This is a repost of a series of patches providing TPM support to SeaBIOS.
As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table).
The patch series cleanly applies to a checkout of tags/rel-1.7.5.
The following set of patches add TPM and Trusted Computing support to SeaBIOS. In particular the patches add:
- a TPM driver for the Qemu's TPM TIS emulation (not yet in Qemu git) - ACPI support for the TPM device (SSDT table) - ACPI support for measurement logging (TCPA table) - Support for initialzation of the TPM - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) (used by trusted grub; http://trousers.sourceforge.net/grub.html) - Static Root of Trusted for Measurement (SRTM) support - Support for S3 resume (sends command to TPM upon resume) - TPM-specific menu for controlling aspects of the TPM
All implementations necessarily follow specifications.
When all patches are applied the following services are available - SSDT ACPI table for TPM support - initialization of the TPM upon VM start and S3 resume - Static root of trust for measurements (SRTM) that measures (some) data of SeaBIOS in TCPA ACPI table - 1ah interrupt handler offering APIs for measuring and sending commands to the TPM (trusted grub uses them) - User menu for controlling aspects of the state of the TPM
Stefan Berger (8): Add an implementation of a TPM TIS driver Provide ACPI SSDT table for TPM device + S3 resume support Implementation of the TCG BIOS extensions Support for BIOS interrupt handler Add 'measurement' code to the BIOS Add a menu for TPM control Add a menu item for displaying TPM diagnostics Make the TPM menu work on a Chromebook (Acer C720)
Makefile | 12 +- src/Kconfig | 15 + src/boot.c | 28 +- src/cdrom.c | 10 + src/clock.c | 12 + src/config.h | 1 + src/fw/acpi-tpm-ssdt.dsl | 24 + src/fw/acpi-tpm-ssdt.hex | 27 + src/fw/acpi.c | 41 + src/hw/tpm_drivers.c | 273 ++++++ src/hw/tpm_drivers.h | 91 ++ src/optionroms.c | 4 + src/post.c | 9 + src/resume.c | 2 + src/sha1.c | 145 +++ src/sha1.h | 8 + src/std/acpi.h | 20 + src/tcgbios.c | 2208 ++++++++++++++++++++++++++++++++++++++++++++++ src/tcgbios.h | 431 +++++++++ src/util.h | 32 + 20 files changed, 3388 insertions(+), 5 deletions(-) create mode 100644 src/fw/acpi-tpm-ssdt.dsl create mode 100644 src/fw/acpi-tpm-ssdt.hex create mode 100644 src/hw/tpm_drivers.c create mode 100644 src/hw/tpm_drivers.h create mode 100644 src/sha1.c create mode 100644 src/sha1.h create mode 100644 src/tcgbios.c create mode 100644 src/tcgbios.h