From nobody Thu Aug 17 07:08:54 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RRGMC0vQjz4qKS7; Thu, 17 Aug 2023 07:08:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RRGMC0D01z3dg7; Thu, 17 Aug 2023 07:08:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692256135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OWIQAP1KhUAxnFEc1r0jfkbeGFVKfehwQnvHYwnlEr8=; b=W+YkEJv87Jt/IwEvrXM66HKZbvpQkd1HM+5XF3BNPBHqfaG2Wn5I1F8fre6yvd2ricyDg/ qrahlQAYzNUcioRJBZ+icEgETUw5m85m1lZXVrgvjVQ+D9ydPoSyUqI2YkKlEazJl+mXu9 ZTonK2sXMA8rNKWuK2bJHdakIKtAzt1X1bxN90vEUNgCze0dZ7e7jgbxxkxjwT0Sr+Mc50 5YT5feRdM7LENx80ZGxz8ll5d+9SYhOdB2FkMASEjNVjh7LkU1cRM4i8GDiPor53Pb6C9i mgct1XQ0tpOHux1etacdKCLR3Y3Yt4lrUv1lJ+jdRplXX1kV4UsHmuTEQCV2jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692256135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OWIQAP1KhUAxnFEc1r0jfkbeGFVKfehwQnvHYwnlEr8=; b=htKgWH5Y5dCGxEuofGWYzhWYMt+mlWqE/BEIEopAimMNkDhQ9S9PUi17hNfnQdmP5+Ju3l yL39YHUu43615DLKPdGtv+5z8rAHCFi8+Xsln/2yOavucisw00lvN/Mf8ecaHoiVIOf6ld B36262G6hczmcN3Qs871FEtzIgU8ieNJYp+1jt/NeJDYR3BX334tnj6D4dRBi9ftB/tnR7 oUT4+CiIsM00uDE+Tmyo+PUAA6GMsxF7mb8VrLA6S6S/djjadIOPSqN3i7p62sJZ26cw/6 1GgLgnosRa6lT2X3M2sah6Q0+WnSccN28yBawHPF1+hZyp/etHy63fnwkPxFtw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692256135; a=rsa-sha256; cv=none; b=LDQs6wADixTHivdrMwFXP5yO8K/I2jyoMB+PSz89ika4eHSP2JCLgRVObhAPcZZvaXV2eH QIYz73R7K60wuKeyHZh4WuK7ZP0hqKLpGGbAgyS5mKaY64+0E5egJNsbPeKOtARDtruJ7B 68A0O+tJ8FDNgs6gW8rkSTVRWz688tsQa73on6BhE5v0PI7LEY8VAWIalup2eR5QJ4k7dJ 4+IfthMWqRG7oD6dolG8yBghkNTEDAaJslwyYEaJYoMUvnMxk+ErTAlblzZMNqU0DpDNVx zWdolSv7gZMkZJZnwKxvB4FZJ3IGtNhRx2gHlgJpAZdjqoVa3KEkoNWFoJY8lw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RRGMB6Gvhz8dC; Thu, 17 Aug 2023 07:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37H78sQX097434; Thu, 17 Aug 2023 07:08:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37H78s4a097431; Thu, 17 Aug 2023 07:08:54 GMT (envelope-from git) Date: Thu, 17 Aug 2023 07:08:54 GMT Message-Id: <202308170708.37H78s4a097431@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Corvin =?utf-8?Q?K=C3=B6hne?= Subject: git: 67c26eb2a57c - main - bhyve: add cmdline option for TPM emulation List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: corvink X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 67c26eb2a57cd1f103d77db3b894a25f4bc10402 Auto-Submitted: auto-generated The branch main has been updated by corvink: URL: https://cgit.FreeBSD.org/src/commit/?id=67c26eb2a57cd1f103d77db3b894a25f4bc10402 commit 67c26eb2a57cd1f103d77db3b894a25f4bc10402 Author: Corvin Köhne AuthorDate: 2021-10-07 14:20:37 +0000 Commit: Corvin Köhne CommitDate: 2023-08-17 06:17:59 +0000 bhyve: add cmdline option for TPM emulation At the moment, only a TPM passthru is supported. The cmdline looks like: -l tpm,passthru,/dev/tpm0 Reviewed by: markj MFC after: 1 week Sponsored by: Beckhoff