Lines Matching full:tpm
4 QEMU TPM Device
13 The QEMU TPM emulation implements a TPM TIS hardware interface
15 Specific TPM Interface Specification (TIS)", Specification Version
22 QEMU files related to TPM TIS interface:
23 - ``hw/tpm/tpm_tis_common.c``
24 - ``hw/tpm/tpm_tis_isa.c``
25 - ``hw/tpm/tpm_tis_sysbus.c``
26 - ``hw/tpm/tpm_tis_i2c.c``
27 - ``hw/tpm/tpm_tis.h``
34 based emulation machines. This device only supports the TPM 2 protocol.
39 QEMU also implements a TPM CRB interface following the Trusted
40 Computing Group's specification "TCG PC Client Platform TPM Profile
48 QEMU files related to TPM CRB interface:
49 - ``hw/tpm/tpm_crb.c``
54 pSeries (ppc64) machines offer a tpm-spapr device model.
57 - ``hw/tpm/tpm_spapr.c``
62 The bios/firmware may read the ``"etc/tpm/config"`` fw_cfg entry for
78 uint8_t tpm_version; /* TPM version */
85 The TPM device is defined with ACPI ID "PNP0C31". QEMU builds a SSDT
95 buffer where the firmware can write its log into. For TPM 2 only a
107 QEMU supports the Physical Presence Interface (PPI) for TPM 1.2 and
108 TPM 2. This interface requires ACPI and firmware support. (see the
112 the TPM upon reboot. The PPI specification defines the operation
117 number and sends commands to the TPM. The firmware writes the TPM
190 QEMU files related to TPM ACPI tables:
192 - ``include/hw/acpi/tpm.h``
194 TPM backend devices
197 The TPM implementation is split into two parts, frontend and
198 backend. The frontend part is the hardware interface, such as the TPM
199 TIS interface described earlier, and the other part is the TPM backend
200 interface. The backend interfaces implement the interaction with a TPM
206 QEMU files related to TPM backends:
207 - ``backends/tpm.c``
208 - ``include/system/tpm.h``
211 The QEMU TPM passthrough device
215 possible to make the hardware TPM device available to a single QEMU
220 The passthrough driver uses the host's TPM device for sending TPM
222 TPM device's sysfs entry for support of command cancellation. Since
223 none of the state of a hardware TPM can be migrated between hosts,
224 virtual machine migration is disabled when the TPM passthrough driver
227 Since the host's TPM device will already be initialized by the host's
230 the firmware should not use the TPM.
233 scenario for a TPM device. The primary reason for this is that two
240 QEMU files related to the TPM passthrough device:
241 - ``backends/tpm/tpm_passthrough.c``
242 - ``backends/tpm/tpm_util.c``
246 Command line to start QEMU with the TPM passthrough device using the host's
247 hardware TPM ``/dev/tpm0``:
254 -device tpm-tis,tpmdev=tpm0 test.img
258 with a Linux kernel that either has the TPM TIS driver built-in or
259 available as a module (assuming a TPM 2 is passed through):
263 # dmesg | grep -i tpm
267 # ls -l /dev/tpm*
271 Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
274 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
276 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
279 The QEMU TPM emulator device
282 The TPM emulator device uses an external TPM emulator called 'swtpm'
283 for sending TPM commands to and receiving responses from. The swtpm
285 TPM emulator with QEMU.
287 The TPM emulator implements a command channel for transferring TPM
292 migrating the TPM state, among other things.
294 The swtpm program behaves like a hardware TPM and therefore needs to
298 instrumented to initialize a TPM 1.2 or TPM 2 device using this
301 QEMU files related to the TPM emulator device:
302 - ``backends/tpm/tpm_emulator.c``
303 - ``backends/tpm/tpm_util.c``
317 Command line to start QEMU with the TPM emulator device communicating
326 -device tpm-tis,tpmdev=tpm0 test.img
337 -device tpm-spapr,tpmdev=tpm0 \
351 -device tpm-tis-device,tpmdev=tpm0 \
357 In case a ast2600-evb bmc machine is emulated and you want to use a TPM device
368 -device tpm-tis-i2c,tpmdev=tpm0,bus=aspeed.i2c.bus.12,address=0x2e
374 In case SeaBIOS is used as firmware, it should show the TPM menu item
384 t. TPM Configuration
387 with a Linux kernel that either has the TPM TIS driver built-in or
392 # dmesg | grep -i tpm
396 # ls -l /dev/tpm*
400 Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
403 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
405 /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
408 Migration with the TPM emulator
411 The TPM emulator supports the following types of virtual machine
438 -device tpm-tis,tpmdev=tpm0 \
442 Verify that the attached TPM is working as expected using applications
457 parameters as before. If previously a TPM 2 [--tpm2] was saved, --tpm2
478 -device tpm-tis,tpmdev=tpm0 \
526 - downgrading of TPM state may not be supported
538 …https://trustedcomputinggroup.org/pc-client-work-group-pc-client-specific-tpm-interface-specificat…
541 https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/