scan_code == 0x01) { + while (get_keystroke(0) >= 0) + ; + int ascii = get_keystroke_ascii(menutime * 2); + switch (ascii) { + case '1' ... '9': + scan_code = 0x3a + ascii - '0'; + break; + case '0': + scan_code = 0x3a + 10; + break; + case '!': + scan_code = 0x85; + break; + case '@': + scan_code = 0x86; + break; + default: + break; + } + } + return scan_code; +} + // Show IPL option menu. void interactive_bootmenu(void) @@ -460,12 +503,11 @@ interactive_bootmenu(void) char *bootmsg = romfile_loadfile("etc/boot-menu-message", NULL); int menukey = romfile_loadint("etc/boot-menu-key", 0x86); - printf("%s", bootmsg ?: "\nPress F12 for boot menu.\n\n"); + printf("%s", bootmsg ?: "\nPress ESC+@ or F12 for boot menu.\n\n"); free(bootmsg); - u32 menutime = romfile_loadint("etc/boot-menu-wait", DEFAULT_BOOTMENU_WAIT); enable_bootsplash(); - int scan_code = get_keystroke(menutime); + int scan_code = get_bootmenu_keystroke(menukey != 1); disable_bootsplash(); if (scan_code != menukey) return; -- 2.3.0

1 1

[PATCH V2 0/2] fw/pci: better support for multiple host bridges
by Marcel Apfelbaum March 11, 2015

March 11, 2015

The series is developed together with QEMU's: [Qemu-devel] [PATCH RFC 00/17] implement multiple primary busses for pc machines http://lists.gnu.org/archive/html/qemu-ppc/2015-01/msg00159.html (not related to ppc) v1 -> v2: - Addressed Kevin O'Connor idea (Thanks!) to treat devices behind extra root PCI buses as belonging to Bus 0 for resource resizing and mapping. The series fixes some issues when more than one root primary bus is present. First patch scans all the bus range to find the extra root buses. Second patch extends memory and IO mapping for found buses. Marcel Apfelbaum (2): fw/pci: scan all buses if extraroots romfile is present fw/pci: map memory and IO regions for multiple pci root buses src/fw/pciinit.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) -- 2.1.0

3 9

FW: [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine
by Xu, Quan March 10, 2015

