[SeaBIOS] Saving a few bytes across a reboot

Stefan Berger stefanb at linux.vnet.ibm.com
Wed Jan 10 21:16:39 CET 2018 

On 01/10/2018 10:19 AM, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
>> BTW, from the "TCG PC Client Platform TPM Profile (PTP) Specification",
>> it seems like the FIFO (TIS) interface is hard-coded *in the spec* at
>> FED4_0000h – FED4_4FFFh. So we don't even have to make that dynamic.
>>
>> Regarding CRB (as an alternative to TIS+Cancel), I'm trying to wrap my
>> brain around the exact resources that the CRB interface requries.
>> Marc-André, can you summarize those?
> The device is a relatively simple MMIO-only device on the sysbus:
> https://github.com/stefanberger/qemu-tpm/commit/2f9d06f93b285d4b39966a80867584c487035db9#diff-1ef22a0d46031cf2701a185aed8ae40eR282
>
> The region is registered at the same address as TIS (it's not entirely clear from the spec it is supposed to be there, but my laptop tpm use the same). And it uses a size of 0x1000, although it's also unclear to me what should be the size of the command buffer (that size can also be defined at run-time now, iirc, I should adapt the code).

In the PTP spec. page 99: the I/O buffer is located from offsets 0x80 - 
0xfff. This gives is a maximum of 3968 bytes. That's what you seem to be 
implementing.


https://www.trustedcomputinggroup.org/wp-content/uploads/PCClientPlatform-TPM-Profile-for-TPM-2-0-v1-03-20-161114_public-review.pdf

You are already calling:

tpm_backend_startup_tpm(s->tpmbe, CRB_CTRL_CMD_SIZE);

What you may want to do is like the TIS:

     s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->be_driver),
                             CRB_CTRL_CMD_SIZE);

     [...]

     tpm_backend_startup_tpm(s->tpmbe, se->be_buffer_size);


>
> My experiments so far running some Windows tests indicate that for TPM2, CRB+UEFI is required (and I managed to get an ovmf build with TPM2 support). A few test failed, it seems the "Physical Presence Interface" (PPI) is also required. I think that ACPI interface allows to run TPM commands during reboot, by having the firmware taking care of the security aspects. I think that's what Stefan is working on for Seabios and the safe memory region (sorry I haven't read the whole discussion, as I am not working on TPM atm)

I am working on the PPI thing.

>
> thanks
>
>

More information about the SeaBIOS mailing list