[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] acpi: Add TPM2 interface definition and make the TPM version configurable.


  • To: Jason Andryuk <jandryuk@xxxxxxxxx>, Jennifer Herbert <jennifer.herbert@xxxxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 6 Sep 2022 09:03:31 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1662469415; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=R8Vmmbujb9hQkdWWvzPye+jAnykUiJ8pcszJcQ2IX64=; b=k++Glc7bTZWx+RbgMkLSI1IHy/iiP4amJVo5zTbml88hwJO2EEyq3s4lKGmtylMjQoiUAf/n1HepFWCetOeirZ24VpIAzIkqEafZsyiycPamqJ7Xh/gqGJWJ7Qr2vWd4T76w9V/ifaQqgfI/Qa5vfFKcKubdYb2lrH166WQA5bM=
  • Arc-seal: i=1; a=rsa-sha256; t=1662469415; cv=none; d=zohomail.com; s=zohoarc; b=dQNZZNMBVGr0ay2duC2LgqAUT5e36Y/hY0tCQd1fCm1NBGAs1m9f8tdWdsnbqUtD2I5GFz68OHTRyB835JA+cpB+6xpDeffjV5bScaVL6B+8N01Ak+zZM5CrRN5BMz2ZA9KzxnkPmW4sXlsiZ4DZz5m7SiMGBA1m8YFH1szodR8=
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 06 Sep 2022 13:03:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 9/1/22 08:55, Jason Andryuk wrote:
> On Tue, Aug 30, 2022 at 4:30 PM Jennifer Herbert
> <jennifer.herbert@xxxxxxxxxx> wrote:
>>
>> This patch introduces an optional TPM 2 interface definition to the ACPI 
>> table,
>> which is to be used as part of a vTPM 2 implementation.
>> To enable the new interface - I have made the TPM interface version
>> configurable in the acpi_config, with the default being the existing 
>> 1.2.(TCPA)
>> I have also added to hvmloader an option to utilise this new config, which 
>> can
>> be triggered by setting the platform/tpm_verion xenstore key.
>>
>> Signed-off-by: Jennifer Herbert <jennifer.herbert@xxxxxxxxxx>
> 
> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>
> 
> Thanks.
> 
> Is there a particular reason why CRB (Command Response Buffer) was
> chosen over TIS (TPM Interface Specification)?  I think of CRB as more
> of an embedded device TPM interface, and TIS is what is usually used
> with physical TPMs.  My experiences have only been with TIS devices,
> so that is influencing my outlook.  Hmm, this patch seems to reference
> the Intel Platform Trust Technology (PTT) fTPM (firmware-TPM) as using
> the CRB interface:
> https://patchwork.kernel.org/project/tpmdd-devel/patch/1417672167-3489-8-git-send-email-jarkko.sakkinen@xxxxxxxxxxxxxxx/
>  If PTT fTPMs are using CRB, then it's more than just embedded
> devices..

This continues to create much confusion. There are two CRB interfaces,
one is the PC Client CRB interface defined in the TCG PTP specification,
which is based on an MMIO HW interface. There are claims that Intel's
PTT provided one, but I myself have never seen an MMIO CRB in the wild.
Then there is the Mobile CRB specification, which defines a
mailbox/doorbell HW interface, particularly for Arm devices. The Mobile
CRB interface has no notion of locality. As a result, there are ongoing
discussions on how the specifications may be normalized and enable
locality support for a mailbox/doorbell HW interface to support the
recent Arm DRTM specification.

v/r,
dps



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.