March 10, 2015

> -----Original Message----- > From: Xu, Quan > Sent: Tuesday, March 10, 2015 8:16 PM > To: kevin(a)koconnor.net > Cc: stefano.stabellini(a)eu.citrix.com; stefanb(a)linux.vnet.ibm.com; > qemu-devel(a)nongnu.org; xen-devel(a)lists.xen.org; Xu, Quan > Subject: [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual > machine > > Signed-off-by: Quan Xu <quan.xu(a)intel.com> > Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> > --- > Makefile | 2 +- > src/post.c | 3 + > src/tpm.c | 309 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > src/tpm.h | 141 ++++++++++++++++++++++++++++ > 4 files changed, 454 insertions(+), 1 deletion(-) create mode 100644 src/tpm.c > create mode 100644 src/tpm.h > > diff --git a/Makefile b/Makefile > index eecb8a1..945e997 100644 > --- a/Makefile > +++ b/Makefile > @@ -36,7 +36,7 @@ SRCBOTH=misc.c stacks.c output.c string.c block.c cdrom.c > disk.c mouse.c kbd.c \ > hw/virtio-ring.c hw/virtio-pci.c hw/virtio-blk.c hw/virtio-scsi.c \ > hw/lsi-scsi.c hw/esp-scsi.c hw/megasas.c > SRC16=$(SRCBOTH) > -SRC32FLAT=$(SRCBOTH) post.c memmap.c malloc.c romfile.c x86.c optionroms.c > \ > +SRC32FLAT=$(SRCBOTH) post.c memmap.c malloc.c romfile.c tpm.c x86.c > +optionroms.c \ > pmm.c font.c boot.c bootsplash.c jpeg.c bmp.c \ > hw/ahci.c hw/pvscsi.c hw/usb-xhci.c hw/usb-hub.c \ > fw/coreboot.c fw/lzmadecode.c fw/csm.c fw/biostables.c \ diff --git > a/src/post.c b/src/post.c index 0fdd28e..8cb1abd 100644 > --- a/src/post.c > +++ b/src/post.c > @@ -28,6 +28,7 @@ > #include "output.h" // dprintf > #include "string.h" // memset > #include "util.h" // kbd_init > +#include "tpm.h" //vtpm4hvm_setup > > > > /************************************************************* > *** > @@ -151,6 +152,8 @@ device_hardware_setup(void) > esp_scsi_setup(); > megasas_setup(); > pvscsi_setup(); > + if (runningOnXen()) > + vtpm4hvm_setup(); > } > > static void > diff --git a/src/tpm.c b/src/tpm.c > new file mode 100644 > index 0000000..a834d30 > --- /dev/null > +++ b/src/tpm.c > @@ -0,0 +1,309 @@ > +/* > + * Implementation of a TPM driver for the TPM TIS interface > + * > + * Copyright (C) 2006-2013 IBM Corporation > + * Copyright (C) 2015 Intel Corporation > + * > + * Authors: > + * Stefan Berger <stefanb(a)linux.vnet.ibm.com> > + * Quan Xu <quan.xu(a)intel.com> > + * > + * This file may be distributed under the terms of the GNU > + * LGPLv3 license. > + */ > + > +#include "config.h" > +#include "util.h" > +#include "tpm.h" > + > +static u32 tis_default_timeouts[4] = { > + TIS_DEFAULT_TIMEOUT_A, > + TIS_DEFAULT_TIMEOUT_B, > + TIS_DEFAULT_TIMEOUT_C, > + TIS_DEFAULT_TIMEOUT_D, > +}; > + > +static u32 tpm_default_durations[3] = { > + TPM_DEFAULT_DURATION_SHORT, > + TPM_DEFAULT_DURATION_MEDIUM, > + TPM_DEFAULT_DURATION_LONG, > +}; > + > + > +/* if device is not there, return '0', '1' otherwise */ static u32 > +tis_probe(void) { > + u32 rc = 0; > + u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID)); > + > + if ((didvid != 0) && (didvid != 0xffffffff)) > + rc = 1; > + > + return rc; > +} > + > +static u32 tis_init(void) > +{ > + writeb(TIS_REG(0, TIS_REG_INT_ENABLE), 0); > + > + if (tpm_drivers[TIS_DRIVER_IDX].durations == NULL) { > + u32 *durations = malloc_low(sizeof(tpm_default_durations)); > + if (durations) > + memcpy(durations, tpm_default_durations, > + sizeof(tpm_default_durations)); > + else > + durations = tpm_default_durations; > + tpm_drivers[TIS_DRIVER_IDX].durations = durations; > + } > + > + if (tpm_drivers[TIS_DRIVER_IDX].timeouts == NULL) { > + u32 *timeouts = malloc_low(sizeof(tis_default_timeouts)); > + if (timeouts) > + memcpy(timeouts, tis_default_timeouts, > + sizeof(tis_default_timeouts)); > + else > + timeouts = tis_default_timeouts; > + tpm_drivers[TIS_DRIVER_IDX].timeouts = timeouts; > + } > + > + return 1; > +} > + > + > +static void set_timeouts(u32 timeouts[4], u32 durations[3]) { > + u32 *tos = tpm_drivers[TIS_DRIVER_IDX].timeouts; > + u32 *dus = tpm_drivers[TIS_DRIVER_IDX].durations; > + > + if (tos && tos != tis_default_timeouts && timeouts) > + memcpy(tos, timeouts, 4 * sizeof(u32)); > + if (dus && dus != tpm_default_durations && durations) > + memcpy(dus, durations, 3 * sizeof(u32)); } > + > + > +static u32 tis_wait_sts(u8 locty, u32 time, u8 mask, u8 expect) { > + u32 rc = 1; > + > + while (time > 0) { > + u8 sts = readb(TIS_REG(locty, TIS_REG_STS)); > + if ((sts & mask) == expect) { > + rc = 0; > + break; > + } > + msleep(1); > + time--; > + } > + return rc; > +} > + > +static u32 tis_activate(u8 locty) > +{ > + u32 rc = 0; > + u8 acc; > + int l; > + u32 timeout_a = > +tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_A]; > + > + if (!(readb(TIS_REG(locty, TIS_REG_ACCESS)) & > + TIS_ACCESS_ACTIVE_LOCALITY)) { > + /* release locality in use top-downwards */ > + for (l = 4; l >= 0; l--) > + writeb(TIS_REG(l, TIS_REG_ACCESS), > + TIS_ACCESS_ACTIVE_LOCALITY); > + } > + > + /* request access to locality */ > + writeb(TIS_REG(locty, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE); > + > + acc = readb(TIS_REG(locty, TIS_REG_ACCESS)); > + if ((acc & TIS_ACCESS_ACTIVE_LOCALITY)) { > + writeb(TIS_REG(locty, TIS_REG_STS), TIS_STS_COMMAND_READY); > + rc = tis_wait_sts(locty, timeout_a, > + TIS_STS_COMMAND_READY, > TIS_STS_COMMAND_READY); > + } > + > + return rc; > +} > + > +static u32 tis_find_active_locality(void) { > + u8 locty; > + > + for (locty = 0; locty <= 4; locty++) { > + if ((readb(TIS_REG(locty, TIS_REG_ACCESS)) & > + TIS_ACCESS_ACTIVE_LOCALITY)) > + return locty; > + } > + > + tis_activate(0); > + > + return 0; > +} > + > +static u32 tis_ready(void) > +{ > + u32 rc = 0; > + u8 locty = tis_find_active_locality(); > + u32 timeout_b = > +tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_B]; > + > + writeb(TIS_REG(locty, TIS_REG_STS), TIS_STS_COMMAND_READY); > + rc = tis_wait_sts(locty, timeout_b, > + TIS_STS_COMMAND_READY, > TIS_STS_COMMAND_READY); > + > + return rc; > +} > + > +static u32 tis_senddata(const u8 *const data, u32 len) { > + u32 rc = 0; > + u32 offset = 0; > + u32 end = 0; > + u16 burst = 0; > + u32 ctr = 0; > + u8 locty = tis_find_active_locality(); > + u32 timeout_d = > +tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_D]; > + > + do { > + while (burst == 0 && ctr < timeout_d) { > + burst = readl(TIS_REG(locty, TIS_REG_STS)) >> 8; > + if (burst == 0) { > + msleep(1); > + ctr++; > + } > + } > + > + if (burst == 0) { > + rc = TCG_RESPONSE_TIMEOUT; > + break; > + } > + > + while (1) { > + writeb(TIS_REG(locty, TIS_REG_DATA_FIFO), data[offset++]); > + burst--; > + > + if (burst == 0 || offset == len) > + break; > + } > + > + if (offset == len) > + end = 1; > + } while (end == 0); > + > + return rc; > +} > + > +static u32 tis_readresp(u8 *buffer, u32 *len) { > + u32 rc = 0; > + u32 offset = 0; > + u32 sts; > + u8 locty = tis_find_active_locality(); > + > + while (offset < *len) { > + buffer[offset] = readb(TIS_REG(locty, TIS_REG_DATA_FIFO)); > + offset++; > + sts = readb(TIS_REG(locty, TIS_REG_STS)); > + /* data left ? */ > + if ((sts & TIS_STS_DATA_AVAILABLE) == 0) > + break; > + } > + > + *len = offset; > + > + return rc; > +} > + > + > +static u32 tis_waitdatavalid(void) > +{ > + u32 rc = 0; > + u8 locty = tis_find_active_locality(); > + u32 timeout_c = > +tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_C]; > + > + if (tis_wait_sts(locty, timeout_c, TIS_STS_VALID, TIS_STS_VALID) != 0) > + rc = TCG_NO_RESPONSE; > + > + return rc; > +} > + > +static u32 tis_waitrespready(enum tpmDurationType to_t) { > + u32 rc = 0; > + u8 locty = tis_find_active_locality(); > + u32 timeout = tpm_drivers[TIS_DRIVER_IDX].durations[to_t]; > + > + writeb(TIS_REG(locty ,TIS_REG_STS), TIS_STS_TPM_GO); > + > + if (tis_wait_sts(locty, timeout, > + TIS_STS_DATA_AVAILABLE, > TIS_STS_DATA_AVAILABLE) != 0) > + rc = TCG_NO_RESPONSE; > + > + return rc; > +} > + > + > +struct tpm_driver tpm_drivers[TPM_NUM_DRIVERS] = { > + [TIS_DRIVER_IDX] = > + { > + .timeouts = NULL, > + .durations = NULL, > + .set_timeouts = set_timeouts, > + .probe = tis_probe, > + .init = tis_init, > + .activate = tis_activate, > + .ready = tis_ready, > + .senddata = tis_senddata, > + .readresp = tis_readresp, > + .waitdatavalid = tis_waitdatavalid, > + .waitrespready = tis_waitrespready, > + .sha1threshold = 100 * 1024, > + }, > +}; > + > +typedef struct { > + u8 tpm_probed:1; > + u8 tpm_found:1; > + u8 tpm_working:1; > + u8 if_shutdown:1; > + u8 tpm_driver_to_use:4; > +} tcpa_state_t; > + > + > +static tcpa_state_t tcpa_state = { > + .tpm_driver_to_use = TPM_INVALID_DRIVER, }; > + > +static u32 > +is_tpm_present(void) > +{ > + u32 rc = 0; > + unsigned int i; > + > + for (i = 0; i < TPM_NUM_DRIVERS; i++) { > + struct tpm_driver *td = &tpm_drivers[i]; > + if (td->probe() != 0) { > + td->init(); > + tcpa_state.tpm_driver_to_use = i; > + rc = 1; > + break; > + } > + } > + > + return rc; > +} > + > +int > +vtpm4hvm_setup(void) > +{ > + if (!tcpa_state.tpm_probed) { > + tcpa_state.tpm_probed = 1; > + tcpa_state.tpm_found = (is_tpm_present() != 0); > + tcpa_state.tpm_working = 1; > + } > + if (!tcpa_state.tpm_working) > + return 0; > + > + return tcpa_state.tpm_found; > +} > + > diff --git a/src/tpm.h b/src/tpm.h > new file mode 100644 > index 0000000..cac5cec > --- /dev/null > +++ b/src/tpm.h > @@ -0,0 +1,141 @@ > +#ifndef TPM_DRIVERS_H > +#define TPM_DRIVERS_H > + > +#include "types.h" // u32 > + > + > +enum tpmDurationType { > + TPM_DURATION_TYPE_SHORT = 0, > + TPM_DURATION_TYPE_MEDIUM, > + TPM_DURATION_TYPE_LONG, > +}; > + > +/* low level driver implementation */ > +struct tpm_driver { > + u32 *timeouts; > + u32 *durations; > + void (*set_timeouts)(u32 timeouts[4], u32 durations[3]); > + u32 (*probe)(void); > + u32 (*init)(void); > + u32 (*activate)(u8 locty); > + u32 (*ready)(void); > + u32 (*senddata)(const u8 *const data, u32 len); > + u32 (*readresp)(u8 *buffer, u32 *len); > + u32 (*waitdatavalid)(void); > + u32 (*waitrespready)(enum tpmDurationType to_t); > + /* the TPM will be used for buffers of sizes below the sha1threshold > + for calculating the hash */ > + u32 sha1threshold; > +}; > + > +extern struct tpm_driver tpm_drivers[]; > + > + > +#define TIS_DRIVER_IDX 0 > +#define TPM_NUM_DRIVERS 1 > + > +#define TPM_INVALID_DRIVER -1 > + > +/* TIS driver */ > +/* address of locality 0 (TIS) */ > +#define TPM_TIS_BASE_ADDRESS 0xfed40000 > + > +#define TIS_REG(LOCTY, REG) \ > + (void *)(TPM_TIS_BASE_ADDRESS + (LOCTY << 12) + REG) > + > +/* hardware registers */ > +#define TIS_REG_ACCESS 0x0 > +#define TIS_REG_INT_ENABLE 0x8 > +#define TIS_REG_INT_VECTOR 0xc > +#define TIS_REG_INT_STATUS 0x10 > +#define TIS_REG_INTF_CAPABILITY 0x14 > +#define TIS_REG_STS 0x18 > +#define TIS_REG_DATA_FIFO 0x24 > +#define TIS_REG_DID_VID 0xf00 > +#define TIS_REG_RID 0xf04 > + > +#define TIS_STS_VALID (1 << 7) /* 0x80 */ > +#define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */ > +#define TIS_STS_TPM_GO (1 << 5) /* 0x20 */ > +#define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */ > +#define TIS_STS_EXPECT (1 << 3) /* 0x08 */ > +#define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */ > + > +#define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */ > +#define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */ > +#define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */ > +#define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */ > +#define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */ > +#define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */ > +#define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */ > + > +#define SCALER 10 > + > +#define TIS_DEFAULT_TIMEOUT_A (750 * SCALER) > +#define TIS_DEFAULT_TIMEOUT_B (2000 * SCALER) > +#define TIS_DEFAULT_TIMEOUT_C (750 * SCALER) > +#define TIS_DEFAULT_TIMEOUT_D (750 * SCALER) > + > +enum tisTimeoutType { > + TIS_TIMEOUT_TYPE_A = 0, > + TIS_TIMEOUT_TYPE_B, > + TIS_TIMEOUT_TYPE_C, > + TIS_TIMEOUT_TYPE_D, > +}; > + > +#define TPM_DEFAULT_DURATION_SHORT (2000 * SCALER) > +#define TPM_DEFAULT_DURATION_MEDIUM (20000 * SCALER) > +#define TPM_DEFAULT_DURATION_LONG (60000 * SCALER) > + > + > +/*************************************************** > + * TCG BIOS * > + ***************************************************/ > +#define TPM_OK 0x0 > +#define TPM_RET_BASE 0x1 > +#define TCG_GENERAL_ERROR (TPM_RET_BASE + 0x0) > +#define TCG_TPM_IS_LOCKED (TPM_RET_BASE + 0x1) > +#define TCG_NO_RESPONSE (TPM_RET_BASE + 0x2) > +#define TCG_INVALID_RESPONSE (TPM_RET_BASE + 0x3) > +#define TCG_INVALID_ACCESS_REQUEST (TPM_RET_BASE + 0x4) > +#define TCG_FIRMWARE_ERROR (TPM_RET_BASE + 0x5) > +#define TCG_INTEGRITY_CHECK_FAILED (TPM_RET_BASE + 0x6) > +#define TCG_INVALID_DEVICE_ID (TPM_RET_BASE + 0x7) > +#define TCG_INVALID_VENDOR_ID (TPM_RET_BASE + 0x8) > +#define TCG_UNABLE_TO_OPEN (TPM_RET_BASE + 0x9) > +#define TCG_UNABLE_TO_CLOSE (TPM_RET_BASE + 0xa) > +#define TCG_RESPONSE_TIMEOUT (TPM_RET_BASE + 0xb) > +#define TCG_INVALID_COM_REQUEST (TPM_RET_BASE + 0xc) > +#define TCG_INVALID_ADR_REQUEST (TPM_RET_BASE + 0xd) > +#define TCG_WRITE_BYTE_ERROR (TPM_RET_BASE + 0xe) > +#define TCG_READ_BYTE_ERROR (TPM_RET_BASE + 0xf) > +#define TCG_BLOCK_WRITE_TIMEOUT (TPM_RET_BASE + 0x10) > +#define TCG_CHAR_WRITE_TIMEOUT (TPM_RET_BASE + 0x11) > +#define TCG_CHAR_READ_TIMEOUT (TPM_RET_BASE + 0x12) > +#define TCG_BLOCK_READ_TIMEOUT (TPM_RET_BASE + 0x13) > +#define TCG_TRANSFER_ABORT (TPM_RET_BASE + 0x14) > +#define TCG_INVALID_DRV_FUNCTION (TPM_RET_BASE + 0x15) > +#define TCG_OUTPUT_BUFFER_TOO_SHORT (TPM_RET_BASE + 0x16) > +#define TCG_FATAL_COM_ERROR (TPM_RET_BASE + 0x17) > +#define TCG_INVALID_INPUT_PARA (TPM_RET_BASE + 0x18) > +#define TCG_TCG_COMMAND_ERROR (TPM_RET_BASE + 0x19) > +#define TCG_INTERFACE_SHUTDOWN (TPM_RET_BASE + 0x20) > +#define TCG_PC_TPM_NOT_PRESENT (TPM_RET_BASE + 0x22) > +#define TCG_PC_TPM_DEACTIVATED (TPM_RET_BASE + 0x23) > + > +#define TPM_INVALID_ADR_REQUEST TCG_INVALID_ADR_REQUEST > +#define TPM_IS_LOCKED TCG_TPM_IS_LOCKED > +#define TPM_INVALID_DEVICE_ID TCG_INVALID_DEVICE_ID > +#define TPM_INVALID_VENDOR_ID TCG_INVALID_VENDOR_ID > +#define TPM_FIRMWARE_ERROR TCG_FIRMWARE_ERROR > +#define TPM_UNABLE_TO_OPEN TCG_UNABLE_TO_OPEN > +#define TPM_UNABLE_TO_CLOSE TCG_UNABLE_TO_CLOSE > +#define TPM_INVALID_RESPONSE TCG_INVALID_RESPONSE > +#define TPM_RESPONSE_TIMEOUT TCG_RESPONSE_TIMEOUT > +#define TPM_INVALID_ACCESS_REQUEST > TCG_INVALID_ACCESS_REQUEST > +#define TPM_TRANSFER_ABORT TCG_TRANSFER_ABORT > +#define TPM_GENERAL_ERROR TCG_GENERAL_ERROR > + > +int vtpm4hvm_setup(void); > + > +#endif /* TPM_DRIVERS_H */ > -- > 1.8.1.2

