qemu/qapi/tpm.json
Amarnath Valluri f4ede81eed tpm: Added support for TPM emulator
This change introduces a new TPM backend driver that can communicate with
swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
the TPM emulator using QEMU's socket-based chardev backend device.

Swtpm uses two Unix sockets for communications, one for plain TPM commands and
responses, and one for out-of-band control messages. QEMU passes the data
socket to be used over the control channel.

The swtpm and associated tools can be found here:
    https://github.com/stefanberger/swtpm

The swtpm's control channel protocol specification can be found here:
    https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification

Usage:
    # setup TPM state directory
    mkdir /tmp/mytpm
    chown -R tss:root /tmp/mytpm
    /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek

    # Ask qemu to use TPM emulator with given tpm state directory
    qemu-system-x86_64 \
        [...] \
        -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
        -tpmdev emulator,id=tpm0,chardev=chrtpm \
        -device tpm-tis,tpmdev=tpm0 \
        [...]

Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-10-13 07:34:33 -04:00

153 lines
2.8 KiB
Python

# -*- Mode: Python -*-
#
##
# = TPM (trusted platform module) devices
##
##
# @TpmModel:
#
# An enumeration of TPM models
#
# @tpm-tis: TPM TIS model
#
# Since: 1.5
##
{ 'enum': 'TpmModel', 'data': [ 'tpm-tis' ] }
##
# @query-tpm-models:
#
# Return a list of supported TPM models
#
# Returns: a list of TpmModel
#
# Since: 1.5
#
# Example:
#
# -> { "execute": "query-tpm-models" }
# <- { "return": [ "tpm-tis" ] }
#
##
{ 'command': 'query-tpm-models', 'returns': ['TpmModel'] }
##
# @TpmType:
#
# An enumeration of TPM types
#
# @passthrough: TPM passthrough type
# @emulator: Software Emulator TPM type
# Since: 2.11
#
# Since: 1.5
##
{ 'enum': 'TpmType', 'data': [ 'passthrough', 'emulator' ] }
##
# @query-tpm-types:
#
# Return a list of supported TPM types
#
# Returns: a list of TpmType
#
# Since: 1.5
#
# Example:
#
# -> { "execute": "query-tpm-types" }
# <- { "return": [ "passthrough", "emulator" ] }
#
##
{ 'command': 'query-tpm-types', 'returns': ['TpmType'] }
##
# @TPMPassthroughOptions:
#
# Information about the TPM passthrough type
#
# @path: string describing the path used for accessing the TPM device
#
# @cancel-path: string showing the TPM's sysfs cancel file
# for cancellation of TPM commands while they are executing
#
# Since: 1.5
##
{ 'struct': 'TPMPassthroughOptions', 'data': { '*path' : 'str',
'*cancel-path' : 'str'} }
##
# @TPMEmulatorOptions:
#
# Information about the TPM emulator type
#
# @chardev: Name of a unix socket chardev
#
# Since: 2.11
##
{ 'struct': 'TPMEmulatorOptions', 'data': { 'chardev' : 'str' } }
##
# @TpmTypeOptions:
#
# A union referencing different TPM backend types' configuration options
#
# @type: 'passthrough' The configuration options for the TPM passthrough type
# 'emulator' The configuration options for TPM emulator backend type
#
# Since: 1.5
##
{ 'union': 'TpmTypeOptions',
'data': { 'passthrough' : 'TPMPassthroughOptions',
'emulator': 'TPMEmulatorOptions' } }
##
# @TPMInfo:
#
# Information about the TPM
#
# @id: The Id of the TPM
#
# @model: The TPM frontend model
#
# @options: The TPM (backend) type configuration options
#
# Since: 1.5
##
{ 'struct': 'TPMInfo',
'data': {'id': 'str',
'model': 'TpmModel',
'options': 'TpmTypeOptions' } }
##
# @query-tpm:
#
# Return information about the TPM device
#
# Returns: @TPMInfo on success
#
# Since: 1.5
#
# Example:
#
# -> { "execute": "query-tpm" }
# <- { "return":
# [
# { "model": "tpm-tis",
# "options":
# { "type": "passthrough",
# "data":
# { "cancel-path": "/sys/class/misc/tpm0/device/cancel",
# "path": "/dev/tpm0"
# }
# },
# "id": "tpm0"
# }
# ]
# }
#
##
{ 'command': 'query-tpm', 'returns': ['TPMInfo'] }