TPM Device Driver for CentOS 7 (Linux version 3.10) =============================================================================== =============================================================================== Kam Nasim Copyright (c) 2017 Wind River Systems, Inc. SPDX-License-Identifier: Apache-2.0 April, 2017 =============================================================================== Contents -------- - Overview - Rebasing Guidelines - Changesets ================================================================================ Important Notes --------------- Out-of-tree tpmdd now supported for RT Kernel ---------------------------------------------- The RT Kernel also uses the TPM kernel module. The out of kernel tpmdd (kmod-tpm) package is installed on the RT kernel Supports both TPM 1.2 and TPM 2.0 TCG Specifications ------------------------------------------------------------- The entire TPM device driver set is now built out of tree, and supports both TPM v1.2 and v2.0 TCG version of the device IMA support disabled in Kernel ------------------------------------------------ TPM based Integrity Measurement Architecture (IMA) has been disabled in the Kernel, since it requires the TPM driver to be built-in to the kernel so that it is available during bootup to set up the PCR banks. Since the in-kernel TPM driver will trump our out-of-tree TPM kernel modules, IMA support has been disabled and would require some refactoring if it is to be used with this driver pack. No support for legacy STMicroelectronics ST33ZP24 TPM drivers -------------------------------------------------------------- Owing to a large number of dependency issues in the v3.10 Kernel, this driver pack excludes the STM (ST33ZP24) drivers. These are legacy drivers for the TPM 1.2 specification only, and would not apply to TPM 2.0 devices. Overview -------- This driver pack build TPM kernel modules for the 3.10 kernel version. If newer kernel version are to be supported in the future then the COMPAT layer (kcompat.h) will need to be adjusted to address kernel-driver compatibility issues. It supports Linux supported x86_64 systems. These drivers are only supported as a loadable module at this time. Rebasing Guidelines -------------------- On rebasing TiC software heed the following: - always rebase the Kernel first before rebasing this package - get the HEAD from the tpmdd repo and generate a tarball, the tarball should follow the naming convention: tpm-kmod-; use the short-hand form of the git commit ID (8 characters) - update the tpm-kmod spec to Source the new tarball - apply all existing patches against the new tarball, and adjust the kcompat layer (kcompat.h and common.mk) accordingly ================================================================================ Change Sets ------------------------- This driver is a fork from the tpmdd repo: https://sourceforge.net/projects/tpmdd/ http://git.infradead.org/users/jjs/linux-tpmdd.git/ Sync Head: 668a827057187403999b7ecfcf86b59979c8c3b2 COMPAT NOTES: 1. In newer kernels, IDR has been re-implemented using Radix trees: commit 0a835c4f090af2c76fc2932c539c3b32fd21fbbb Author: Matthew Wilcox Date: Tue Dec 20 10:27:56 2016 -0500 Reimplement IDR and IDA using the radix tree The IDR is very similar to the radix tree. It has some functionality that the radix tree did not have (alloc next free, cyclic allocation, a callback-based for_each, destroy tree), which is readily implementable on top of the radix tree. A few small changes were needed in order to use a tag to represent nodes with free space below them. More extensive changes were needed to support storing NULL as a valid entry in an IDR. Plain radix trees still interpret NULL as a not-present entry. The IDA is reimplemented as a client of the newly enhanced radix tree. As in the current implementation, it uses a bitmap at the last level of the tree. Signed-off-by: Matthew Wilcox Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Tejun Heo Signed-off-by: Andrew Morton The compat layer therefore needs to redefine the idr_destroy() to use the original idr.h based defination and not the one found in radix-trees.h 2. In newer kernels, a wrapper has been developed around inode mutex un/lock commit 5955102c9984fa081b2d570cfac75c97eecf8f3b Author: Al Viro Date: Fri Jan 22 15:40:57 2016 -0500 wrappers for ->i_mutex access parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested}, inode_foo(inode) being mutex_foo(&inode->i_mutex). Please, use those for access to ->i_mutex; over the coming cycle ->i_mutex will become rwsem, with ->lookup() done with it held only shared. Signed-off-by: Al Viro The compat layer needs to replace all instances of inode locking with the underlying mutex locking/unlocking calls 3. In newer kernels, ACPI memory map cleanup routines have changed commit a238317ce8185519ed083e81e84260907fbbcf7f Author: Lv Zheng Date: Tue May 20 15:39:41 2014 +0800 ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem. ACPICA doesn't include protections around address space checking, Linux build tests always complain increased sparse warnings around ACPICA internal acpi_os_map/unmap_memory() invocations. This patch tries to fix this issue permanently. The compat layer needs to replace all instances of ACPI iomem map/unmapping with the legacy os memory mapping/unmapping calls 4. In newer kernels, Infineon PNP module loading/unloading ops have changed commit 1551660369d00a7e8cdfa12e9af132053eb67140 Author: Peter Huewe Date: Mon Mar 16 21:46:31 2015 +0100 PNP: tpm/tpm_infineon: Use module_pnp_driver to register driver Removing some boilerplate by using module_pnp_driver instead of calling register and unregister in the otherwise empty init/exit functions Signed-off-by: Peter Huewe Signed-off-by: Rafael J. Wysocki The compat layer needs to continue loading the PNP module the old way using explicit init() and exit() functions