1 0

FW: [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine
by Xu, Quan March 10, 2015

March 10, 2015

> -----Original Message----- > From: Xu, Quan > Sent: Tuesday, March 10, 2015 8:16 PM > To: kevin(a)koconnor.net > Cc: stefano.stabellini(a)eu.citrix.com; stefanb(a)linux.vnet.ibm.com; > qemu-devel(a)nongnu.org; xen-devel(a)lists.xen.org; Xu, Quan > Subject: [PATCH] SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual > machine > > This patch series are only the SeaBios part to enable stubdom vTPM for HVM > virtual machine. It will work with Qemu patch series and Xen patch series. > > ======================== > *INTRODUCTION* > ======================== > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This > allows programs to interact with a TPM in a virtual machine the same way they > interact with a TPM on the physical system. Each virtual machine gets its own > unique, emulated, software TPM. Each major component of vTPM is > implemented as a stubdom, providing secure separation guaranteed by the > hypervisor. > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual > machine to use. It is a small wrapper around the Berlios TPM emulator. TPM > commands are passed from mini-os TPM backend driver. > > > Signed-off-by: Quan Xu <quan.xu(a)intel.com> > Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> > > Quan Xu (1): > SeaBios/vTPM: Enable Xen stubdom vTPM for HVM virtual machine > > Makefile | 2 +- > src/post.c | 3 + > src/tpm.c | 309 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > src/tpm.h | 141 ++++++++++++++++++++++++++++ > 4 files changed, 454 insertions(+), 1 deletion(-) create mode 100644 src/tpm.c > create mode 100644 src/tpm.h > > -- > 1.8.1.2

1 0

[Qemu-devel] [PATCH v4 for-2.3 00/25] hw/pc: implement multiple primary busses for pc machines
by Marcel Apfelbaum March 10, 2015

March 10, 2015

Notes: - Sorry for the late submission, I was waiting for dynamic ACPI series to get merged in order to submit - my bad. - The prev version (v2) was wrongfully tagged by me as RFC, it was actually ready but not rebased. V3 only rebases with no actual functionality changed. - This series is not that big, patches 1-8 are really small and can be submitted separately, however I preferred to keep them here to get the whole picture. The series is fully functional. - Limitations: - Pxb's bus does not support hotplug. It will be addressed on top of this series because is already getting to big. - Depends on: - [SeaBIOS] [PATCH V3 0/2] fw/pci: better support for multiple host bridges - It was already reviewed/accepted by the maintainers, it will be merged after this series gets accepted. - You are more than welcome to try using: -device pxb-device,id=pxb,bus_nr=4,numa_node=1 -device e1000,bus=pxb,addr=0x1 -bios <patched with the above series> v3->v4: - Addressed Michael S. Tsirkin's review: - refactored build_prt method (patch 11/25) hw/apci: add _PRT method for extra PCI root busses - Addressed Igor Mammedov's reiew - add assert to aml_index (patch 5/25) - Fixed aml_equal implementation (patch 1/25) v2->v3: - Rebased on Michael S. Tsirkin's pci branch (that includes now all the dependencies) - Refactored acpi terms patch into multiple patches to match Igor's design. v1->v2: - Add support for