tpm_spapr.c (12415B)
1 /* 2 * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator 3 * 4 * PAPR Virtual TPM 5 * 6 * Copyright (c) 2015, 2017, 2019 IBM Corporation. 7 * 8 * Authors: 9 * Stefan Berger <stefanb@linux.vnet.ibm.com> 10 * 11 * This code is licensed under the GPL version 2 or later. See the 12 * COPYING file in the top-level directory. 13 * 14 */ 15 16 #include "qemu/osdep.h" 17 #include "qemu/error-report.h" 18 #include "qapi/error.h" 19 #include "hw/qdev-properties.h" 20 #include "migration/vmstate.h" 21 22 #include "sysemu/tpm_backend.h" 23 #include "sysemu/tpm_util.h" 24 #include "tpm_prop.h" 25 26 #include "hw/ppc/spapr.h" 27 #include "hw/ppc/spapr_vio.h" 28 #include "trace.h" 29 #include "qom/object.h" 30 31 #define DEBUG_SPAPR 0 32 33 typedef struct SpaprTpmState SpaprTpmState; 34 DECLARE_INSTANCE_CHECKER(SpaprTpmState, VIO_SPAPR_VTPM, 35 TYPE_TPM_SPAPR) 36 37 typedef struct TpmCrq { 38 uint8_t valid; /* 0x80: cmd; 0xc0: init crq */ 39 /* 0x81-0x83: CRQ message response */ 40 uint8_t msg; /* see below */ 41 uint16_t len; /* len of TPM request; len of TPM response */ 42 uint32_t data; /* rtce_dma_handle when sending TPM request */ 43 uint64_t reserved; 44 } TpmCrq; 45 46 #define SPAPR_VTPM_VALID_INIT_CRQ_COMMAND 0xC0 47 #define SPAPR_VTPM_VALID_COMMAND 0x80 48 #define SPAPR_VTPM_MSG_RESULT 0x80 49 50 /* msg types for valid = SPAPR_VTPM_VALID_INIT_CRQ */ 51 #define SPAPR_VTPM_INIT_CRQ_RESULT 0x1 52 #define SPAPR_VTPM_INIT_CRQ_COMPLETE_RESULT 0x2 53 54 /* msg types for valid = SPAPR_VTPM_VALID_CMD */ 55 #define SPAPR_VTPM_GET_VERSION 0x1 56 #define SPAPR_VTPM_TPM_COMMAND 0x2 57 #define SPAPR_VTPM_GET_RTCE_BUFFER_SIZE 0x3 58 #define SPAPR_VTPM_PREPARE_TO_SUSPEND 0x4 59 60 /* response error messages */ 61 #define SPAPR_VTPM_VTPM_ERROR 0xff 62 63 /* error codes */ 64 #define SPAPR_VTPM_ERR_COPY_IN_FAILED 0x3 65 #define SPAPR_VTPM_ERR_COPY_OUT_FAILED 0x4 66 67 #define TPM_SPAPR_BUFFER_MAX 4096 68 69 struct SpaprTpmState { 70 SpaprVioDevice vdev; 71 72 TpmCrq crq; /* track single TPM command */ 73 74 uint8_t state; 75 #define SPAPR_VTPM_STATE_NONE 0 76 #define SPAPR_VTPM_STATE_EXECUTION 1 77 #define SPAPR_VTPM_STATE_COMPLETION 2 78 79 unsigned char *buffer; 80 81 uint32_t numbytes; /* number of bytes to deliver on resume */ 82 83 TPMBackendCmd cmd; 84 85 TPMBackend *be_driver; 86 TPMVersion be_tpm_version; 87 88 size_t be_buffer_size; 89 }; 90 91 /* 92 * Send a request to the TPM. 93 */ 94 static void tpm_spapr_tpm_send(SpaprTpmState *s) 95 { 96 tpm_util_show_buffer(s->buffer, s->be_buffer_size, "To TPM"); 97 98 s->state = SPAPR_VTPM_STATE_EXECUTION; 99 s->cmd = (TPMBackendCmd) { 100 .locty = 0, 101 .in = s->buffer, 102 .in_len = MIN(tpm_cmd_get_size(s->buffer), s->be_buffer_size), 103 .out = s->buffer, 104 .out_len = s->be_buffer_size, 105 }; 106 107 tpm_backend_deliver_request(s->be_driver, &s->cmd); 108 } 109 110 static int tpm_spapr_process_cmd(SpaprTpmState *s, uint64_t dataptr) 111 { 112 long rc; 113 114 /* a max. of be_buffer_size bytes can be transported */ 115 rc = spapr_vio_dma_read(&s->vdev, dataptr, 116 s->buffer, s->be_buffer_size); 117 if (rc) { 118 error_report("tpm_spapr_got_payload: DMA read failure"); 119 } 120 /* let vTPM handle any malformed request */ 121 tpm_spapr_tpm_send(s); 122 123 return rc; 124 } 125 126 static inline int spapr_tpm_send_crq(struct SpaprVioDevice *dev, TpmCrq *crq) 127 { 128 return spapr_vio_send_crq(dev, (uint8_t *)crq); 129 } 130 131 static int tpm_spapr_do_crq(struct SpaprVioDevice *dev, uint8_t *crq_data) 132 { 133 SpaprTpmState *s = VIO_SPAPR_VTPM(dev); 134 TpmCrq local_crq; 135 TpmCrq *crq = &s->crq; /* requests only */ 136 int rc; 137 uint8_t valid = crq_data[0]; 138 uint8_t msg = crq_data[1]; 139 140 trace_tpm_spapr_do_crq(valid, msg); 141 142 switch (valid) { 143 case SPAPR_VTPM_VALID_INIT_CRQ_COMMAND: /* Init command/response */ 144 145 /* Respond to initialization request */ 146 switch (msg) { 147 case SPAPR_VTPM_INIT_CRQ_RESULT: 148 trace_tpm_spapr_do_crq_crq_result(); 149 memset(&local_crq, 0, sizeof(local_crq)); 150 local_crq.valid = SPAPR_VTPM_VALID_INIT_CRQ_COMMAND; 151 local_crq.msg = SPAPR_VTPM_INIT_CRQ_RESULT; 152 spapr_tpm_send_crq(dev, &local_crq); 153 break; 154 155 case SPAPR_VTPM_INIT_CRQ_COMPLETE_RESULT: 156 trace_tpm_spapr_do_crq_crq_complete_result(); 157 memset(&local_crq, 0, sizeof(local_crq)); 158 local_crq.valid = SPAPR_VTPM_VALID_INIT_CRQ_COMMAND; 159 local_crq.msg = SPAPR_VTPM_INIT_CRQ_COMPLETE_RESULT; 160 spapr_tpm_send_crq(dev, &local_crq); 161 break; 162 } 163 164 break; 165 case SPAPR_VTPM_VALID_COMMAND: /* Payloads */ 166 switch (msg) { 167 case SPAPR_VTPM_TPM_COMMAND: 168 trace_tpm_spapr_do_crq_tpm_command(); 169 if (s->state == SPAPR_VTPM_STATE_EXECUTION) { 170 return H_BUSY; 171 } 172 memcpy(crq, crq_data, sizeof(*crq)); 173 174 rc = tpm_spapr_process_cmd(s, be32_to_cpu(crq->data)); 175 176 if (rc == H_SUCCESS) { 177 crq->valid = be16_to_cpu(0); 178 } else { 179 local_crq.valid = SPAPR_VTPM_MSG_RESULT; 180 local_crq.msg = SPAPR_VTPM_VTPM_ERROR; 181 local_crq.len = cpu_to_be16(0); 182 local_crq.data = cpu_to_be32(SPAPR_VTPM_ERR_COPY_IN_FAILED); 183 spapr_tpm_send_crq(dev, &local_crq); 184 } 185 break; 186 187 case SPAPR_VTPM_GET_RTCE_BUFFER_SIZE: 188 trace_tpm_spapr_do_crq_tpm_get_rtce_buffer_size(s->be_buffer_size); 189 local_crq.valid = SPAPR_VTPM_VALID_COMMAND; 190 local_crq.msg = SPAPR_VTPM_GET_RTCE_BUFFER_SIZE | 191 SPAPR_VTPM_MSG_RESULT; 192 local_crq.len = cpu_to_be16(s->be_buffer_size); 193 spapr_tpm_send_crq(dev, &local_crq); 194 break; 195 196 case SPAPR_VTPM_GET_VERSION: 197 local_crq.valid = SPAPR_VTPM_VALID_COMMAND; 198 local_crq.msg = SPAPR_VTPM_GET_VERSION | SPAPR_VTPM_MSG_RESULT; 199 local_crq.len = cpu_to_be16(0); 200 switch (s->be_tpm_version) { 201 case TPM_VERSION_1_2: 202 local_crq.data = cpu_to_be32(1); 203 break; 204 case TPM_VERSION_2_0: 205 local_crq.data = cpu_to_be32(2); 206 break; 207 default: 208 g_assert_not_reached(); 