[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4] hw/misc: Add simple measurement hardware
From: |
Stefan Berger |
Subject: |
Re: [Qemu-devel] [PATCH v4] hw/misc: Add simple measurement hardware |
Date: |
Sun, 11 Sep 2016 20:05:37 -0400 |
Matthew Garrett <address@hidden> wrote on 08/17/2016 03:48:52 PM:
> From: Matthew Garrett <address@hidden>
> To: address@hidden
> Cc: address@hidden, address@hidden, Stefan Berger/Watson/
> address@hidden, Matthew Garrett <address@hidden>
> Date: 08/17/2016 03:49 PM
> Subject: [PATCH v4] hw/misc: Add simple measurement hardware
>
> Trusted Boot is based around having a trusted store of measurement data
and
> a secure communications channel between that store and an attestation
> target. In actual hardware, that's a TPM. Since the TPM can only be
accessed
> via the host system, this in turn requires that the TPM be able to
perform
> reasonably complicated cryptographic functions in order to demonstrate
its
> trusted state.
>
> In cloud environments, qemu is inherently trusted and the hypervisor
> infrastructure provides a trusted mechanism for extracting information
from
> qemu and providing it to another system. This means we can skip the
crypto
> and stick with the basic functionality - ie, providing a trusted store
of
> measurement data.
>
> This driver provides a very small subset of TPM 1.2 functionality in the
> form of a bank of registers that can store SHA1 measurements of boot
> components. Performing a write to one of these registers will append the
new
> 20 byte hash to the 20 bytes currently stored within the register, take
a
> SHA1 of this 40 byte value and then replace the existing register
contents
> with the new value. This ensures that a given value can only be obtained
by
> performing the same sequence of writes. It also adds a monitor command
to
> allow an external agent to extract this information from the running
system
> and provide it over a secure communications channel. Finally, it
measures
> each of the loaded ROMs into one of the registers at reset time.
>
> In combination with work in SeaBIOS and the kernel, this permits a fully
> measured boot in a virtualised environment without the overhead of a
full
> TPM implementation.
>
> This version of the implementation depends on port io, but if there's
> interest I'll add mmio as well.
>
> Signed-off-by: Matthew Garrett <address@hidden>
> ---
>
> Updated based on David's feedback.
>
> default-configs/x86_64-softmmu.mak | 1 +
> hmp-commands-info.hx | 14 ++
> hmp.c | 16 ++
> hmp.h | 1 +
> hw/core/loader.c | 12 ++
> hw/i386/acpi-build.c | 29 +++-
> hw/misc/Makefile.objs | 1 +
> hw/misc/measurements.c | 328 ++++++++++++++++++++++++++
> +++++++++++
> hw/misc/measurements.h | 5 +
> hw/tpm/tpm_tis.c | 5 +
There shouldn't be a change to tpm_tis.c since this is just one specific
front end of possibly different one. I think the mutual exclusion test
should go into more common code: tpm.c:tpm_init()
- Re: [Qemu-devel] [PATCH v4] hw/misc: Add simple measurement hardware,
Stefan Berger <=