[SeaBIOS] [PATCH v10 0/6] Add TPM support to SeaBIOS

Stefan Berger stefanb at linux.vnet.ibm.com
Mon Mar 23 19:22:14 CET 2015 

This is a repost of a series of patches providing TPM support to SeaBIOS.

As an addition, this patch series now works on the Acer C720 Chromebook
with limitations (S3 not getting invoked; no logging into TCPA table).

The patch series cleanly applies to a checkout of b4581224.


The following set of patches add TPM and Trusted Computing support to SeaBIOS.
In particular the patches add:

- a TPM driver for the Qemu's TPM TIS emulation
- Support for initialzation of the TPM
- init of TCPA logging table
- Support for the TCG BIOS extensions (1ah handler [ah = 0xbb])
  (used by trusted grub; http://trousers.sourceforge.net/grub.html)
- Static Root of Trusted for Measurement (SRTM) support
- Support for S3 resume (sends command to TPM upon resume)
- Support for sending control messages from the OS to the BIOS
  and have the BIOS control certain life-cycle aspects of the TPM
  following those messages
- TPM-specific menu for controlling aspects of the TPM

All implementations necessarily follow specifications.

When all patches are applied the following services are available
- SSDT ACPI table for TPM support
- initialization of the TPM upon VM start and S3 resume
- Static root of trust for measurements (SRTM) that measures (some) data
  of SeaBIOS in TCPA ACPI table
- 1ah interrupt handler offering APIs for measuring and sending commands to
  the TPM (trusted grub uses them)
- With an extensions to QEMU's TPM SSDT: The root user in Linux (for example)
  can send the above mentioned control messages to the BIOS and have the
  BIOS act upon them
- User menu for controlling aspects of the state of the TPM


Stefan Berger (6):
  Add an implementation of a TPM TIS driver
  Implementation of the TCG BIOS extensions
  Support for BIOS interrupt handler
  Add 'measurement' code to the BIOS
  Support for TPM Physical Presence Interface
  Add a menu for TPM control

 Makefile             |    5 +-
 src/Kconfig          |    7 +
 src/boot.c           |   27 +-
 src/cdrom.c          |   11 +
 src/clock.c          |   13 +
 src/config.h         |    1 +
 src/hw/tpm_drivers.c |  291 +++++++
 src/hw/tpm_drivers.h |   90 +++
 src/optionroms.c     |    4 +
 src/post.c           |   14 +
 src/resume.c         |    3 +
 src/sha1.c           |  145 ++++
 src/sha1.h           |    8 +
 src/std/acpi.h       |   20 +
 src/tcgbios.c        | 2186 ++++++++++++++++++++++++++++++++++++++++++++++++++
 src/tcgbios.h        |  454 +++++++++++
 src/util.h           |    2 +
 src/x86.h            |    7 +
 18 files changed, 3283 insertions(+), 5 deletions(-)
 create mode 100644 src/hw/tpm_drivers.c
 create mode 100644 src/hw/tpm_drivers.h
 create mode 100644 src/sha1.c
 create mode 100644 src/sha1.h
 create mode 100644 src/tcgbios.c
 create mode 100644 src/tcgbios.h

-- 
1.9.3

More information about the SeaBIOS mailing list