209 break; 210 } 211 trace_tpm_spapr_do_crq_get_version(be32_to_cpu(local_crq.data)); 212 spapr_tpm_send_crq(dev, &local_crq); 213 break; 214 215 case SPAPR_VTPM_PREPARE_TO_SUSPEND: 216 trace_tpm_spapr_do_crq_prepare_to_suspend(); 217 local_crq.valid = SPAPR_VTPM_VALID_COMMAND; 218 local_crq.msg = SPAPR_VTPM_PREPARE_TO_SUSPEND | 219 SPAPR_VTPM_MSG_RESULT; 220 spapr_tpm_send_crq(dev, &local_crq); 221 break; 222 223 default: 224 trace_tpm_spapr_do_crq_unknown_msg_type(crq->msg); 225 } 226 break; 227 default: 228 trace_tpm_spapr_do_crq_unknown_crq(valid, msg); 229 }; 230 231 return H_SUCCESS; 232 } 233 234 static void tpm_spapr_request_completed(TPMIf *ti, int ret) 235 { 236 SpaprTpmState *s = VIO_SPAPR_VTPM(ti); 237 TpmCrq *crq = &s->crq; 238 uint32_t len; 239 int rc; 240 241 s->state = SPAPR_VTPM_STATE_COMPLETION; 242 243 /* a max. of be_buffer_size bytes can be transported */ 244 len = MIN(tpm_cmd_get_size(s->buffer), s->be_buffer_size); 245 246 if (runstate_check(RUN_STATE_FINISH_MIGRATE)) { 247 trace_tpm_spapr_caught_response(len); 248 /* defer delivery of response until .post_load */ 249 s->numbytes = len; 250 return; 251 } 252 253 rc = spapr_vio_dma_write(&s->vdev, be32_to_cpu(crq->data), 254 s->buffer, len); 255 256 tpm_util_show_buffer(s->buffer, len, "From TPM"); 257 258 crq->valid = SPAPR_VTPM_MSG_RESULT; 259 if (rc == H_SUCCESS) { 260 crq->msg = SPAPR_VTPM_TPM_COMMAND | SPAPR_VTPM_MSG_RESULT; 261 crq->len = cpu_to_be16(len); 262 } else { 263 error_report("%s: DMA write failure", __func__); 264 crq->msg = SPAPR_VTPM_VTPM_ERROR; 265 crq->len = cpu_to_be16(0); 266 crq->data = cpu_to_be32(SPAPR_VTPM_ERR_COPY_OUT_FAILED); 267 } 268 269 rc = spapr_tpm_send_crq(&s->vdev, crq); 270 if (rc) { 271 error_report("%s: Error sending response", __func__); 272 } 273 } 274 275 static int tpm_spapr_do_startup_tpm(SpaprTpmState *s, size_t buffersize) 276 { 277 return tpm_backend_startup_tpm(s->be_driver, buffersize); 278 } 279 280 static const char *tpm_spapr_get_dt_compatible(SpaprVioDevice *dev) 281 { 282 SpaprTpmState *s = VIO_SPAPR_VTPM(dev); 283 284 switch (s->be_tpm_version) { 285 case TPM_VERSION_1_2: 286 return "IBM,vtpm"; 287 case TPM_VERSION_2_0: 288 return "IBM,vtpm20"; 289 default: 290 g_assert_not_reached(); 291 } 292 } 293 294 static void tpm_spapr_reset(SpaprVioDevice *dev) 295 { 296 SpaprTpmState *s = VIO_SPAPR_VTPM(dev); 297 298 s->state = SPAPR_VTPM_STATE_NONE; 299 s->numbytes = 0; 300 301 s->be_tpm_version = tpm_backend_get_tpm_version(s->be_driver); 302 303 s->be_buffer_size = MIN(tpm_backend_get_buffer_size(s->be_driver), 304 TPM_SPAPR_BUFFER_MAX); 305 306 tpm_backend_reset(s->be_driver); 307 308 if (tpm_spapr_do_startup_tpm(s, s->be_buffer_size) < 0) { 309 exit(1); 310 } 311 } 312 313 static enum TPMVersion tpm_spapr_get_version(TPMIf *ti) 314 { 315 SpaprTpmState *s = VIO_SPAPR_VTPM(ti); 316 317 if (tpm_backend_had_startup_error(s->be_driver)) { 318 return TPM_VERSION_UNSPEC; 319 } 320 321 return