Re: [Qemu-devel] [PATCH v2 3/6] Support Physical Presence Interface Spec
From:
Stefan Berger
Subject:
Re: [Qemu-devel] [PATCH v2 3/6] Support Physical Presence Interface Spec
Date:
Fri, 8 May 2015 14:02:33 -0400
Stefan Berger <address@hidden> wrote
on 05/08/2015 12:15:17 PM:
> From: Stefan Berger <address@hidden> > To: address@hidden, address@hidden > Cc: address@hidden, address@hidden, Stefan
Berger/Watson/
> address@hidden, address@hidden, Stefan Berger <address@hidden> > Date: 05/08/2015 12:15 PM > Subject: [PATCH v2 3/6] Support Physical Presence
Interface Spec >
> For automated management of a TPM device, implement the TCG Physical
Presence
> Interface Specification that allows a root user on Linux (for example)
to set
> an opcode for a sequence of TPM operations that the BIOS is supposedto
execute
> upon reboot of the physical or virtual machine. A sequence of
> operations may for
> example involve giving up ownership of the TPM and activating and
enabling the
> device.
>
> The sequences of operations are defined in table 2 in the specs to
be found
> at the following link:
>
> http://www.trustedcomputinggroup.org/resources/
> tcg_physical_presence_interface_specification
>
> As an example, in recent versions of Linux the opcode (5) can be set
as
> follows:
>
> cd /sys/devices/pnp0/00\:04/ppi
>
> echo 5 > request
>
> This ACPI implementation assumes that the underlying firmware (SeaBIOS)
> has 'thrown an anchor' into the f-segment. The anchor is identified
by
> two signatures (TCG_MAGIC) surrounding a 64bit pointer. The structure
> in the f-segment is write-protected and holds a pointer to a structure
> in high memmory area where the ACPI code writes the opcode into and
> where it can read the last response from the BIOS.
>
> The supported opcodes are 1-11, 14, and 21-22. (see table 2 in spec)
> Also '0' is supported to 'clear' an intention.
>