On 09/29/2017 07:10 AM, Amarnath Valluri wrote:
This change introduces a new TPM backend driver that can
communicate with
swtpm(software TPM emulator) using unix domain socket interface.
QEMU talks to
TPM emulator using QEMU's socket-based chardev backend device.
Swtpm uses two Unix sockets for communications, one for plain TPM
commands and
responses, and one for out-of-band control messages. QEMU passes
data socket to
be used over the control channel.
The swtpm and associated tools can be found here:
https://github.com/stefanberger/swtpm
The swtpm's control channel protocol specification can be found
here:
https://github.com/stefanberger/swtpm/wiki/Control-Channel-Spe
cification
Usage:
# setup TPM state directory
mkdir /tmp/mytpm
chown -R tss:root /tmp/mytpm
/usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
To run this, one needs the latest version of swtpm that supports the
file descriptor passing.
Then one can start the swtpm like this:
swtpm socket --tpmstate dir=/tmp/mytpm --ctrl
type=unixio,path=/tmp/swtpm-sock --log level=20
I tested the SeaBIOS menu items so far and that works fine, also for
TPM2 (--tpm2).