1 files changed, 0 insertions, 1059 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0010-tpm-Added-support-for-TPM-emulator.patch b/meta/recipes-devtools/qemu/qemu/0010-tpm-Added-support-for-TPM-emulator.patch
deleted file mode 100644
index 968e12e88a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0010-tpm-Added-support-for-TPM-emulator.patch
+++ /dev/null
@@ -1,1059 +0,0 @@
-From 70e73b7c6c7cf982d645db9c81c74588e6b10a2b Mon Sep 17 00:00:00 2001
-From: Amarnath Valluri <amarnath.valluri@intel.com>
-Date: Wed, 29 Mar 2017 15:39:41 +0300
-Subject: [PATCH 10/12] tpm: Added support for TPM emulator
-This change introduces a new TPM backend driver that can communicate with
-swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
-TPM emulator using QEMU's socket-based chardev backend device.
-Swtpm uses two Unix sockets for communications, one for plain TPM commands and
-responses, and one for out-of-band control messages. QEMU passes data socket to
-be used over the control channel.
-The swtpm and associated tools can be found here:
-    https://github.com/stefanberger/swtpm
-The swtpm's control channel protocol specification can be found here:
-    https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification
-Usage:
-    # setup TPM state directory
-    mkdir /tmp/mytpm
-    chown -R tss:root /tmp/mytpm
-    /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
-    # Ask qemu to use TPM emulator with given tpm state directory
-    qemu-system-x86_64 \
-        [...] \
-        -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
-        -tpmdev emulator,id=tpm0,chardev=chrtpm \
-        -device tpm-tis,tpmdev=tpm0 \
-        [...]
-Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
-Upstream-Status: Backport [f4ede81eed29e6140374177d1f2808248c5b5650]
---
- configure             |  13 +-
- hmp.c                 |   5 +
- hw/tpm/Makefile.objs  |   1 +
- hw/tpm/tpm_emulator.c | 583 ++++++++++++++++++++++++++++++++++++++++++++++++++
- hw/tpm/tpm_ioctl.h    | 246 +++++++++++++++++++++
- qapi-schema.json      |  18 +-
- qemu-options.hx       |  22 +-
- 7 files changed, 882 insertions(+), 6 deletions(-)
- create mode 100644 hw/tpm/tpm_emulator.c
- create mode 100644 hw/tpm/tpm_ioctl.h
-diff --git a/configure b/configure
-index dd73cce62f..9a25537096 100755
--- a/configure
-+++ b/configure
-@@ -3503,6 +3503,12 @@ else
-   tpm_passthrough=no
- fi
- 
-+# TPM emulator is for all posix systems
-+if test "$mingw32" != "yes"; then
-+  tpm_emulator=$tpm
-+else
-+  tpm_emulator=no
-+fi
- ##########################################
- # attr probe
- 
-@@ -5396,6 +5402,7 @@ echo "gcov enabled      $gcov"
- echo "TPM support       $tpm"
- echo "libssh2 support   $libssh2"
- echo "TPM passthrough   $tpm_passthrough"
-+echo "TPM emulator      $tpm_emulator"
- echo "QOM debugging     $qom_cast_debug"
- echo "Live block migration $live_block_migration"
- echo "lzo support       $lzo"
-@@ -5983,12 +5990,16 @@ else
-   echo "HOST_USB=stub" >> $config_host_mak
- fi
- 
-# TPM passthrough support?
- if test "$tpm" = "yes"; then
-   echo 'CONFIG_TPM=$(CONFIG_SOFTMMU)' >> $config_host_mak
-+  # TPM passthrough support?
-   if test "$tpm_passthrough" = "yes"; then
-     echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
-   fi
-+  # TPM emulator support?
