Re: Driver tpm(4) and third party packages for trusted platform modules

In message <20100802120236.GB29950@xxxxxxxxxxxxxxxxxx>, Hans-Joerg Hoexer wrote:
Hi,

we have developed a driver tpm(4) for various TPMs for OpenBSD 4.7 and
FreeBSD 8.0 and have ported and updated several third party packages to
enable use of TPMs on Open- and FreeBSD. This enables applications like
OpenSSH to generate and store private keys inside a TPM.

The supported TPMs are:

- Atmel 97SC3203
- Broadcom BCM0102
- Infineon SLB 9635 TT 1.2
- Intel INTC0102
- Sinosun SNS SSX35
- STM ST19WP18
- Winbond WEC WPCT200

The supported third party packages are:

- openCryptoki 2.3.1: An PKCS#11 implementation, including support
for TPMs. OpenSSH can use this library to generate and store private
RSA keys inside a TPM.
- openssl_tpm_engine 0.4.1: An openssl engine supporting TPMs.
- tpm-emulator 0.7.0: An emulator providing the functionality of a TPM.
Used for development purposes.
- tpm-tools 1.3.5: Various tools for managing a TPM, including key
generation.
- trousers 0.3.5: An implementation of the Trusted Software Stack.
This is the backend libary for the afore mentioned packages.
- trousers testsuite 0.2: A testsuite for trousers.
- TrustedGRUB 1.1.4: An TPM enabled version of grub, including support
for natively booting OpenBSD.

A patch including the driver tpm(4) is attached, more information,
full source code and patches for third party packages can be found at
http://bsssd.sourceforge.net.

Nice!
Quick review and hack:

1.How about attaching it as acpi child driver?

In some case, TPM may appear in ACPI namespace (with _HID) and
TPM spec defines ACPI method to handle TPM specific request.

2. Is identify method needed?

Writing device hint will attach isa child driver, I think.

3.Module build

I don't know it is proper in TPM nature.

===
diff -ruN src/sys/dev/tpm/tpm.c src.new/sys/dev/tpm/tpm.c
--- src/sys/dev/tpm/tpm.c 2010-08-04 12:39:05.000000000 +0900
+++ src.new/sys/dev/tpm/tpm.c 2010-08-04 12:27:41.000000000 +0900
@@ -264,15 +264,22 @@
int tpm_legacy_end(struct tpm_softc *, int, int);

#ifdef __FreeBSD__
+static struct isa_pnp_id tpm_ids[] = {
+ {0x32021114, "Trusted Platform Module"},
+
+ {0}
+};
+
/*
* FreeBSD specific code for probing and attaching TPM to device tree.
*/
+#if 0
static void
tpm_identify(driver_t *driver, device_t parent)
{
BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
}
-
+#endif
static int
tpm_probe(device_t dev)
{
@@ -281,8 +288,14 @@
bus_space_handle_t ioh;
struct resource *mem_res;
int rv, mem_rid;
+ int ret;

bzero(sc, sizeof(struct tpm_softc));
+
+ if((ret = ISA_PNP_PROBE(device_get_parent(dev), dev, tpm_ids))
+ <= 0){
+ return ret;
+ }

mem_rid = 0;
mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid,
@@ -362,7 +375,9 @@
}

static device_method_t tpm_methods[] = {
+#if 0
DEVMETHOD(device_identify, tpm_identify),
+#endif
DEVMETHOD(device_probe, tpm_probe),
DEVMETHOD(device_attach, tpm_attach),
DEVMETHOD(device_suspend, tpm_suspend),
@@ -377,6 +392,7 @@
static devclass_t tpm_devclass;

DRIVER_MODULE(tpm, isa, tpm_driver, tpm_devclass, 0, 0);
+DRIVER_MODULE(tpm, acpi, tpm_driver, tpm_devclass, 0, 0);
#else
/*
* OpenBSD specific code for probing and attaching TPM to device tree.
diff -ruN src/sys/modules/tpm/Makefile src.new/sys/modules/tpm/Makefile
--- src/sys/modules/tpm/Makefile 1970-01-01 09:00:00.000000000 +0900
+++ src.new/sys/modules/tpm/Makefile 2010-08-04 12:43:59.000000000 +0900
@@ -0,0 +1,8 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../dev/tpm
+
+KMOD= tpm
+SRCS= tpm.c isa_if.h opt_acpi.h acpi_if.h bus_if.h device_if.h
+
+.include <bsd.kmod.mk>



_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages