Driver tpm(4) and third party packages for trusted platform modules

Takanori Watanabe takawata at init-main.com
Wed Aug 4 03:49:51 UTC 2010


In message <20100802120236.GB29950 at modermoor.genua.de>, Hans-Joerg Hoexer wrote:
>Hi,
>
>we have developed a driver tpm(4) for various TPMs for OpenBSD 4.7 and
>FreeBSD 8.0 and have ported and updated several third party packages to
>enable use of TPMs on Open- and FreeBSD.  This enables applications like
>OpenSSH to generate and store private keys inside a TPM.
>
>The supported TPMs are:
>
>- Atmel 97SC3203
>- Broadcom BCM0102
>- Infineon SLB 9635 TT 1.2
>- Intel INTC0102
>- Sinosun SNS SSX35
>- STM ST19WP18
>- Winbond WEC WPCT200
>
>The supported third party packages are:
>
>- openCryptoki 2.3.1:  An PKCS#11 implementation, including support
>  for TPMs.  OpenSSH can use this library to generate and store private
>  RSA keys inside a TPM.
>- openssl_tpm_engine 0.4.1:  An openssl engine supporting TPMs.
>- tpm-emulator 0.7.0:  An emulator providing the functionality of a TPM.
>  Used for development purposes.
>- tpm-tools 1.3.5:  Various tools for managing a TPM, including key
>  generation.
>- trousers 0.3.5:  An implementation of the Trusted Software Stack.
>  This is the backend libary for the afore mentioned packages.
>- trousers testsuite 0.2:  A testsuite for trousers.
>- TrustedGRUB 1.1.4:  An TPM enabled version of grub, including support
>  for natively booting OpenBSD.
>
>A patch including the driver tpm(4) is attached, more information,
>full source code and patches for third party packages can be found at
>http://bsssd.sourceforge.net.

Nice!
Quick review and hack:

1.How about attaching it as acpi child driver?

In some case, TPM may appear in ACPI namespace (with _HID) and
TPM spec defines ACPI method to handle TPM specific request.

2. Is identify method needed? 

Writing device hint will attach isa child driver, I think.

3.Module build

I don't know it is proper in TPM nature.

===
diff -ruN src/sys/dev/tpm/tpm.c src.new/sys/dev/tpm/tpm.c
--- src/sys/dev/tpm/tpm.c	2010-08-04 12:39:05.000000000 +0900
+++ src.new/sys/dev/tpm/tpm.c	2010-08-04 12:27:41.000000000 +0900
@@ -264,15 +264,22 @@
 int tpm_legacy_end(struct tpm_softc *, int, int);
 
 #ifdef __FreeBSD__
+static struct isa_pnp_id tpm_ids[] = {
+	{0x32021114, "Trusted Platform Module"},
+
+	{0}
+};
+
 /*
  * FreeBSD specific code for probing and attaching TPM to device tree.
  */
+#if 0
 static void
 tpm_identify(driver_t *driver, device_t parent)
 {
 	BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
 }
-
+#endif
 static int
 tpm_probe(device_t dev)
 {
@@ -281,8 +288,14 @@
 	bus_space_handle_t ioh;
 	struct resource *mem_res;
 	int rv, mem_rid;
+	int ret;
 
 	bzero(sc, sizeof(struct tpm_softc));
+	
+	if((ret = ISA_PNP_PROBE(device_get_parent(dev), dev, tpm_ids))
+	   <= 0){
+			return ret;
+	}
 
 	mem_rid = 0;
 	mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid,
@@ -362,7 +375,9 @@
 }
 
 static device_method_t tpm_methods[] = {
+#if 0
 	DEVMETHOD(device_identify,	tpm_identify),
+#endif
 	DEVMETHOD(device_probe,		tpm_probe),
 	DEVMETHOD(device_attach,	tpm_attach),
 	DEVMETHOD(device_suspend,	tpm_suspend),
@@ -377,6 +392,7 @@
 static devclass_t tpm_devclass;
 
 DRIVER_MODULE(tpm, isa, tpm_driver, tpm_devclass, 0, 0);
+DRIVER_MODULE(tpm, acpi, tpm_driver, tpm_devclass, 0, 0);
 #else
 /*
  * OpenBSD specific code for probing and attaching TPM to device tree.
diff -ruN src/sys/modules/tpm/Makefile src.new/sys/modules/tpm/Makefile
--- src/sys/modules/tpm/Makefile	1970-01-01 09:00:00.000000000 +0900
+++ src.new/sys/modules/tpm/Makefile	2010-08-04 12:43:59.000000000 +0900
@@ -0,0 +1,8 @@
+# $FreeBSD$
+
+.PATH:	${.CURDIR}/../../dev/tpm
+
+KMOD=	tpm
+SRCS=	tpm.c isa_if.h opt_acpi.h acpi_if.h bus_if.h device_if.h
+
+.include <bsd.kmod.mk>





More information about the freebsd-current mailing list