[U-BOOT-TEST-HOOKS PATCH 1/1] Enable TPMv2 emulation

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Wed Nov 24 08:33:42 CET 2021 

On 11/24/21 08:23, Ilias Apalodimas wrote:
> Hi Heinrich,
> 
> On Mon, 15 Nov 2021 at 12:11, Heinrich Schuchardt
> <heinrich.schuchardt at canonical.com> wrote:
>>
>> Provide a QEMU helper script to launch swtpm and add extra parameters to
>> conf.qemu_arm64_na and conf.qemu_arm_na to provide an emulated TPMv2.
>>
>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
>> ---
>>   bin/qemu.swtpm                   | 19 +++++++++++++++++++
>>   bin/travis-ci/conf.qemu_arm64_na |  3 ++-
>>   bin/travis-ci/conf.qemu_arm_na   |  3 ++-
>>   3 files changed, 23 insertions(+), 2 deletions(-)
>>   create mode 100755 bin/qemu.swtpm
>>
>> diff --git a/bin/qemu.swtpm b/bin/qemu.swtpm
>> new file mode 100755
>> index 0000000..089feba
>> --- /dev/null
>> +++ b/bin/qemu.swtpm
>> @@ -0,0 +1,19 @@
>> +#!/bin/sh
>> +# SPDX-License-Identifier: BSD-2
>> +#
>> +# This script launches swtpm to emulate a TPMv2. The parameter -t makes it
>> +# unload when the connection to QEMU is terminated. To make use of it add
>> +#
>> +#     qemu_helper_script="swtpm"
>> +#
>> +# to the board script and the following arguments to qemu_extra_args
>> +#
>> +#     -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock \
>> +#     -tpmdev emulator,id=tpm0,chardev=chrtpm \
>> +#     -device tpm-tis-device,tpmdev=tpm0
>> +#
>> +# U-Boot must be built with CONFIG_TPM2_MMIO=y.
>> +
>> +mkdir -p /tmp/tpm
>> +swtpm socket -t --tpmstate dir=/tmp/tpm --tpm2 \
>> +--ctrl type=unixio,path=/tmp/tpm/swtpm-sock &
> 
> Nit pick the & can be '-d'

Daemonizing will ensure that we don't get console output. I will change 
this.

> 
>> diff --git a/bin/travis-ci/conf.qemu_arm64_na b/bin/travis-ci/conf.qemu_arm64_na
>> index e7c9426..14577d8 100644
>> --- a/bin/travis-ci/conf.qemu_arm64_na
>> +++ b/bin/travis-ci/conf.qemu_arm64_na
>> @@ -22,8 +22,9 @@
>>
>>   console_impl=qemu
>>   qemu_machine="virt"
>> +qemu_helper_script="swtpm"
>>   qemu_binary="qemu-system-aarch64"
>> -qemu_extra_args="-cpu cortex-a57 -nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device virtio-rng-pci"
>> +qemu_extra_args="-cpu cortex-a57 -nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
>>   qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
>>   reset_impl=none
>>   flash_impl=none
>> diff --git a/bin/travis-ci/conf.qemu_arm_na b/bin/travis-ci/conf.qemu_arm_na
>> index 0f07c80..de0694d 100644
>> --- a/bin/travis-ci/conf.qemu_arm_na
>> +++ b/bin/travis-ci/conf.qemu_arm_na
>> @@ -22,8 +22,9 @@
>>
>>   console_impl=qemu
>>   qemu_machine="virt"
>> +qemu_helper_script="swtpm"
>>   qemu_binary="qemu-system-arm"
>> -qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device virtio-rng-pci"
>> +qemu_extra_args="-nographic -netdev user,id=net0,tftp=${UBOOT_TRAVIS_BUILD_DIR} -device e1000,netdev=net0 -device virtio-rng-pci -chardev socket,id=chrtpm,path=/tmp/tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0"
> 
> Just a note here 'tpm-tis-device' works for arm.  If we evenr need
> this on x86 it's 'tpm-tis' ....

This file is ARM specific.

Best regards

Heinrich

> 
>>   qemu_kernel_args="-bios ${U_BOOT_BUILD_DIR}/u-boot.bin"
>>   reset_impl=none
>>   flash_impl=none
>> --
>> 2.32.0
>>
> 
> Other than that
> Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>

More information about the U-Boot mailing list