diff options
| author | David Tolnay <dtolnay@chromium.org> | 2019-03-01 16:18:44 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-02 17:41:27 -0800 |
| commit | 41a6f84d857c5b5f6ee612f9654c87dca10f3b54 (patch) | |
| tree | 3b4c8aaa8087c76cbecc9e8c1244c47b6329f46d /devices/src/virtio/tpm.rs | |
| parent | 48c4829540b04fb1a6f9ea0343f6c68b8c72606e (diff) | |
| download | crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar.gz crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar.bz2 crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar.lz crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar.xz crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.tar.zst crosvm-41a6f84d857c5b5f6ee612f9654c87dca10f3b54.zip | |
tpm: Store TPM state under /run/vm
When running in multiprocess mode, such as on a device, TPM state gets
placed in /run/vm/tpm.{pid} (e.g. /run/vm/tpm.22726) where pid is the
pid of the original crosvm process. The TPM simulator will write a
single file called NVChip of size 16384 bytes into this directory. The
directory and NVChip file will have uid and pid set to crosvm.
When running without multiprocess mode / without minijail / probably in
cros_sdk, TPM state is placed in /tmp/tpm-simulator as before. The
/run/vm directory is not present under cros_sdk.
Will follow up with a separate CL to remove the TPM state directory at
crosvm exit.
Tested by running the following on a grunt board (Barla) in dev mode:
sudo crosvm run \
--root rootfs.ext4 \
--socket crosvm.sock \
--seccomp-policy-dir seccomp \
--software-tpm \
-p init=/bin/bash \
-p panic=-1 \
vmlinux.bin
and confirming that /dev/tpm0 and /dev/tpmrm0 are present in the VM.
BUG=chromium:921841
TEST=manual testing on grunt
Change-Id: I1868896b9eb6f510d8b97022ba950b3604d9d40b
Reviewed-on: https://chromium-review.googlesource.com/1496910
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'devices/src/virtio/tpm.rs')
| -rw-r--r-- | devices/src/virtio/tpm.rs | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/devices/src/virtio/tpm.rs b/devices/src/virtio/tpm.rs index e5c17e9..63e4d72 100644 --- a/devices/src/virtio/tpm.rs +++ b/devices/src/virtio/tpm.rs @@ -7,6 +7,7 @@ use std::fmt::{self, Display}; use std::fs; use std::ops::BitOrAssign; use std::os::unix::io::RawFd; +use std::path::PathBuf; use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::thread; @@ -27,10 +28,6 @@ const QUEUE_SIZES: &[u16] = &[QUEUE_SIZE]; // There is no hard requirement that the value is the same but it makes sense. const TPM_BUFSIZE: usize = 4096; -// Simply store TPM state in /tmp/tpm-simulator. Before shipping this feature, -// will need to move state under /run/vm instead. https://crbug.com/921841 -const SIMULATOR_DIR: &str = "/tmp/tpm-simulator"; - struct Worker { queue: Queue, mem: GuestMemory, @@ -194,12 +191,16 @@ impl Worker { /// Virtio vTPM device. pub struct Tpm { + storage: PathBuf, kill_evt: Option<EventFd>, } impl Tpm { - pub fn new() -> Tpm { - Tpm { kill_evt: None } + pub fn new(storage: PathBuf) -> Tpm { + Tpm { + storage, + kill_evt: None, + } } } @@ -239,11 +240,11 @@ impl VirtioDevice for Tpm { let queue = queues.remove(0); let queue_evt = queue_evts.remove(0); - if let Err(err) = fs::create_dir_all(SIMULATOR_DIR) { + if let Err(err) = fs::create_dir_all(&self.storage) { error!("vtpm failed to create directory for simulator: {}", err); return; } - if let Err(err) = env::set_current_dir(SIMULATOR_DIR) { + if let Err(err) = env::set_current_dir(&self.storage) { error!("vtpm failed to change into simulator directory: {}", err); return; } |