1 1.1 cherry /****************************************************************************** 2 1.1 cherry * tpmif.h 3 1.1 cherry * 4 1.1 cherry * TPM I/O interface for Xen guest OSes. 5 1.1 cherry * 6 1.1 cherry * Permission is hereby granted, free of charge, to any person obtaining a copy 7 1.1 cherry * of this software and associated documentation files (the "Software"), to 8 1.1 cherry * deal in the Software without restriction, including without limitation the 9 1.1 cherry * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 1.1 cherry * sell copies of the Software, and to permit persons to whom the Software is 11 1.1 cherry * furnished to do so, subject to the following conditions: 12 1.1 cherry * 13 1.1 cherry * The above copyright notice and this permission notice shall be included in 14 1.1 cherry * all copies or substantial portions of the Software. 15 1.1 cherry * 16 1.1 cherry * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 1.1 cherry * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 1.1 cherry * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 1.1 cherry * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 1.1 cherry * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 1.1 cherry * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 1.1 cherry * DEALINGS IN THE SOFTWARE. 23 1.1 cherry * 24 1.1 cherry * Copyright (c) 2005, IBM Corporation 25 1.1 cherry * 26 1.1 cherry * Author: Stefan Berger, stefanb (at) us.ibm.com 27 1.1 cherry * Grant table support: Mahadevan Gomathisankaran 28 1.1 cherry * 29 1.1 cherry * This code has been derived from tools/libxc/xen/io/netif.h 30 1.1 cherry * 31 1.1 cherry * Copyright (c) 2003-2004, Keir Fraser 32 1.1 cherry */ 33 1.1 cherry 34 1.1 cherry #ifndef __XEN_PUBLIC_IO_TPMIF_H__ 35 1.1 cherry #define __XEN_PUBLIC_IO_TPMIF_H__ 36 1.1 cherry 37 1.1 cherry #include "../grant_table.h" 38 1.1 cherry 39 1.1 cherry struct tpmif_tx_request { 40 1.1 cherry unsigned long addr; /* Machine address of packet. */ 41 1.1 cherry grant_ref_t ref; /* grant table access reference */ 42 1.1 cherry uint16_t unused; 43 1.1 cherry uint16_t size; /* Packet size in bytes. */ 44 1.1 cherry }; 45 1.1 cherry typedef struct tpmif_tx_request tpmif_tx_request_t; 46 1.1 cherry 47 1.1 cherry /* 48 1.1 cherry * The TPMIF_TX_RING_SIZE defines the number of pages the 49 1.1 cherry * front-end and backend can exchange (= size of array). 50 1.1 cherry */ 51 1.1 cherry typedef uint32_t TPMIF_RING_IDX; 52 1.1 cherry 53 1.1 cherry #define TPMIF_TX_RING_SIZE 1 54 1.1 cherry 55 1.1 cherry /* This structure must fit in a memory page. */ 56 1.1 cherry 57 1.1 cherry struct tpmif_ring { 58 1.1 cherry struct tpmif_tx_request req; 59 1.1 cherry }; 60 1.1 cherry typedef struct tpmif_ring tpmif_ring_t; 61 1.1 cherry 62 1.1 cherry struct tpmif_tx_interface { 63 1.1 cherry struct tpmif_ring ring[TPMIF_TX_RING_SIZE]; 64 1.1 cherry }; 65 1.1 cherry typedef struct tpmif_tx_interface tpmif_tx_interface_t; 66 1.1 cherry 67 1.1 cherry /****************************************************************************** 68 1.1 cherry * TPM I/O interface for Xen guest OSes, v2 69 1.1 cherry * 70 1.1 cherry * Author: Daniel De Graaf <dgdegra (at) tycho.nsa.gov> 71 1.1 cherry * 72 1.1 cherry * This protocol emulates the request/response behavior of a TPM using a Xen 73 1.1 cherry * shared memory interface. All interaction with the TPM is at the direction 74 1.1 cherry * of the frontend, since a TPM (hardware or virtual) is a passive device - 75 1.1 cherry * the backend only processes commands as requested by the frontend. 