From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 4 03:49:51 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B51F41065673; Wed, 4 Aug 2010 03:49:51 +0000 (UTC) (envelope-from takawata@init-main.com) Received: from sana.init-main.com (unknown [IPv6:2001:240:28::1]) by mx1.freebsd.org (Postfix) with ESMTP id 5F6488FC12; Wed, 4 Aug 2010 03:49:51 +0000 (UTC) Received: from ns.init-main.com (localhost [127.0.0.1]) by sana.init-main.com (8.14.3/8.14.3) with ESMTP id o743leeR046013; Wed, 4 Aug 2010 12:47:40 +0900 (JST) (envelope-from takawata@ns.init-main.com) Message-Id: <201008040347.o743leeR046013@sana.init-main.com> To: Hans-Joerg Hoexer In-reply-to: Your message of "Mon, 02 Aug 2010 14:02:36 +0200." <20100802120236.GB29950@modermoor.genua.de> Date: Wed, 04 Aug 2010 12:47:40 +0900 From: Takanori Watanabe Cc: freebsd-hackers@freebsd.org, freebsd-current@freebsd.org Subject: Re: Driver tpm(4) and third party packages for trusted platform modules X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Aug 2010 03:49:51 -0000 In message <20100802120236.GB29950@modermoor.genua.de>, Hans-Joerg Hoexer wrote: >Hi, > >we have developed a driver tpm(4) for various TPMs for OpenBSD 4.7 and >FreeBSD 8.0 and have ported and updated several third party packages to >enable use of TPMs on Open- and FreeBSD. This enables applications like >OpenSSH to generate and store private keys inside a TPM. > >The supported TPMs are: > >- Atmel 97SC3203 >- Broadcom BCM0102 >- Infineon SLB 9635 TT 1.2 >- Intel INTC0102 >- Sinosun SNS SSX35 >- STM ST19WP18 >- Winbond WEC WPCT200 > >The supported third party packages are: > >- openCryptoki 2.3.1: An PKCS#11 implementation, including support > for TPMs. OpenSSH can use this library to generate and store private > RSA keys inside a TPM. >- openssl_tpm_engine 0.4.1: An openssl engine supporting TPMs. >- tpm-emulator 0.7.0: An emulator providing the functionality of a TPM. > Used for development purposes. >- tpm-tools 1.3.5: Various tools for managing a TPM, including key > generation. >- trousers 0.3.5: An implementation of the Trusted Software Stack. > This is the backend libary for the afore mentioned packages. >- trousers testsuite 0.2: A testsuite for trousers. >- TrustedGRUB 1.1.4: An TPM enabled version of grub, including support > for natively booting OpenBSD. > >A patch including the driver tpm(4) is attached, more information, >full source code and patches for third party packages can be found at >http://bsssd.sourceforge.net. Nice! Quick review and hack: 1.How about attaching it as acpi child driver? In some case, TPM may appear in ACPI namespace (with _HID) and TPM spec defines ACPI method to handle TPM specific request. 2. Is identify method needed? Writing device hint will attach isa child driver, I think. 3.Module build I don't know it is proper in TPM nature. === diff -ruN src/sys/dev/tpm/tpm.c src.new/sys/dev/tpm/tpm.c --- src/sys/dev/tpm/tpm.c 2010-08-04 12:39:05.000000000 +0900 +++ src.new/sys/dev/tpm/tpm.c 2010-08-04 12:27:41.000000000 +0900 @@ -264,15 +264,22 @@ int tpm_legacy_end(struct tpm_softc *, int, int); #ifdef __FreeBSD__ +static struct isa_pnp_id tpm_ids[] = { + {0x32021114, "Trusted Platform Module"}, + + {0} +}; + /* * FreeBSD specific code for probing and attaching TPM to device tree. */ +#if 0 static void tpm_identify(driver_t *driver, device_t parent) { BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0); } - +#endif static int tpm_probe(device_t dev) { @@ -281,8 +288,14 @@ bus_space_handle_t ioh; struct resource *mem_res; int rv, mem_rid; + int ret; bzero(sc, sizeof(struct tpm_softc)); + + if((ret = ISA_PNP_PROBE(device_get_parent(dev), dev, tpm_ids)) + <= 0){ + return ret; + } mem_rid = 0; mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid, @@ -362,7 +375,9 @@ } static device_method_t tpm_methods[] = { +#if 0 DEVMETHOD(device_identify, tpm_identify), +#endif DEVMETHOD(device_probe, tpm_probe), DEVMETHOD(device_attach, tpm_attach), DEVMETHOD(device_suspend, tpm_suspend), @@ -377,6 +392,7 @@ static devclass_t tpm_devclass; DRIVER_MODULE(tpm, isa, tpm_driver, tpm_devclass, 0, 0); +DRIVER_MODULE(tpm, acpi, tpm_driver, tpm_devclass, 0, 0); #else /* * OpenBSD specific code for probing and attaching TPM to device tree. diff -ruN src/sys/modules/tpm/Makefile src.new/sys/modules/tpm/Makefile --- src/sys/modules/tpm/Makefile 1970-01-01 09:00:00.000000000 +0900 +++ src.new/sys/modules/tpm/Makefile 2010-08-04 12:43:59.000000000 +0900 @@ -0,0 +1,8 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../dev/tpm + +KMOD= tpm +SRCS= tpm.c isa_if.h opt_acpi.h acpi_if.h bus_if.h device_if.h + +.include