-+  if test "$tpm_emulator" = "yes"; then
-+    echo "CONFIG_TPM_EMULATOR=y" >> $config_host_mak
-+  fi
- fi
- 
- echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak
-diff --git a/hmp.c b/hmp.c
-index fd80dce758..820aa8f002 100644
--- a/hmp.c
-+++ b/hmp.c
-@@ -995,6 +995,7 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
-     Error *err = NULL;
-     unsigned int c = 0;
-     TPMPassthroughOptions *tpo;
-+    TPMEmulatorOptions *teo;
- 
-     info_list = qmp_query_tpm(&err);
-     if (err) {
-@@ -1024,6 +1025,10 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
-                            tpo->has_cancel_path ? ",cancel-path=" : "",
-                            tpo->has_cancel_path ? tpo->cancel_path : "");
-             break;
-+        case TPM_TYPE_OPTIONS_KIND_EMULATOR:
-+            teo = ti->options->u.emulator.data;
-+            monitor_printf(mon, ",chardev=%s", teo->chardev);
-+            break;
-         case TPM_TYPE_OPTIONS_KIND__MAX:
-             break;
-         }
-diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
-index 64cecc3b67..41f0b7a590 100644
--- a/hw/tpm/Makefile.objs
-+++ b/hw/tpm/Makefile.objs
-@@ -1,2 +1,3 @@
- common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
- common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
-+common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o
-diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
-new file mode 100644
-index 0000000000..433bc4fa8a
--- /dev/null
-+++ b/hw/tpm/tpm_emulator.c
-@@ -0,0 +1,583 @@
-+/*
-+ *  Emulator TPM driver
-+ *
-+ *  Copyright (c) 2017 Intel Corporation
-+ *  Author: Amarnath Valluri <amarnath.valluri@intel.com>
-+ *
-+ *  Copyright (c) 2010 - 2013 IBM Corporation
-+ *  Authors:
-+ *    Stefan Berger <stefanb@us.ibm.com>
-+ *
-+ *  Copyright (C) 2011 IAIK, Graz University of Technology
-+ *    Author: Andreas Niederl
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, see <http://www.gnu.org/licenses/>
-+ *
-+ */
-+
-+#include "qemu/osdep.h"
-+#include "qemu/error-report.h"
-+#include "qemu/sockets.h"
-+#include "io/channel-socket.h"
-+#include "sysemu/tpm_backend.h"
-+#include "tpm_int.h"
-+#include "hw/hw.h"
-+#include "hw/i386/pc.h"
-+#include "tpm_util.h"
-+#include "tpm_ioctl.h"
-+#include "migration/blocker.h"
-+#include "qapi/error.h"
-+#include "qapi/clone-visitor.h"
-+#include "chardev/char-fe.h"
-+
-+#include <fcntl.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <stdio.h>
-+
-+#define DEBUG_TPM 0
-+
-+#define DPRINTF(fmt, ...) do { \
-+    if (DEBUG_TPM) { \
-+        fprintf(stderr, "tpm-emulator:"fmt"\n", ## __VA_ARGS__); \
-+    } \
-+} while (0)
-+
-+#define TYPE_TPM_EMULATOR "tpm-emulator"
-+#define TPM_EMULATOR(obj) \
-+    OBJECT_CHECK(TPMEmulator, (obj), TYPE_TPM_EMULATOR)
-+
-+#define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps & (cap)) == (cap))
-+
-+static const TPMDriverOps tpm_emulator_driver;
-+
-+/* data structures */
-+typedef struct TPMEmulator {
-+    TPMBackend parent;
-+
-+    TPMEmulatorOptions *options;
-+    CharBackend ctrl_chr;
-+    QIOChannel *data_ioc;
-+    TPMVersion tpm_version;
-+    ptm_cap caps; /* capabilities of the TPM */
-+    uint8_t cur_locty_number; /* last set locality */
-+    Error *migration_blocker;
-+} TPMEmulator;
-+
-+
-+static int tpm_emulator_ctrlcmd(CharBackend *dev, unsigned long cmd, void *msg,
-+                                size_t msg_len_in, size_t msg_len_out)
-+{
-+    uint32_t cmd_no = cpu_to_be32(cmd);
-+    ssize_t n = sizeof(uint32_t) + msg_len_in;
-+    uint8_t *buf = NULL;
-+
-+    buf = g_alloca(n);
-+    memcpy(buf, &cmd_no, sizeof(cmd_no));
-+    memcpy(buf + sizeof(cmd_no), msg, msg_len_in);
-+
-+    n = qemu_chr_fe_write_all(dev, buf, n);
-+    if (n <= 0) {
-+        return -1;
-+    }
-+
-+    if (msg_len_out != 0) {
-+        n = qemu_chr_fe_read_all(dev, msg, msg_len_out);
-+        if (n <= 0) {
-+            return -1;
-+        }
-+    }
-+
-+    return 0;
-+}
-+
-+static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,
-+                                     const uint8_t *in, uint32_t in_len,
-+                                     uint8_t *out, uint32_t out_len,
-+                                     bool *selftest_done,
-+                                     Error **err)
