This is a repost of a series of patches providing TPM support to SeaBIOS.
As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table).
The patch series cleanly applies to a checkout of a1ac8861.
The following set of patches add TPM and Trusted Computing support to SeaBIOS. In particular the patches add:
- a TPM driver for the Qemu's TPM TIS emulation - Support for initialzation of the TPM - init of TCPA logging table - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) (used by trusted grub; http://trousers.sourceforge.net/grub.html) - Static Root of Trusted for Measurement (SRTM) support - Support for S3 resume (sends command to TPM upon resume) - Support for sending control messages from the OS to the BIOS and have the BIOS control certain life-cycle aspects of the TPM following those messages - TPM-specific menu for controlling aspects of the TPM
All implementations necessarily follow specifications.
When all patches are applied the following services are available - SSDT ACPI table for TPM support - initialization of the TPM upon VM start and S3 resume - Static root of trust for measurements (SRTM) that measures (some) data of SeaBIOS in TCPA ACPI table - 1ah interrupt handler offering APIs for measuring and sending commands to the TPM (trusted grub uses them) - With an extensions to QEMU's TPM SSDT: The root user in Linux (for example) can send the above mentioned control messages to the BIOS and have the BIOS act upon them - User menu for controlling aspects of the state of the TPM
Stefan Berger (6): Add an implementation of a TPM TIS driver Implementation of the TCG BIOS extensions Support for BIOS interrupt handler Add 'measurement' code to the BIOS Support for TPM Physical Presence Interface Add a menu for TPM control
Makefile | 5 +- src/Kconfig | 7 + src/boot.c | 28 +- src/cdrom.c | 11 + src/clock.c | 12 + src/config.h | 1 + src/hw/tpm_drivers.c | 291 +++++++ src/hw/tpm_drivers.h | 90 +++ src/optionroms.c | 4 + src/post.c | 12 + src/resume.c | 2 + src/sha1.c | 145 ++++ src/sha1.h | 8 + src/std/acpi.h | 20 + src/tcgbios.c | 2181 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/tcgbios.h | 456 +++++++++++ src/util.h | 2 + src/x86.h | 7 + 18 files changed, 3277 insertions(+), 5 deletions(-) create mode 100644 src/hw/tpm_drivers.c create mode 100644 src/hw/tpm_drivers.h create mode 100644 src/sha1.c create mode 100644 src/sha1.h create mode 100644 src/tcgbios.c create mode 100644 src/tcgbios.h