76 1.1 cherry * 77 1.1 cherry * The frontend sends a request to the TPM by populating the shared page with 78 1.1 cherry * the request packet, changing the state to TPMIF_STATE_SUBMIT, and sending 79 1.1 cherry * and event channel notification. When the backend is finished, it will set 80 1.1 cherry * the state to TPMIF_STATE_FINISH and send an event channel notification. 81 1.1 cherry * 82 1.1 cherry * In order to allow long-running commands to be canceled, the frontend can 83 1.1 cherry * at any time change the state to TPMIF_STATE_CANCEL and send a notification. 84 1.1 cherry * The TPM can either finish the command (changing state to TPMIF_STATE_FINISH) 85 1.1 cherry * or can cancel the command and change the state to TPMIF_STATE_IDLE. The TPM 86 1.1 cherry * can also change the state to TPMIF_STATE_IDLE instead of TPMIF_STATE_FINISH 87 1.1 cherry * if another reason for cancellation is required - for example, a physical 88 1.1 cherry * TPM may cancel a command if the interface is seized by another locality. 89 1.1 cherry * 90 1.1 cherry * The TPM command format is defined by the TCG, and is available at 91 1.1 cherry * http://www.trustedcomputinggroup.org/resources/tpm_main_specification 92 1.1 cherry */ 93 1.1 cherry 94 1.1 cherry enum tpmif_state { 95 1.1 cherry TPMIF_STATE_IDLE, /* no contents / vTPM idle / cancel complete */ 96 1.1 cherry TPMIF_STATE_SUBMIT, /* request ready / vTPM working */ 97 1.1 cherry TPMIF_STATE_FINISH, /* response ready / vTPM idle */ 98 1.1 cherry TPMIF_STATE_CANCEL, /* cancel requested / vTPM working */ 99 1.1 cherry }; 100 1.1 cherry /* Note: The backend should only change state to IDLE or FINISH, while the 101 1.1 cherry * frontend should only change to SUBMIT or CANCEL. Status changes do not need 102 1.1 cherry * to use atomic operations. 103 1.1 cherry */ 104 1.1 cherry 105 1.1 cherry 106 1.1 cherry /* The shared page for vTPM request/response packets looks like: 107 1.1 cherry * 108 1.1 cherry * Offset Contents 109 1.1 cherry * ================================================= 110 1.1 cherry * 0 struct tpmif_shared_page 111 1.1 cherry * 16 [optional] List of grant IDs 112 1.1 cherry * 16+4*nr_extra_pages TPM packet data 113 1.1 cherry * 114 1.1 cherry * If the TPM packet data extends beyond the end of a single page, the grant IDs 115 1.1 cherry * defined in extra_pages are used as if they were mapped immediately following 116 1.1 cherry * the primary shared page. The grants are allocated by the frontend and mapped 117 1.1 cherry * by the backend. Before sending a request spanning multiple pages, the 118 1.1 cherry * frontend should verify that the TPM supports such large requests by querying 119 1.1 cherry * the TPM_CAP_PROP_INPUT_BUFFER property from the TPM. 120 1.1 cherry */ 121 1.1 cherry struct tpmif_shared_page { 122 1.1 cherry uint32_t length; /* request/response length in bytes */ 123 1.1 cherry 124 1.1 cherry uint8_t state; /* enum tpmif_state */ 125 1.1 cherry uint8_t locality; /* for the current request */ 126 1.1 cherry uint8_t pad; /* should be zero */ 127 1.1 cherry 128 1.1 cherry uint8_t nr_extra_pages; /* extra pages for long packets; may be zero */ 129 1.1 cherry uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */ 130 1.1 cherry }; 131 1.1 cherry typedef struct tpmif_shared_page tpmif_shared_page_t; 132 1.1 cherry 133 1.1 cherry #endif 134 1.1 cherry 135 1.1 cherry /* 136 1.1 cherry * Local variables: 137 1.1 cherry * mode: C 138 1.1 cherry * c-file-style: "BSD" 139 1.1 cherry * c-basic-offset: 4 140 1.1 cherry * tab-width: 4 141 1.1 cherry * indent-tabs-mode: nil 142 1.1 cherry * End: 143 1.1 cherry */ 144
Indexes created Mon Sep 29 03:10:08 GMT 2025