From de6b29ab9d1a90a56874e6b33d35b5bf077acbfc Mon Sep 17 00:00:00 2001
From: David Tolnay <dtolnay@chromium.org>
Date: Thu, 20 Dec 2018 11:49:46 -0800
Subject: tpm: Virtio tpm device

This CL adds a "tpm" Cargo cfg to crosvm which enables a TPM device
backed by libtpm2 simulator.

Tested by running the following inside cros_sdk:

    LIBRARY_PATH=~/src/minijail LD_LIBRARY_PATH=~/src/minijail \
        cargo run --release \
        --features tpm \
        -- \
        run \
        -r rootfs.ext4 \
        --seccomp-policy-dir seccomp/x86_64/ \
        -p init=/bin/bash \
        -p panic=-1 \
        --disable-sandbox \
        vmlinux.bin

with a Linux image built from CL:1387655.

The TPM self test completes successfully with the following output:

    https://paste.googleplex.com/5996075978588160?raw

Justin's TPM playground runs with the following trace output.

    https://paste.googleplex.com/4909751007707136?raw

Design doc: go/vtpm-for-glinux

TEST=ran TPM playground program inside crosvm
TEST=local kokoro
BUG=chromium:911799

Change-Id: I2feb24a3e38cba91f62c6d2cd1f378de4dd03ecf
Reviewed-on: https://chromium-review.googlesource.com/1387624
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
---
 src/linux.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/linux.rs')

diff --git a/src/linux.rs b/src/linux.rs
index ff6b133..1dcedbe 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -304,6 +304,21 @@ fn create_virtio_devs(
         jail: rng_jail,
     });
 
+    #[cfg(feature = "tpm")]
+    {
+        let tpm_box = Box::new(devices::virtio::Tpm::new());
+        let tpm_jail = if cfg.multiprocess {
+            let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy");
+            Some(create_base_minijail(empty_root_path, &policy_path)?)
+        } else {
+            None
+        };
+        devs.push(VirtioDeviceStub {
+            dev: tpm_box,
+            jail: tpm_jail,
+        });
+    }
+
     let balloon_box = Box::new(
         devices::virtio::Balloon::new(balloon_device_socket).map_err(Error::BalloonDeviceNew)?,
     );
-- 
cgit 1.4.1