185 lines
6.7 KiB
Plaintext
185 lines
6.7 KiB
Plaintext
|
|
TPM Device Driver for CentOS 7 (Linux version 3.10)
|
|
===============================================================================
|
|
|
|
===============================================================================
|
|
|
|
Kam Nasim <kam.nasim@windriver.com>
|
|
Copyright (c) 2017 Wind River Systems, Inc.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
April, 2017
|
|
|
|
===============================================================================
|
|
|
|
Contents
|
|
--------
|
|
|
|
- Overview
|
|
- Rebasing Guidelines
|
|
- Changesets
|
|
|
|
================================================================================
|
|
|
|
|
|
Important Notes
|
|
---------------
|
|
|
|
Out-of-tree tpmdd now supported for RT Kernel
|
|
----------------------------------------------
|
|
|
|
The RT Kernel also uses the TPM kernel module. The out of kernel
|
|
tpmdd (kmod-tpm) package is installed on the RT kernel
|
|
|
|
Supports both TPM 1.2 and TPM 2.0 TCG Specifications
|
|
-------------------------------------------------------------
|
|
|
|
The entire TPM device driver set is now built out of tree, and supports both
|
|
TPM v1.2 and v2.0 TCG version of the device
|
|
|
|
IMA support disabled in Kernel
|
|
------------------------------------------------
|
|
|
|
TPM based Integrity Measurement Architecture (IMA) has been disabled in the Kernel,
|
|
since it requires the TPM driver to be built-in to the kernel so that it is available
|
|
during bootup to set up the PCR banks. Since the in-kernel TPM driver will trump our
|
|
out-of-tree TPM kernel modules, IMA support has been disabled and would require some
|
|
refactoring if it is to be used with this driver pack.
|
|
|
|
No support for legacy STMicroelectronics ST33ZP24 TPM drivers
|
|
--------------------------------------------------------------
|
|
|
|
Owing to a large number of dependency issues in the v3.10 Kernel, this driver
|
|
pack excludes the STM (ST33ZP24) drivers. These are legacy drivers for the
|
|
TPM 1.2 specification only, and would not apply to TPM 2.0 devices.
|
|
|
|
|
|
Overview
|
|
--------
|
|
|
|
This driver pack build TPM kernel modules for the 3.10 kernel version.
|
|
If newer kernel version are to be supported in the future then the COMPAT
|
|
layer (kcompat.h) will need to be adjusted to address kernel-driver compatibility
|
|
issues.
|
|
|
|
It supports Linux supported x86_64 systems.
|
|
|
|
These drivers are only supported as a loadable module at this time.
|
|
|
|
|
|
Rebasing Guidelines
|
|
--------------------
|
|
|
|
On rebasing TiC software heed the following:
|
|
- always rebase the Kernel first before rebasing this package
|
|
- get the HEAD from the tpmdd repo and generate a tarball, the tarball
|
|
should follow the naming convention: tpm-kmod-<gitHEAD>; use the short-hand
|
|
form of the git commit ID (8 characters)
|
|
- update the tpm-kmod spec to Source the new tarball
|
|
- apply all existing patches against the new tarball, and adjust the kcompat
|
|
layer (kcompat.h and common.mk) accordingly
|
|
|
|
|
|
================================================================================
|
|
|
|
|
|
Change Sets
|
|
-------------------------
|
|
|
|
This driver is a fork from the tpmdd repo:
|
|
https://sourceforge.net/projects/tpmdd/
|
|
http://git.infradead.org/users/jjs/linux-tpmdd.git/
|
|
|
|
Sync Head: 668a827057187403999b7ecfcf86b59979c8c3b2
|
|
|
|
COMPAT NOTES:
|
|
|
|
1. In newer kernels, IDR has been re-implemented using Radix trees:
|
|
|
|
commit 0a835c4f090af2c76fc2932c539c3b32fd21fbbb
|
|
Author: Matthew Wilcox <mawilcox@microsoft.com>
|
|
Date: Tue Dec 20 10:27:56 2016 -0500
|
|
|
|
Reimplement IDR and IDA using the radix tree
|
|
|
|
The IDR is very similar to the radix tree. It has some functionality that
|
|
the radix tree did not have (alloc next free, cyclic allocation, a
|
|
callback-based for_each, destroy tree), which is readily implementable on
|
|
top of the radix tree. A few small changes were needed in order to use a
|
|
tag to represent nodes with free space below them. More extensive
|
|
changes were needed to support storing NULL as a valid entry in an IDR.
|
|
Plain radix trees still interpret NULL as a not-present entry.
|
|
|
|
The IDA is reimplemented as a client of the newly enhanced radix tree. As
|
|
in the current implementation, it uses a bitmap at the last level of the
|
|
tree.
|
|
|
|
Signed-off-by: Matthew Wilcox <willy@infradead.org>
|
|
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
|
|
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
|
|
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
|
|
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
|
|
Cc: Tejun Heo <tj@kernel.org>
|
|
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
|
|
|
The compat layer therefore needs to redefine the idr_destroy() to
|
|
use the original idr.h based defination and not the one found in radix-trees.h
|
|
|
|
|
|
2. In newer kernels, a wrapper has been developed around inode mutex un/lock
|
|
|
|
commit 5955102c9984fa081b2d570cfac75c97eecf8f3b
|
|
Author: Al Viro <viro@zeniv.linux.org.uk>
|
|
Date: Fri Jan 22 15:40:57 2016 -0500
|
|
|
|
wrappers for ->i_mutex access
|
|
|
|
parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
|
|
inode_foo(inode) being mutex_foo(&inode->i_mutex).
|
|
|
|
Please, use those for access to ->i_mutex; over the coming cycle
|
|
->i_mutex will become rwsem, with ->lookup() done with it held
|
|
only shared.
|
|
|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
|
|
The compat layer needs to replace all instances of inode locking
|
|
with the underlying mutex locking/unlocking calls
|
|
|
|
|
|
3. In newer kernels, ACPI memory map cleanup routines have changed
|
|
|
|
commit a238317ce8185519ed083e81e84260907fbbcf7f
|
|
Author: Lv Zheng <lv.zheng@intel.com>
|
|
Date: Tue May 20 15:39:41 2014 +0800
|
|
|
|
ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem.
|
|
|
|
ACPICA doesn't include protections around address space checking, Linux
|
|
build tests always complain increased sparse warnings around ACPICA
|
|
internal acpi_os_map/unmap_memory() invocations. This patch tries to fix
|
|
this issue permanently.
|
|
|
|
The compat layer needs to replace all instances of ACPI iomem map/unmapping with
|
|
the legacy os memory mapping/unmapping calls
|
|
|
|
|
|
4. In newer kernels, Infineon PNP module loading/unloading ops have changed
|
|
|
|
commit 1551660369d00a7e8cdfa12e9af132053eb67140
|
|
Author: Peter Huewe <PeterHuewe@gmx.de>
|
|
Date: Mon Mar 16 21:46:31 2015 +0100
|
|
|
|
PNP: tpm/tpm_infineon: Use module_pnp_driver to register driver
|
|
|
|
Removing some boilerplate by using module_pnp_driver instead of calling
|
|
register and unregister in the otherwise empty init/exit functions
|
|
|
|
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
|
|
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
|
|
The compat layer needs to continue loading the PNP module the old way
|
|
using explicit init() and exit() functions
|