[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/x86: Pass TPM ACPI table to PVH dom0

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jason.andryuk@xxxxxxx>
Date: Mon, 15 Dec 2025 09:09:47 -0500
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=citrix.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v5Ngp4Cw/KVUFwKUdgTxgebpD/pZuZwpDbwRoLX/T8c=; b=qOKvbrlojbGOeqz7GfQaqHtVJiyzKV1siHONy3Tb8f9Mp1sW9sa5H5P/e1Gtd/7rKVcu5TpA/7CMl1aOqemULTma241QNW6lAfmGVmuL28LvZDcYRBFPoH4rEfVQKL1lB+a4JX8EyQZWjlHkehQlZyvBPpHdqbctZ/IminNW97HaAwQvkOLnCNlTCej9ka6DEw388TfeMrYchYzK6klx/wtaRg8yvasE+nN7c98iLQjsyODEmt/v7y+TCcpojTboAoTqJJmQg1zpag/alzU+F1UIWiISEoDIHwQ5KXxlMU3SYdLwMnbg0XJpV8FDivGII5nsD9Lla1EaCQ0nbQT7ow==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zRVdAHsnFuOPy5DZKpGyPLpLXmLfd2GC0iENr9Utj2K1guss+X+7t75KxvDvqp2hXcn16tgy5rAENRteK9+dbE8QvJPig18mQrTrsRMAUy0pGe6VvHMGEZWwQZonDLI/0KnXQNVP2Bg/i0HydqUi0Cz8WrYDTPGRl0SU1tZVTifFVq/bd17wb3TEbMQlU/7+AWwhjR55Wrf+rTuE53+soWpKiHhwDzlU+JHODUq3X80cgpEqOVg5IxeyBgWBhtNk7L+gDDOXS0/8JvxVp4AOMCyh5D01rP4+I612Q3Ga93aQhnL2Zm1uNOKnwhjESq8F/hEMdHGd+EsdK3AAlBXOQw==
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "krystian.hebel@xxxxxxxxx" <krystian.hebel@xxxxxxxxx>, Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxxx>
Delivery-date: Mon, 15 Dec 2025 14:10:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-12-12 17:38, Andrew Cooper wrote:

On 12/12/2025 10:29 pm, Jason Andryuk wrote:

Pass the TPM2 ACPI table so that the device can be found by a PVH dom0.

Otherwise dom0 shows:
tpm_tis MSFT0101:00: [Firmware Bug]: failed to get TPM2 ACPI table
tpm_tis MSFT0101:00: probe with driver tpm_tis failed with error -22

TCPA is "Trusted Computing Platform Alliance table", but it is really
the table for a TPM 1.2.  Use that as the comment as it's more
identifiable for readers.

While doing this, move ACPI_SIG_WPBT to alpabetize the entries.


It's probably worth stating that this brings PVH dom0 more in line with
PV dom0.

"This exposes TPM event log tables on PVH dom0, bring it in line with aPV dom0."

Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx>


Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>


Thanks!

---
Only TPM2 has been tested.

AIUI, a TPM 1.2 is probed without the ACPI entry, so it is usable.
But since I know the table exists, I added it.


Yeah - I'd have asked you to do this if you hadn't already.

That said, it highlights that the Trenchboot series needs to grow the
ability to hide the TPM from dom0, both the APCI tables and blind probing.

I presume that tboot already does this, because I'm sure it's been
tested, right...?

Tested which way? This has *not* been tested with tboot, but I thinkit's orthogonal.

After tboot launches Xen, tboot is dormant until Xen calls back intotboot for shutdown. Control of the TPM passes to Xen/Dom0. This isexpected with DRTM and TPMs. The TPM locality differentiates TPMaccesses inside and outside the measured launch environment.

The TPM ACPI table specifies the location of the TPM Event Log - areserved RAM region. There are other ACPI PNP devices to specify theTPM device itself. Those are in DSDT or SSDT (I think), so distinctfrom the event log table - the subject of this patch.


Regards,
Jason

References:
- [PATCH] xen/x86: Pass TPM ACPI table to PVH dom0
  - From: Jason Andryuk
- Re: [PATCH] xen/x86: Pass TPM ACPI table to PVH dom0
  - From: Andrew Cooper

Prev by Date: Re: [XEN PATCH] libxl: Fix device_add QMP calls with QEMU 9.2 and newer
Next by Date: Re: [PATCH v5 02/24] xen/x86: library-fy cpuid-releated functions
Previous by thread: Re: [PATCH] xen/x86: Pass TPM ACPI table to PVH dom0
Next by thread: Re: [PATCH] xen/x86: Pass TPM ACPI table to PVH dom0
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.