[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] docs: Update TPM documentation for usage of a TPM 2
From: |
Marc-André Lureau |
Subject: |
Re: [PATCH] docs: Update TPM documentation for usage of a TPM 2 |
Date: |
Tue, 27 Sep 2022 17:04:33 +0400 |
On Tue, Sep 27, 2022 at 4:21 PM Stefan Berger <stefanb@linux.ibm.com> wrote:
>
> Update the TPM documentation for usage of a TPM 2 rather than a TPM 1.2.
> Adjust the command lines and expected outputs inside the VM accordingly.
> Update the command line to start a TPM 2 with swtpm.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> docs/specs/tpm.rst | 44 ++++++++++++++++++++++++--------------------
> 1 file changed, 24 insertions(+), 20 deletions(-)
>
> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
> index 3be190343a..535912a92b 100644
> --- a/docs/specs/tpm.rst
> +++ b/docs/specs/tpm.rst
> @@ -250,24 +250,25 @@ hardware TPM ``/dev/tpm0``:
>
> The following commands should result in similar output inside the VM
> with a Linux kernel that either has the TPM TIS driver built-in or
> -available as a module:
> +available as a module (assuming a TPM 2 is passed through):
>
> .. code-block:: console
>
> # dmesg | grep -i tpm
> - [ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
> -
> - # dmesg | grep TCPA
> - [ 0.000000] ACPI: TCPA 0x0000000003FFD191C 000032 (v02 BOCHS \
> - BXPCTCPA 0000001 BXPC 00000001)
> + [ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
> + BXPC 0000001 BXPC 00000001)
>
> # ls -l /dev/tpm*
> - crw-------. 1 root root 10, 224 Jul 11 10:11 /dev/tpm0
> + crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
> + crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
>
> - # find /sys/devices/ | grep pcrs$ | xargs cat
> - PCR-00: 35 4E 3B CE 23 9F 38 59 ...
> + Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
> + # find /sys/devices/ -type f | grep pcr-sha
> + ...
> + /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
> + ...
> + /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
> ...
> - PCR-23: 00 00 00 00 00 00 00 00 ...
>
> The QEMU TPM emulator device
> ----------------------------
> @@ -304,6 +305,7 @@ a socket interface. They do not need to be run as root.
> mkdir /tmp/mytpm1
> swtpm socket --tpmstate dir=/tmp/mytpm1 \
> --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
> + --tpm2 \
> --log level=20
>
> Command line to start QEMU with the TPM emulator device communicating
> @@ -365,19 +367,20 @@ available as a module:
> .. code-block:: console
>
> # dmesg | grep -i tpm
> - [ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
> -
> - # dmesg | grep TCPA
> - [ 0.000000] ACPI: TCPA 0x0000000003FFD191C 000032 (v02 BOCHS \
> - BXPCTCPA 0000001 BXPC 00000001)
> + [ 0.012560] ACPI: TPM2 0x000000000BFFD1900 00004C (v04 BOCHS \
> + BXPC 0000001 BXPC 00000001)
>
> # ls -l /dev/tpm*
> - crw-------. 1 root root 10, 224 Jul 11 10:11 /dev/tpm0
> + crw-rw----. 1 tss root 10, 224 Sep 6 12:36 /dev/tpm0
> + crw-rw----. 1 tss rss 253, 65536 Sep 6 12:36 /dev/tpmrm0
>
> - # find /sys/devices/ | grep pcrs$ | xargs cat
> - PCR-00: 35 4E 3B CE 23 9F 38 59 ...
> + Starting with Linux 5.12 there are PCR entries for TPM 2 in sysfs:
> + # find /sys/devices/ -type f | grep pcr-sha
> + ...
> + /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/1
> + ...
> + /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
> ...
> - PCR-23: 00 00 00 00 00 00 00 00 ...
>
> Migration with the TPM emulator
> ===============================
> @@ -398,7 +401,8 @@ In a 1st terminal start an instance of a swtpm using the
> following command:
> mkdir /tmp/mytpm1
> swtpm socket --tpmstate dir=/tmp/mytpm1 \
> --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
> - --log level=20 --tpm2
> + --tpm2 \
> + --log level=20
>
> In a 2nd terminal start the VM:
>
> --
> 2.37.2
>