multiple pxb devices. - Attach pxb's bus to specific NUMA node. - Got rid of the hacks from prev version. - Tested also for Win7 and Fedora 20, and for virtio blk devices. - Several bug-fixes resulting in a stable version ready for submission. Reasoning: We need multiple primary busess for a few reasons, the most important one is to be able to associate a pass-trough device with a guest NUMA node. The OS-es are able to associate a NUMA node only to a primary bus, not to a specific PCI device or a pci-2-pci bridge. PC machines support multiple NUMA nodes for CPUs and memory, however the IO was not yet supported. patch 1-9 adds the necessary acpi constructs based on Igor's series patch 10-13 implements acpi code needed to expose the pxb's primary bus to guests patch 14 separates the pci_bus code into a designated file patch 15-19 handles the implicit assumptions in code that only one primary bus can exist patch 20 handles the actual implementation of the PXB devices patch 21-22 enables the device patch 23 implements PXB map_irq function, (can be squashed into the actual PXB) patch 24-25 adds NUMA support Marcel Apfelbaum (25): acpi: fix aml_equal term implementation acpi: add aml_or() term acpi: add aml_add() term acpi: add aml_lless() term acpi: add aml_index() term acpi: add aml_shiftleft() term acpi: add aml_shiftright() term acpi: add aml_increment() term acpi: add aml_while() term hw/acpi: add support for multiple root busses hw/apci: add _PRT method for extra PCI root busses hw/acpi: add _CRS method for extra root busses hw/acpi: remove from root bus 0 the crs resources used by other busses. hw/pci: move pci bus related code to separate files hw/pci: made pci_bus_is_root a PCIBusClass method hw/pci: made pci_bus_num a PCIBusClass method hw/pci: introduce TYPE_PCI_MAIN_HOST_BRIDGE interface hw/pci: removed 'rootbus nr is 0' assumption from qmp_pci_query hw/pci: implement iteration over multiple host bridges hw/pci: introduce PCI Expander Bridge (PXB) hw/pci: inform bios if the system has more than one pci bridge hw/pci: piix - suport multiple host bridges hw/pxb: add map_irq func hw/pci_bus: add support for NUMA nodes hw/pxb: add numa_node parameter arch_init.c | 1 + hw/acpi/aml-build.c | 79 +++++- hw/alpha/typhoon.c | 1 + hw/i386/acpi-build.c | 347 +++++++++++++++++++++++- hw/i386/kvm/pci-assign.c | 1 + hw/i386/pc.c | 13 + hw/mips/gt64xxx_pci.c | 1 + hw/pci-bridge/Makefile.objs | 1 + hw/pci-bridge/pci_expander_bridge.c | 208 +++++++++++++++ hw/pci-host/bonito.c | 1 + hw/pci-host/grackle.c | 1 + hw/pci-host/piix.c | 63 ++++- hw/pci-host/ppce500.c | 1 + hw/pci-host/q35.c | 5 + hw/pci-host/uninorth.c | 1 + hw/pci/Makefile.objs | 2 +- hw/pci/pci.c | 501 +--------------------------------- hw/pci/pci_bus.c | 517 ++++++++++++++++++++++++++++++++++++ hw/pci/pci_host.c | 6 + hw/ppc/ppc4xx_pci.c | 1 + hw/scsi/megasas.c | 1 + hw/sh4/r2d.c | 1 + hw/sh4/sh_pci.c | 1 + hw/vfio/pci.c | 1 + hw/xen/xen_pt.c | 1 + include/hw/acpi/aml-build.h | 8 + include/hw/pci/pci.h | 6 +- include/hw/pci/pci_bus.h | 35 +++ include/hw/pci/pci_host.h | 11 + include/sysemu/sysemu.h | 1 + 30 files changed, 1307 insertions(+), 510 deletions(-) create mode 100644 hw/pci-bridge/pci_expander_bridge.c create mode 100644 hw/pci/pci_bus.c -- 2.1.0