-+{
-+    ssize_t ret;
-+    bool is_selftest = false;
-+    const struct tpm_resp_hdr *hdr = NULL;
-+
-+    if (selftest_done) {
-+        *selftest_done = false;
-+        is_selftest = tpm_util_is_selftest(in, in_len);
-+    }
-+
-+    ret = qio_channel_write(tpm_emu->data_ioc, (char *)in, in_len, err);
-+    if (ret != in_len) {
-+        return -1;
-+    }
-+
-+    ret = qio_channel_read(tpm_emu->data_ioc, (char *)out, out_len, err);
-+    if (ret <= 0 || ret < sizeof(*hdr)) {
-+        return -1;
-+    }
-+
-+    hdr = (struct tpm_resp_hdr *)out;
-+    if (be32_to_cpu(hdr->len) != ret) {
-+        return -1;
-+    }
-+
-+    if (is_selftest) {
-+        *selftest_done = (be32_to_cpu(hdr->errcode) == 0);
-+    }
-+
-+    return 0;
-+}
-+
-+static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number)
-+{
-+    ptm_loc loc;
-+
-+    DPRINTF("%s : locality: 0x%x", __func__, locty_number);
-+
-+    if (tpm_emu->cur_locty_number == locty_number) {
-+        return 0;
-+    }
-+
-+    DPRINTF("setting locality : 0x%x", locty_number);
-+    loc.u.req.loc = locty_number;
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_SET_LOCALITY, &loc,
-+                             sizeof(loc), sizeof(loc)) < 0) {
-+        error_report("tpm-emulator: could not set locality : %s",
-+                     strerror(errno));
-+        return -1;
-+    }
-+
-+    loc.u.resp.tpm_result = be32_to_cpu(loc.u.resp.tpm_result);
-+    if (loc.u.resp.tpm_result != 0) {
-+        error_report("tpm-emulator: TPM result for set locality : 0x%x",
-+                     loc.u.resp.tpm_result);
-+        return -1;
-+    }
-+
-+    tpm_emu->cur_locty_number = locty_number;
-+
-+    return 0;
-+}
-+
-+static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    TPMLocality *locty = NULL;
-+    bool selftest_done = false;
-+    Error *err = NULL;
-+
-+    DPRINTF("processing command type %d", cmd);
-+
-+    switch (cmd) {
-+    case TPM_BACKEND_CMD_PROCESS_CMD:
-+        locty = tb->tpm_state->locty_data;
-+        if (tpm_emulator_set_locality(tpm_emu,
-+                                      tb->tpm_state->locty_number) < 0 ||
-+            tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
-+                                      locty->w_offset, locty->r_buffer.buffer,
-+                                      locty->r_buffer.size, &selftest_done,
-+                                      &err) < 0) {
-+            tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
-+                                                locty->r_buffer.size);
-+            error_report_err(err);
-+        }
-+
-+        tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
-+                               selftest_done);
-+
-+        break;
-+    case TPM_BACKEND_CMD_INIT:
-+    case TPM_BACKEND_CMD_END:
-+    case TPM_BACKEND_CMD_TPM_RESET:
-+        /* nothing to do */
-+        break;
-+    }
-+}
-+
-+static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
-+{
-+    DPRINTF("%s", __func__);
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_GET_CAPABILITY,
-+                         &tpm_emu->caps, 0, sizeof(tpm_emu->caps)) < 0) {
-+        error_report("tpm-emulator: probing failed : %s", strerror(errno));
-+        return -1;
-+    }
-+
-+    tpm_emu->caps = be64_to_cpu(tpm_emu->caps);
-+
-+    DPRINTF("capbilities : 0x%lx", tpm_emu->caps);
-+
-+    return 0;
-+}
-+
-+static int tpm_emulator_check_caps(TPMEmulator *tpm_emu)
-+{
-+    ptm_cap caps = 0;
-+    const char *tpm = NULL;
-+
-+    /* check for min. required capabilities */
-+    switch (tpm_emu->tpm_version) {
-+    case TPM_VERSION_1_2:
-+        caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED |
-+               PTM_CAP_SET_LOCALITY | PTM_CAP_SET_DATAFD;
-+        tpm = "1.2";
-+        break;
-+    case TPM_VERSION_2_0:
-+        caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED |
-+               PTM_CAP_SET_LOCALITY | PTM_CAP_RESET_TPMESTABLISHED |
-+               PTM_CAP_SET_DATAFD;
-+        tpm = "2";
-+        break;
-+    case TPM_VERSION_UNSPEC:
-+        error_report("tpm-emulator: TPM version has not been set");
-+        return -1;
-+    }
-+
-+    if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, caps)) {
