Lines Matching +full:- +full:- +full:disable +full:- +full:qed
1 .. _tpm-device:
7 Guest-side hardware interface
11 -------------
20 0xfed40000-0xfed44fff available to the guest operating system.
23 - ``hw/tpm/tpm_tis_common.c``
24 - ``hw/tpm/tpm_tis_isa.c``
25 - ``hw/tpm/tpm_tis_sysbus.c``
26 - ``hw/tpm/tpm_tis_i2c.c``
27 - ``hw/tpm/tpm_tis.h``
37 -------------
45 0xfed40000-0xfed40fff (1 locality) available to the guest
49 - ``hw/tpm/tpm_crb.c``
52 ---------------
54 pSeries (ppc64) machines offer a tpm-spapr device model.
57 - ``hw/tpm/tpm_spapr.c``
65 The entry of 6 bytes has the following content, in little-endian:
67 .. code-block:: c
105 ------------------
125 support on a per-operations basis, and different firmwares may support
128 supports and ACPI can enable the ones that are supported and disable
132 +-------------+--------+--------+-------------------------------------------+
137 +-------------+--------+--------+-------------------------------------------+
140 +-------------+--------+--------+-------------------------------------------+
143 +-------------+--------+--------+-------------------------------------------+
146 +-------------+--------+--------+-------------------------------------------+
150 +-------------+--------+--------+-------------------------------------------+
153 +-------------+--------+--------+-------------------------------------------+
156 +-------------+--------+--------+-------------------------------------------+
159 +-------------+--------+--------+-------------------------------------------+
161 +-------------+--------+--------+-------------------------------------------+
164 +-------------+--------+--------+-------------------------------------------+
166 +-------------+--------+--------+-------------------------------------------+
171 +----------+-------------------------------------------------------------+
175 +----------+-------------------------------------------------------------+
177 +----------+-------------------------------------------------------------+
179 +----------+-------------------------------------------------------------+
181 +----------+-------------------------------------------------------------+
184 +----------+-------------------------------------------------------------+
191 - ``hw/i386/acpi-build.c``
192 - ``include/hw/acpi/tpm.h``
202 between the front- and backend devices allows a frontend to be
207 - ``backends/tpm.c``
208 - ``include/system/tpm.h``
209 - ``include/system/tpm_backend.h``
212 -------------------------------
241 - ``backends/tpm/tpm_passthrough.c``
242 - ``backends/tpm/tpm_util.c``
243 - ``include/system/tpm_util.h``
249 .. code-block:: console
251 qemu-system-x86_64 -display sdl -accel kvm \
252 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
253 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \
254 -device tpm-tis,tpmdev=tpm0 test.img
258 with a Linux kernel that either has the TPM TIS driver built-in or
261 .. code-block:: console
263 # dmesg | grep -i tpm
267 # ls -l /dev/tpm*
268 crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
269 crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
272 # find /sys/devices/ -type f | grep pcr-sha
274 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
276 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
280 ----------------------------
302 - ``backends/tpm/tpm_emulator.c``
303 - ``backends/tpm/tpm_util.c``
304 - ``include/system/tpm_util.h``
309 .. code-block:: console
312 swtpm socket --tpmstate dir=/tmp/mytpm1 \
313 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
314 --tpm2 \
315 --log level=20
320 .. code-block:: console
322 qemu-system-x86_64 -display sdl -accel kvm \
323 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
324 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
325 -tpmdev emulator,id=tpm0,chardev=chrtpm \
326 -device tpm-tis,tpmdev=tpm0 test.img
330 .. code-block:: console
332 qemu-system-ppc64 -display sdl -machine pseries,accel=kvm \
333 -m 1024 -bios slof.bin -boot menu=on \
334 -nodefaults -device VGA -device pci-ohci -device usb-kbd \
335 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
336 -tpmdev emulator,id=tpm0,chardev=chrtpm \
337 -device tpm-spapr,tpmdev=tpm0 \
338 -device spapr-vscsi,id=scsi0,reg=0x00002000 \