Automation GmbH & Co. KG Differential Revision: https://reviews.freebsd.org/D32961 --- usr.sbin/bhyve/bhyve.8 | 39 +++++++++++++++++++++++++++++++++++++++ usr.sbin/bhyve/bhyve_config.5 | 9 +++++++++ usr.sbin/bhyve/bhyverun.c | 5 +++++ usr.sbin/bhyve/pci_lpc.c | 25 ++++++++++++++++++++++++- usr.sbin/bhyve/tpm_device.c | 22 ++++++++++++++++++++++ usr.sbin/bhyve/tpm_device.h | 2 ++ 6 files changed, 101 insertions(+), 1 deletion(-) diff --git a/usr.sbin/bhyve/bhyve.8 b/usr.sbin/bhyve/bhyve.8 index 2979f90d34cf..7eddeec4647a 100644 --- a/usr.sbin/bhyve/bhyve.8 +++ b/usr.sbin/bhyve/bhyve.8 @@ -215,6 +215,8 @@ The only supported devices are the TTY-class devices .Cm com1 , com2 , com3 , and .Cm com4 , +the TPM module +.Cm tpm , the boot ROM device .Cm bootrom , the @@ -538,6 +540,23 @@ process. Use the host TTY device for serial port I/O. .El .Pp +TPM device backends: +.Bl -tag -width 10n +.It Ar type Ns \&, Ns Ar path Ns Op Cm \&, Ns Ar tpm-device-options +Emulate a TPM device. +.El +.Pp +The +.Ar tpm-device-options +are: +.Bl -tag -width 10n +.It Cm version= Ns Ar version +Version of the TPM device according to the TCG specification. +Defaults to +.Cm 2.0 +.El +.El +.Pp Boot ROM device backends: .Bl -tag -width 10n .It Ar romfile Ns Op Cm \&, Ns Ar varfile @@ -623,6 +642,26 @@ The host device must have been reserved at boot-time using the loader variable as described in .Xr vmm 4 . .Pp +TPM devices: +.Bl -tag -width 10n +.It Ns Ar type +Specifies the type of the TPM device. +.Pp +Supported types: +.Bl -tag -width 10n +.It Cm passthru +.El +.It Cm version= Ns Ar version +The +.Ar version +of the emulated TPM device according to the TCG specification. +.Pp +Supported versions: +.Bl -tag -width 10n +.It Cm 2.0 +.El +.El +.Pp Virtio console device backends: .Bl -bullet .Sm off diff --git a/usr.sbin/bhyve/bhyve_config.5 b/usr.sbin/bhyve/bhyve_config.5 index 8063df763689..d074d4503894 100644 --- a/usr.sbin/bhyve/bhyve_config.5 +++ b/usr.sbin/bhyve/bhyve_config.5 @@ -139,6 +139,15 @@ Specify the keyboard layout name with the file name in This value only works when loaded with UEFI mode for VNC, and used a VNC client that don't support QEMU Extended Key Event Message (e.g. TightVNC). +.It Va tpm.path Ta string Ta Ta +Path to the host TPM device. +This is typically /dev/tpm0. +.It Va tpm.type Ta string Ta Ta +Type of the TPM device passed to the guest. +Currently, only "passthru" is supported. +.It Va tpm.version Ta string Ta 2.0 Ta +Version of the TPM device according to the TCG specification. +Currently, only version 2.0 is supported. .It Va rtc.use_localtime Ta bool Ta true Ta The real time clock uses the local time of the host. If this is set to false, the real time clock uses UTC. diff --git a/usr.sbin/bhyve/bhyverun.c b/usr.sbin/bhyve/bhyverun.c index 384c469f9ce7..3d32bfd35408 100644 --- a/usr.sbin/bhyve/bhyverun.c +++ b/usr.sbin/bhyve/bhyverun.c @@ -103,6 +103,7 @@ #ifdef BHYVE_SNAPSHOT #include "snapshot.h" #endif +#include "tpm_device.h" #include "xmsr.h" #include "spinup_ap.h" #include "rtc.h" @@ -1474,6 +1475,10 @@ main(int argc, char *argv[]) perror("device emulation initialization error"); exit(4); } + if (init_tpm(ctx) != 0) { + fprintf(stderr, "Failed to init TPM device"); + exit(4); + } /* * Initialize after PCI, to allow a bootrom file to reserve the high diff --git a/usr.sbin/bhyve/pci_lpc.c b/usr.sbin/bhyve/pci_lpc.c index ebda61aaea60..2ff9bbc27774 100644 --- a/usr.sbin/bhyve/pci_lpc.c +++ b/usr.sbin/bhyve/pci_lpc.c @@ -49,6 +49,7 @@ #include "pci_lpc.h" #include "pci_passthru.h" #include "pctestdev.h" +#include "tpm_device.h" #include "uart_emul.h" #define IO_ICU1 0x20 @@ -93,7 +94,7 @@ lpc_device_parse(const char *opts) { int unit, error; char *str, *cpy, *lpcdev, *node_name; - const char *romfile, *varfile; + const char *romfile, *varfile, *tpm_type, *tpm_path; error = -1; str = cpy = strdup(opts); @@ -124,6 +125,27 @@ lpc_device_parse(const char *opts) error = 0; goto done; } + if (strcasecmp(lpcdev, "tpm") == 0) { + nvlist_t *nvl = create_config_node("tpm"); + + tpm_type = strsep(&str, ","); + if (tpm_type == NULL) { + errx(4, "invalid tpm type \"%s\"", opts); + } + set_config_value_node(nvl, "type", tpm_type); + + tpm_path = strsep(&str, ","); + if (tpm_path == NULL) { + errx(4, "invalid tpm path \"%s\"", opts); + } + set_config_value_node(nvl, "path", tpm_path); + + pci_parse_legacy_config(find_config_node("tpm"), str); + + set_config_value_node_if_unset(nvl, "version", "2.0"); + error = 0; + goto done; + } for (unit = 0; unit < LPC_UART_NUM; unit++) { if (strcasecmp(lpcdev, lpc_uart_names[unit]) == 0) { asprintf(&node_name, "lpc.%s.path", @@ -157,6 +179,7 @@ lpc_print_supported_devices(void) printf("bootrom\n"); for (i = 0; i < LPC_UART_NUM; i++) printf("%s\n", lpc_uart_names[i]); + printf("tpm\n"); printf("%s\n", pctestdev_getname()); } diff --git a/usr.sbin/bhyve/tpm_device.c b/usr.sbin/bhyve/tpm_device.c index 4c40db419380..3a4a8c577345 100644 --- a/usr.sbin/bhyve/tpm_device.c +++ b/usr.sbin/bhyve/tpm_device.c @@ -232,3 +232,25 @@ err_out: return (error); } + +static struct tpm_device *lpc_tpm; + +int +init_tpm(struct vmctx *ctx) +{ + nvlist_t *nvl; + int error; + + nvl = find_config_node("tpm"); + if (nvl == NULL) + return (0); + + error = tpm_device_create(&lpc_tpm, ctx, nvl); + if (error) { + warnx("%s: unable to create a TPM device (%d)", + __func__, error); + return (error); + } + + return (0); +} diff --git a/usr.sbin/bhyve/tpm_device.h b/usr.sbin/bhyve/tpm_device.h index a17c85c2ed47..0dd4c27999df 100644 --- a/usr.sbin/bhyve/tpm_device.h +++ b/usr.sbin/bhyve/tpm_device.h @@ -16,3 +16,5 @@ struct tpm_device; int tpm_device_create(struct tpm_device **new_dev, struct vmctx *vm_ctx, nvlist_t *nvl); void tpm_device_destroy(struct tpm_device *dev); + +int init_tpm(struct vmctx *ctx);