[SeaBIOS] [PATCH v8 0/8] Add TPM support to SeaBIOS

Stefan Berger stefanb at us.ibm.com
Wed Jul 2 17:38:44 CEST 2014 

This is a repost of a series of patches providing TPM support to SeaBIOS.

As an addition, this patch series now works on the Acer C720 Chromebook
with limitations (S3 not getting invoked; no logging into TCPA table).

The patch series cleanly applies to a checkout of tags/rel-1.7.5.


The following set of patches add TPM and Trusted Computing support to SeaBIOS.
In particular the patches add:

- a TPM driver for the Qemu's TPM TIS emulation (not yet in Qemu git)
- ACPI support for the TPM device (SSDT table)
- ACPI support for measurement logging (TCPA table)
- Support for initialzation of the TPM
- Support for the TCG BIOS extensions (1ah handler [ah = 0xbb])
  (used by trusted grub; http://trousers.sourceforge.net/grub.html)
- Static Root of Trusted for Measurement (SRTM) support
- Support for S3 resume (sends command to TPM upon resume)
- TPM-specific menu for controlling aspects of the TPM

All implementations necessarily follow specifications.

When all patches are applied the following services are available
- SSDT ACPI table for TPM support
- initialization of the TPM upon VM start and S3 resume
- Static root of trust for measurements (SRTM) that measures (some) data
  of SeaBIOS in TCPA ACPI table
- 1ah interrupt handler offering APIs for measuring and sending commands to
  the TPM (trusted grub uses them)
- User menu for controlling aspects of the state of the TPM


Stefan Berger (8):
  Add an implementation of a TPM TIS driver
  Provide ACPI SSDT table for TPM device + S3 resume support
  Implementation of the TCG BIOS extensions
  Support for BIOS interrupt handler
  Add 'measurement' code to the BIOS
  Add a menu for TPM control
  Add a menu item for displaying TPM diagnostics
  Make the TPM menu work on a Chromebook (Acer C720)

 Makefile                 |   12 +-
 src/Kconfig              |   15 +
 src/boot.c               |   28 +-
 src/cdrom.c              |   10 +
 src/clock.c              |   12 +
 src/config.h             |    1 +
 src/fw/acpi-tpm-ssdt.dsl |   24 +
 src/fw/acpi-tpm-ssdt.hex |   27 +
 src/fw/acpi.c            |   41 +
 src/hw/tpm_drivers.c     |  273 ++++++
 src/hw/tpm_drivers.h     |   91 ++
 src/optionroms.c         |    4 +
 src/post.c               |    9 +
 src/resume.c             |    2 +
 src/sha1.c               |  145 +++
 src/sha1.h               |    8 +
 src/std/acpi.h           |   20 +
 src/tcgbios.c            | 2208 ++++++++++++++++++++++++++++++++++++++++++++++
 src/tcgbios.h            |  431 +++++++++
 src/util.h               |   32 +
 20 files changed, 3388 insertions(+), 5 deletions(-)
 create mode 100644 src/fw/acpi-tpm-ssdt.dsl
 create mode 100644 src/fw/acpi-tpm-ssdt.hex
 create mode 100644 src/hw/tpm_drivers.c
 create mode 100644 src/hw/tpm_drivers.h
 create mode 100644 src/sha1.c
 create mode 100644 src/sha1.h
 create mode 100644 src/tcgbios.c
 create mode 100644 src/tcgbios.h

-- 
1.8.1.4

More information about the SeaBIOS mailing list