diff options
| author | Amarnath Valluri <amarnath.valluri@intel.com> | 2017-09-29 14:10:20 +0300 |
|---|---|---|
| committer | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2017-10-13 07:34:33 -0400 |
| commit | f4ede81eed29e6140374177d1f2808248c5b5650 (patch) | |
| tree | e4d15d8decf07865b35c0ad01e64ef152bcf853f /qemu-options.hx | |
| parent | 4a3d80980ebf71d8faf9d0ce2e2e23bdda5728df (diff) | |
tpm: Added support for TPM emulator
This change introduces a new TPM backend driver that can communicate with
swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
the TPM emulator using QEMU's socket-based chardev backend device.
Swtpm uses two Unix sockets for communications, one for plain TPM commands and
responses, and one for out-of-band control messages. QEMU passes the data
socket to be used over the control channel.
The swtpm and associated tools can be found here:
https://github.com/stefanberger/swtpm
The swtpm's control channel protocol specification can be found here:
https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification
Usage:
# setup TPM state directory
mkdir /tmp/mytpm
chown -R tss:root /tmp/mytpm
/usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
# Ask qemu to use TPM emulator with given tpm state directory
qemu-system-x86_64 \
[...] \
-chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
[...]
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index 981742d191..3728e9b4dd 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -3121,7 +3121,9 @@ DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n" " use path to provide path to a character device; default is /dev/tpm0\n" " use cancel-path to provide path to TPM's cancel sysfs entry; if\n" - " not provided it will be searched for in /sys/class/misc/tpm?/device\n", + " not provided it will be searched for in /sys/class/misc/tpm?/device\n" + "-tpmdev emulator,id=id,chardev=dev\n" + " configure the TPM device using chardev backend\n", QEMU_ARCH_ALL) STEXI @@ -3130,8 +3132,8 @@ The general form of a TPM device option is: @item -tpmdev @var{backend} ,id=@var{id} [,@var{options}] @findex -tpmdev -Backend type must be: -@option{passthrough}. +Backend type must be either one of the following: +@option{passthrough}, @option{emulator}. The specific backend type will determine the applicable options. The @code{-tpmdev} option creates the TPM backend and requires a @@ -3181,6 +3183,20 @@ To create a passthrough TPM use the following two options: Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by @code{tpmdev=tpm0} in the device option. +@item -tpmdev emulator, id=@var{id}, chardev=@var{dev} + +(Linux-host only) Enable access to a TPM emulator using Unix domain socket based +chardev backend. + +@option{chardev} specifies the unique ID of a character device backend that provides connection to the software TPM server. + +To create a TPM emulator backend device with chardev socket backend: +@example + +-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 + +@end example + @end table ETEXI |