8 65

[Qemu-devel] [PATCH v3 for-2.3 00/24] hw/pc: implement multiple primary busses for pc machines
by Marcel Apfelbaum March 8, 2015

March 8, 2015

Notes: - Sorry for the late submission, I was waiting for dynamic ACPI series to get merged in order to submit - my bad. - The prev version (v2) was wrongfully tagged by me as RFC, it was actually ready but not rebased. V3 only rebases with no actual functionality changed. - This series is not that big, patches 1-8 are really small and can be submitted separately, however I preferred to keep them here to get the whole picture. The series is fully functional. - Limitations: - Pxb's bus does not support hotplug. It will be addressed on top of this series because is already getting to big. - Depends on: - [SeaBIOS] [PATCH V3 0/2] fw/pci: better support for multiple host bridges - It was already reviewed/accepted by the maintainers, it will be merged after this series gets accepted. - You are more than welcome to try using: -device pxb-device,id=pxb,bus_nr=4,numa_node=1 -device e1000,bus=pxb,addr=0x1 -bios <patched with the above series> v2->v3: - Rebased on Michael S. Tsirkin's pci branch (that includes now all the dependencies) - Refactored acpi terms patch into multiple patches to match Igor's design. v1->v2: - Add support for multiple pxb devices. - Attach pxb's bus to specific NUMA node. - Got rid of the hacks from prev version. - Tested also for Win7 and Fedora 20, and for virtio blk devices. - Several bug-fixes resulting in a stable version ready for submission. Reasoning: We need multiple primary busess for a few reasons, the most important one is to be able to associate a pass-trough device with a guest NUMA node. The OS-es are able to associate a NUMA node only to a primary bus, not to a specific PCI device or a pci-2-pci bridge. PC machines support multiple NUMA nodes for CPUs and memory, however the IO was not yet supported. patch 1-8 adds the necessary acpi constructs based on Igor's series patch 9-12 implements acpi code needed to expose the pxb's primary bus to guests patch 13 separates the pci_bus code into a designated file patch 14-18 handles the implicit assumptions in code that only one primary bus can exist patch 19 handles the actual implementation of the PXB devices patch 20-21 enables the device patch 22 implements PXB map_irq function, (can be squashed into the actual PXB) patch 23-24 adds NUMA support Marcel Apfelbaum (24): acpi: add aml_or() term acpi: add aml_add() term acpi: add aml_lless() term acpi: add aml_index() term acpi: add aml_shiftleft() term acpi: add aml_shiftright() term acpi: add aml_increment() term acpi: add aml_while() term hw/acpi: add support for multiple root busses hw/apci: add _PRT method for extra PCI root busses hw/acpi: add _CRS method for extra root busses hw/acpi: remove from root bus 0 the crs resources used by other busses. hw/pci: move pci bus related code to separate files hw/pci: made pci_bus_is_root a PCIBusClass method hw/pci: made pci_bus_num a PCIBusClass method hw/pci: introduce TYPE_PCI_MAIN_HOST_BRIDGE interface hw/pci: removed 'rootbus nr is 0' assumption from qmp_pci_query hw/pci: implement iteration over multiple host bridges hw/pci: introduce PCI Expander Bridge (PXB) hw/pci: inform bios if the system has more than one pci bridge hw/pci: piix - suport multiple host bridges hw/pxb: add map_irq func hw/pci_bus: add support for NUMA nodes hw/pxb: add numa_node parameter arch_init.c | 1 + hw/acpi/aml-build.c | 75 ++++++ hw/alpha/typhoon.c | 1 + hw/i386/acpi-build.c | 360 ++++++++++++++++++++++++- hw/i386/kvm/pci-assign.c | 1 + hw/i386/pc.c | 13 + hw/mips/gt64xxx_pci.c | 1 + hw/pci-bridge/Makefile.objs | 1 + hw/pci-bridge/pci_expander_bridge.c | 208 +++++++++++++++ hw/pci-host/bonito.c | 1 + hw/pci-host/grackle.c | 1 + hw/pci-host/piix.c | 63 ++++- hw/pci-host/ppce500.c | 1 + hw/pci-host/q35.c | 5 + hw/pci-host/uninorth.c | 1 + hw/pci/Makefile.objs | 2 +- hw/pci/pci.c | 501 +--------------------------------- hw/pci/pci_bus.c | 517 ++++++++++++++++++++++++++++++++++++ hw/pci/pci_host.c | 6 + hw/ppc/ppc4xx_pci.c | 1 + hw/scsi/megasas.c | 1 + hw/sh4/r2d.c | 1 + hw/sh4/sh_pci.c | 1 + hw/vfio/pci.c | 1 + hw/xen/xen_pt.c | 1 + include/hw/acpi/aml-build.h | 8 + include/hw/pci/pci.h | 6 +- include/hw/pci/pci_bus.h | 35 +++ include/hw/pci/pci_host.h | 11 + include/sysemu/sysemu.h | 1 + 30 files changed, 1317 insertions(+), 509 deletions(-) create mode 100644 hw/pci-bridge/pci_expander_bridge.c create mode 100644 hw/pci/pci_bus.c -- 2.1.0

3 44

Re: [SeaBIOS] [PATCH 0/2] reproducible builds
by Kevin O'Connor March 8, 2015

March 8, 2015

On Sat, Mar 07, 2015 at 09:46:03PM +0100, Alexander Couzens wrote: > On Sat, 7 Mar 2015 14:19:11 -0500 > Kevin O'Connor <kevin(a)koconnor.net> wrote: > > > FYI, there was a thread on this just a few weeks ago: > > > > http://www.seabios.org/pipermail/seabios/2015-February/008603.html > > > > -Kevin > > Thanks! > What's your reason for not having reproducible as default? On trouble reports, the date and hostname are an indicator of whether or not the build was a local build or distribution build, and it provides some information to backtrack to the gcc/binutils versions of the build if necessary. The date/hostname clearly isn't a great solution to the above, but it's better than nothing. > Otherwise there is an intermediate approach: > - when the git tree is clean, use git commit as datesource > - if git tree is dirty use the local date. That would certainly work to replace the time (hhmmss). Please keep the mailing list on the CC. Thanks, -Kevin

1 0

[PATCH 0/2] reproducible builds
by Alexander Couzens March 7, 2015

March 7, 2015

Hi, here are two patches which makes reproducible builds possible. Best, lynxis Alexander Couzens (2): buildversion.sh: remove build hostname from version buildversion.h: use the last git commit as timestamp if available scripts/buildversion.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 2.3.1

2 3