Driver tpm(4) and third party packages for trusted platform
modules
Takanori Watanabe
takawata at init-main.com
Wed Aug 4 03:49:51 UTC 2010
In message <20100802120236.GB29950 at modermoor.genua.de>, Hans-Joerg Hoexer wrote:
>Hi,
>
>we have developed a driver tpm(4) for various TPMs for OpenBSD 4.7 and
>FreeBSD 8.0 and have ported and updated several third party packages to
>enable use of TPMs on Open- and FreeBSD. This enables applications like
>OpenSSH to generate and store private keys inside a TPM.
>
>The supported TPMs are:
>
>- Atmel 97SC3203
>- Broadcom BCM0102
>- Infineon SLB 9635 TT 1.2
>- Intel INTC0102
>- Sinosun SNS SSX35
>- STM ST19WP18
>- Winbond WEC WPCT200
>
>The supported third party packages are:
>
>- openCryptoki 2.3.1: An PKCS#11 implementation, including support
> for TPMs. OpenSSH can use this library to generate and store private
> RSA keys inside a TPM.
>- openssl_tpm_engine 0.4.1: An openssl engine supporting TPMs.
>- tpm-emulator 0.7.0: An emulator providing the functionality of a TPM.
> Used for development purposes.
>- tpm-tools 1.3.5: Various tools for managing a TPM, including key
> generation.
>- trousers 0.3.5: An implementation of the Trusted Software Stack.
> This is the backend libary for the afore mentioned packages.
>- trousers testsuite 0.2: A testsuite for trousers.
>- TrustedGRUB 1.1.4: An TPM enabled version of grub, including support
> for natively booting OpenBSD.
>
>A patch including the driver tpm(4) is attached, more information,
>full source code and patches for third party packages can be found at
>http://bsssd.sourceforge.net.
Nice!
Quick review and hack:
1.How about attaching it as acpi child driver?
In some case, TPM may appear in ACPI namespace (with _HID) and
TPM spec defines ACPI method to handle TPM specific request.
2. Is identify method needed?
Writing device hint will attach isa child driver, I think.
3.Module build
I don't know it is proper in TPM nature.
===
diff -ruN src/sys/dev/tpm/tpm.c src.new/sys/dev/tpm/tpm.c
--- src/sys/dev/tpm/tpm.c 2010-08-04 12:39:05.000000000 +0900
+++ src.new/sys/dev/tpm/tpm.c 2010-08-04 12:27:41.000000000 +0900
@@ -264,15 +264,22 @@
int tpm_legacy_end(struct tpm_softc *, int, int);
#ifdef __FreeBSD__
+static struct isa_pnp_id tpm_ids[] = {
+ {0x32021114, "Trusted Platform Module"},
+
+ {0}
+};
+
/*
* FreeBSD specific code for probing and attaching TPM to device tree.
*/
+#if 0
static void
tpm_identify(driver_t *driver, device_t parent)
{
BUS_ADD_CHILD(parent, ISA_ORDER_SPECULATIVE, "tpm", 0);
}
-
+#endif
static int
tpm_probe(device_t dev)
{
@@ -281,8 +288,14 @@
bus_space_handle_t ioh;
struct resource *mem_res;
int rv, mem_rid;
+ int ret;
bzero(sc, sizeof(struct tpm_softc));
+
+ if((ret = ISA_PNP_PROBE(device_get_parent(dev), dev, tpm_ids))
+ <= 0){
+ return ret;
+ }
mem_rid = 0;
mem_res = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &mem_rid,
@@ -362,7 +375,9 @@
}
static device_method_t tpm_methods[] = {
+#if 0
DEVMETHOD(device_identify, tpm_identify),
+#endif
DEVMETHOD(device_probe, tpm_probe),
DEVMETHOD(device_attach, tpm_attach),
DEVMETHOD(device_suspend, tpm_suspend),
@@ -377,6 +392,7 @@
static devclass_t tpm_devclass;
DRIVER_MODULE(tpm, isa, tpm_driver, tpm_devclass, 0, 0);
+DRIVER_MODULE(tpm, acpi, tpm_driver, tpm_devclass, 0, 0);
#else
/*
* OpenBSD specific code for probing and attaching TPM to device tree.
diff -ruN src/sys/modules/tpm/Makefile src.new/sys/modules/tpm/Makefile
--- src/sys/modules/tpm/Makefile 1970-01-01 09:00:00.000000000 +0900
+++ src.new/sys/modules/tpm/Makefile 2010-08-04 12:43:59.000000000 +0900
@@ -0,0 +1,8 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../dev/tpm
+
+KMOD= tpm
+SRCS= tpm.c isa_if.h opt_acpi.h acpi_if.h bus_if.h device_if.h
+
+.include <bsd.kmod.mk>
More information about the freebsd-current
mailing list