tpm_backend_get_tpm_version(s->be_driver); 322 } 323 324 /* persistent state handling */ 325 326 static int tpm_spapr_pre_save(void *opaque) 327 { 328 SpaprTpmState *s = opaque; 329 330 tpm_backend_finish_sync(s->be_driver); 331 /* 332 * we cannot deliver the results to the VM since DMA would touch VM memory 333 */ 334 335 return 0; 336 } 337 338 static int tpm_spapr_post_load(void *opaque, int version_id) 339 { 340 SpaprTpmState *s = opaque; 341 342 if (s->numbytes) { 343 trace_tpm_spapr_post_load(); 344 /* deliver the results to the VM via DMA */ 345 tpm_spapr_request_completed(TPM_IF(s), 0); 346 s->numbytes = 0; 347 } 348 349 return 0; 350 } 351 352 static const VMStateDescription vmstate_spapr_vtpm = { 353 .name = "tpm-spapr", 354 .pre_save = tpm_spapr_pre_save, 355 .post_load = tpm_spapr_post_load, 356 .fields = (VMStateField[]) { 357 VMSTATE_SPAPR_VIO(vdev, SpaprTpmState), 358 359 VMSTATE_UINT8(state, SpaprTpmState), 360 VMSTATE_UINT32(numbytes, SpaprTpmState), 361 VMSTATE_VBUFFER_UINT32(buffer, SpaprTpmState, 0, NULL, numbytes), 362 /* remember DMA address */ 363 VMSTATE_UINT32(crq.data, SpaprTpmState), 364 VMSTATE_END_OF_LIST(), 365 } 366 }; 367 368 static Property tpm_spapr_properties[] = { 369 DEFINE_SPAPR_PROPERTIES(SpaprTpmState, vdev), 370 DEFINE_PROP_TPMBE("tpmdev", SpaprTpmState, be_driver), 371 DEFINE_PROP_END_OF_LIST(), 372 }; 373 374 static void tpm_spapr_realizefn(SpaprVioDevice *dev, Error **errp) 375 { 376 SpaprTpmState *s = VIO_SPAPR_VTPM(dev); 377 378 if (!tpm_find()) { 379 error_setg(errp, "at most one TPM device is permitted"); 380 return; 381 } 382 383 dev->crq.SendFunc = tpm_spapr_do_crq; 384 385 if (!s->be_driver) { 386 error_setg(errp, "'tpmdev' property is required"); 387 return; 388 } 389 s->buffer = g_malloc(TPM_SPAPR_BUFFER_MAX); 390 } 391 392 static void tpm_spapr_class_init(ObjectClass *klass, void *data) 393 { 394 DeviceClass *dc = DEVICE_CLASS(klass); 395 SpaprVioDeviceClass *k = VIO_SPAPR_DEVICE_CLASS(klass); 396 TPMIfClass *tc = TPM_IF_CLASS(klass); 397 398 k->realize = tpm_spapr_realizefn; 399 k->reset = tpm_spapr_reset; 400 k->dt_name = "vtpm"; 401 k->dt_type = "IBM,vtpm"; 402 k->get_dt_compatible = tpm_spapr_get_dt_compatible; 403 k->signal_mask = 0x00000001; 404 set_bit(DEVICE_CATEGORY_MISC, dc->categories); 405 device_class_set_props(dc, tpm_spapr_properties); 406 k->rtce_window_size = 0x10000000; 407 dc->vmsd = &vmstate_spapr_vtpm; 408 409 tc->model = TPM_MODEL_TPM_SPAPR; 410 tc->get_version = tpm_spapr_get_version; 411 tc->request_completed = tpm_spapr_request_completed; 412 } 413 414 static const TypeInfo tpm_spapr_info = { 415 .name = TYPE_TPM_SPAPR, 416 .parent = TYPE_VIO_SPAPR_DEVICE, 417 .instance_size = sizeof(SpaprTpmState), 418 .class_init = tpm_spapr_class_init, 419 .interfaces = (InterfaceInfo[]) { 420 { TYPE_TPM_IF }, 421 { } 422 } 423 }; 424 425 static void tpm_spapr_register_types(void) 426 { 427 type_register_static(&tpm_spapr_info); 428 } 429 430 type_init(tpm_spapr_register_types)