339 -device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0 \
340 -drive file=test.img,format=raw,if=none,id=drive-virtio-disk0
344 .. code-block:: console
346 qemu-system-aarch64 -machine virt,gic-version=3,acpi=off \
347 -cpu host -m 4G \
348 -nographic -accel kvm \
349 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
350 -tpmdev emulator,id=tpm0,chardev=chrtpm \
351 -device tpm-tis-device,tpmdev=tpm0 \
352 -device virtio-blk-pci,drive=drv0 \
353 -drive format=qcow2,file=hda.qcow2,if=none,id=drv0 \
354 -drive if=pflash,format=raw,file=flash0.img,readonly=on \
355 -drive if=pflash,format=raw,file=flash1.img
357 In case a ast2600-evb bmc machine is emulated and you want to use a TPM device
360 .. code-block:: console
362 qemu-system-arm -M ast2600-evb -nographic \
363 -kernel arch/arm/boot/zImage \
364 -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \
365 -initrd rootfs.cpio \
366 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
367 -tpmdev emulator,id=tpm0,chardev=chrtpm \
368 -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
372 echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
377 .. code-block:: console
380 1. DVD/CD [ata1-0: QEMU DVD-ROM ATAPI-4 DVD/CD]
387 with a Linux kernel that either has the TPM TIS driver built-in or
390 .. code-block:: console
392 # dmesg | grep -i tpm
396 # ls -l /dev/tpm*
397 crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
398 crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
401 # find /sys/devices/ -type f | grep pcr-sha
403 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
405 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
414 - VM save / restore (migration into a file)
415 - Network migration
416 - Snapshotting (migration into storage like QoW2 or QED)
422 .. code-block:: console
425 swtpm socket --tpmstate dir=/tmp/mytpm1 \
426 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
427 --tpm2 \
428 --log level=20
432 .. code-block:: console
434 qemu-system-x86_64 -display sdl -accel kvm \
435 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
436 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
437 -tpmdev emulator,id=tpm0,chardev=chrtpm \
438 -device tpm-tis,tpmdev=tpm0 \
439 -monitor stdio \
448 .. code-block:: console
457 parameters as before. If previously a TPM 2 [--tpm2] was saved, --tpm2
463 .. code-block:: console
465 swtpm socket --tpmstate dir=/tmp/mytpm1 \
466 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
467 --log level=20 --tpm2
470 '-incoming' option.
472 .. code-block:: console
474 qemu-system-x86_64 -display sdl -accel kvm \
475 -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
476 -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
477 -tpmdev emulator,id=tpm0,chardev=chrtpm \
478 -device tpm-tis,tpmdev=tpm0 \
479 -incoming "exec:cat < testvm.bin" \
483 -------------------------
492 - QEMU command line parameters should be identical apart from the
493 '-incoming' option on VM restore
495 - swtpm command line parameters should be identical
499 - QEMU command line parameters should be identical apart from the
500 '-incoming' option on the destination side
502 - swtpm command line parameters should point to two different
503 directories on the source and destination swtpm (--tpmstate dir=...)
509 - QEMU command line parameters should be identical apart from the
510 '-incoming' option on the destination side
512 - swtpm command line parameters should be identical
515 - QEMU command line parameters should be identical
517 - swtpm command line parameters should be identical
523 - the versions of the swtpm on the source and destination sides are
526 - downgrading of TPM state may not be supported
528 - the source and destination libtpms were compiled with different
529 compile-time options and the destination side refuses to accept the
532 - different migration keys are used on the source and destination side
534 (swtpm ... --migration-key ... )
538 …https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-tpm-interface-specificat…
541 https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/
545 https://trustedcomputinggroup.org/tcg-acpi-specification/
548 https://trustedcomputinggroup.org/resource/tcg-physical-presence-interface-specification/