search

coconut-svsm / svsm

COCONUT-SVSM
MIT License
122 stars 42 forks source link

vTPM: switch from MS TPM to TCG TPM #514

Closed stefano-garzarella closed 1 week ago

stefano-garzarella commented 2 weeks ago

Let's switch to the official TPM 2.0 Reference Implementation hosted in https://github.com/TrustedComputingGroup/TPM.

We now use the 1.83 version, commit 97c2783 ("Trusted Computing Group (TCG) TPM Specification 1.83 Release reference code. (#262)").

Patches 1 and 2 are in prep and just do a renaming of the library and feature. Patch 3 is a hack to avoid our TPM fork to disable pthread checking. I also opened an upstream PR (https://github.com/TrustedComputingGroup/TPM/pull/6) to better support this use case. Patch 4 switched from our fork to Microsoft's upstream repo (same code except for the patch to disable pthread check). Patch 5 is just a speed-up for the build. Patch 6 is a workaround for an issue in the TCG TPM (see https://github.com/TrustedComputingGroup/TPM/pull/7). Patch 7 is the real switch to the TCG TPM.

To try this PR on an already cloned repo, I suggest the following steps:

# clean all generated files to avoid having folders with left-overs
git clean -xfd
git submodule foreach --recursive git clean -xfd

# sync urls and update/init git submodules
git submodule sync
git submodule update --init

Thanks to @cclaudio for some suggestions!

Fixes: #440 Suggested-by: James E.J. Bottomley James.Bottomley@HansenPartnership.com

stefano-garzarella commented 1 week ago

v2:

osteffenrh commented 1 week ago

in Commit 3:

 libtcgtpm: little hack to disable pthread check

The pthread library is only required for the simulator, but we
don't build it, so let's use this workaround to make the `cofigure`
happy and avoid checks that the pthread is available.

cofigure -> configure

osteffenrh commented 1 week ago

in Commit 3:

 libtcgtpm: little hack to disable pthread check

The pthread library is only required for the simulator, but we
don't build it, so let's use this workaround to make the `cofigure`
happy and avoid checks that the pthread is available.

cofigure -> configure

Apart from that: :heavy_check_mark:

stefano-garzarella commented 1 week ago

in Commit 3:

 libtcgtpm: little hack to disable pthread check

The pthread library is only required for the simulator, but we
don't build it, so let's use this workaround to make the `cofigure`
happy and avoid checks that the pthread is available.

cofigure -> configure

Thanks for spotting it! Fixed now!