1
/******************************************************************************
2
 * tpmif.h
3
 *
4
 * TPM I/O interface for Xen guest OSes.
5
 *
6
 * Permission is hereby granted, free of charge, to any person obtaining a copy
7
 * of this software and associated documentation files (the "Software"), to
8
 * deal in the Software without restriction, including without limitation the
9
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10
 * sell copies of the Software, and to permit persons to whom the Software is
11
 * furnished to do so, subject to the following conditions:
12
 *
13
 * The above copyright notice and this permission notice shall be included in
14
 * all copies or substantial portions of the Software.
15
 *
16
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22
 * DEALINGS IN THE SOFTWARE.
23
 *
24
 * Copyright (c) 2005, IBM Corporation
25
 *
26
 * Author: Stefan Berger, [email protected]
27
 * Grant table support: Mahadevan Gomathisankaran
28
 *
29
 * This code has been derived from tools/libxc/xen/io/netif.h
30
 *
31
 * Copyright (c) 2003-2004, Keir Fraser
32
 */
33

34
#ifndef __XEN_PUBLIC_IO_TPMIF_H__
35
#define __XEN_PUBLIC_IO_TPMIF_H__
36

37
#include "../grant_table.h"
38

39
struct tpmif_tx_request {
40
    unsigned long addr;   /* Machine address of packet.   */
41
    grant_ref_t ref;      /* grant table access reference */
42
    uint16_t unused;
43
    uint16_t size;        /* Packet size in bytes.        */
44
};
45
typedef struct tpmif_tx_request tpmif_tx_request_t;
46

47
/*
48
 * The TPMIF_TX_RING_SIZE defines the number of pages the
49
 * front-end and backend can exchange (= size of array).
50
 */
51
typedef uint32_t TPMIF_RING_IDX;
52

53
#define TPMIF_TX_RING_SIZE 1
54

55
/* This structure must fit in a memory page. */
56

57
struct tpmif_ring {
58
    struct tpmif_tx_request req;
59
};
60
typedef struct tpmif_ring tpmif_ring_t;
61

62
struct tpmif_tx_interface {
63
    struct tpmif_ring ring[TPMIF_TX_RING_SIZE];
64
};
65
typedef struct tpmif_tx_interface tpmif_tx_interface_t;
66

67
/******************************************************************************
68
 * TPM I/O interface for Xen guest OSes, v2
69
 *
70
 * Author: Daniel De Graaf <[email protected]>
71
 *
72
 * This protocol emulates the request/response behavior of a TPM using a Xen
73
 * shared memory interface. All interaction with the TPM is at the direction
74
 * of the frontend, since a TPM (hardware or virtual) is a passive device -
75
 * the backend only processes commands as requested by the frontend.
76
 *
77
 * The frontend sends a request to the TPM by populating the shared page with
78
 * the request packet, changing the state to TPMIF_STATE_SUBMIT, and sending
79
 * and event channel notification. When the backend is finished, it will set
80
 * the state to TPMIF_STATE_FINISH and send an event channel notification.
81
 *
82
 * In order to allow long-running commands to be canceled, the frontend can
83
 * at any time change the state to TPMIF_STATE_CANCEL and send a notification.
84
 * The TPM can either finish the command (changing state to TPMIF_STATE_FINISH)
85
 * or can cancel the command and change the state to TPMIF_STATE_IDLE. The TPM
86
 * can also change the state to TPMIF_STATE_IDLE instead of TPMIF_STATE_FINISH
87
 * if another reason for cancellation is required - for example, a physical
88
 * TPM may cancel a command if the interface is seized by another locality.
89
 *
90
 * The TPM command format is defined by the TCG, and is available at
91
 * http://www.trustedcomputinggroup.org/resources/tpm_main_specification
92
 */
93

94
enum tpmif_state {
95
    TPMIF_STATE_IDLE,        /* no contents / vTPM idle / cancel complete */
96
    TPMIF_STATE_SUBMIT,      /* request ready / vTPM working */
97
    TPMIF_STATE_FINISH,      /* response ready / vTPM idle */
98
    TPMIF_STATE_CANCEL,      /* cancel requested / vTPM working */
99
};
100
/* Note: The backend should only change state to IDLE or FINISH, while the
101
 * frontend should only change to SUBMIT or CANCEL. Status changes do not need
102
 * to use atomic operations.
103
 */
104

105

106
/* The shared page for vTPM request/response packets looks like:
107
 *
108
 *  Offset               Contents
109
 *  =================================================
110
 *  0                    struct tpmif_shared_page
111
 *  16                   [optional] List of grant IDs
112
 *  16+4*nr_extra_pages  TPM packet data
113
 *
114
 * If the TPM packet data extends beyond the end of a single page, the grant IDs
115
 * defined in extra_pages are used as if they were mapped immediately following
116
 * the primary shared page. The grants are allocated by the frontend and mapped
117
 * by the backend. Before sending a request spanning multiple pages, the
118
 * frontend should verify that the TPM supports such large requests by querying
119
 * the TPM_CAP_PROP_INPUT_BUFFER property from the TPM.
120
 */
121
struct tpmif_shared_page {
122
    uint32_t length;         /* request/response length in bytes */
123

124
    uint8_t state;           /* enum tpmif_state */
125
    uint8_t locality;        /* for the current request */
126
    uint8_t pad;             /* should be zero */
127

128
    uint8_t nr_extra_pages;  /* extra pages for long packets; may be zero */
129
    uint32_t extra_pages[0]; /* grant IDs; length is actually nr_extra_pages */
130
};
131
typedef struct tpmif_shared_page tpmif_shared_page_t;
132

133
#endif
134

135
/*
136
 * Local variables:
137
 * mode: C
138
 * c-file-style: "BSD"
139
 * c-basic-offset: 4
140
 * tab-width: 4
141
 * indent-tabs-mode: nil
142
 * End:
143
 */
144

145