-+        error_report("tpm-emulator: TPM does not implement minimum set of "
-+                     "required capabilities for TPM %s (0x%x)", tpm, (int)caps);
-+        return -1;
-+    }
-+
-+    return 0;
-+}
-+
-+static int tpm_emulator_startup_tpm(TPMBackend *tb)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    ptm_init init;
-+    ptm_res res;
-+
-+    DPRINTF("%s", __func__);
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_INIT, &init, sizeof(init),
-+                         sizeof(init)) < 0) {
-+        error_report("tpm-emulator: could not send INIT: %s",
-+                     strerror(errno));
-+        goto err_exit;
-+    }
-+
-+    res = be32_to_cpu(init.u.resp.tpm_result);
-+    if (res) {
-+        error_report("tpm-emulator: TPM result for CMD_INIT: 0x%x", res);
-+        goto err_exit;
-+    }
-+    return 0;
-+
-+err_exit:
-+    return -1;
-+}
-+
-+static bool tpm_emulator_get_tpm_established_flag(TPMBackend *tb)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    ptm_est est;
-+
-+    DPRINTF("%s", __func__);
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_GET_TPMESTABLISHED, &est,
-+                             0, sizeof(est)) < 0) {
-+        error_report("tpm-emulator: Could not get the TPM established flag: %s",
-+                     strerror(errno));
-+        return false;
-+    }
-+    DPRINTF("established flag: %0x", est.u.resp.bit);
-+
-+    return (est.u.resp.bit != 0);
-+}
-+
-+static int tpm_emulator_reset_tpm_established_flag(TPMBackend *tb,
-+                                                   uint8_t locty)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    ptm_reset_est reset_est;
-+    ptm_res res;
-+
-+    /* only a TPM 2.0 will support this */
-+    if (tpm_emu->tpm_version != TPM_VERSION_2_0) {
-+        return 0;
-+    }
-+
-+    reset_est.u.req.loc = tpm_emu->cur_locty_number;
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_RESET_TPMESTABLISHED,
-+                             &reset_est, sizeof(reset_est),
-+                             sizeof(reset_est)) < 0) {
-+        error_report("tpm-emulator: Could not reset the establishment bit: %s",
-+                     strerror(errno));
-+        return -1;
-+    }
-+
-+    res = be32_to_cpu(reset_est.u.resp.tpm_result);
-+    if (res) {
-+        error_report("tpm-emulator: TPM result for rest establixhed flag: 0x%x",
-+                     res);
-+        return -1;
-+    }
-+
-+    return 0;
-+}
-+
-+static void tpm_emulator_cancel_cmd(TPMBackend *tb)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    ptm_res res;
-+
-+    if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, PTM_CAP_CANCEL_TPM_CMD)) {
-+        DPRINTF("Backend does not support CANCEL_TPM_CMD");
-+        return;
-+    }
-+
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_CANCEL_TPM_CMD, &res, 0,
-+                             sizeof(res)) < 0) {
-+        error_report("tpm-emulator: Could not cancel command: %s",
-+                     strerror(errno));
-+    } else if (res != 0) {
-+        error_report("tpm-emulator: Failed to cancel TPM: 0x%x",
-+                     be32_to_cpu(res));
-+    }
-+}
-+
-+static TPMVersion tpm_emulator_get_tpm_version(TPMBackend *tb)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+
-+    return tpm_emu->tpm_version;
-+}
-+
-+static int tpm_emulator_block_migration(TPMEmulator *tpm_emu)
-+{
-+    Error *err = NULL;
-+
-+    error_setg(&tpm_emu->migration_blocker,
-+               "Migration disabled: TPM emulator not yet migratable");
-+    migrate_add_blocker(tpm_emu->migration_blocker, &err);
-+    if (err) {
-+        error_report_err(err);
-+        error_free(tpm_emu->migration_blocker);
-+        tpm_emu->migration_blocker = NULL;
-+    
-+        return -1;
-+    }
-+
-+    return 0;
-+}
-+
-+static int tpm_emulator_prepare_data_fd(TPMEmulator *tpm_emu)
-+{
-+    ptm_res res;
-+    Error *err = NULL;
-+    int fds[2] = { -1, -1 };
-+
-+    if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
-+        error_report("tpm-emulator: Failed to create socketpair");
-+        return -1;
-+    }
-+
-+    qemu_chr_fe_set_msgfds(&tpm_emu->ctrl_chr, fds + 1, 1);
-+
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_SET_DATAFD, &res, 0,
-+                    sizeof(res)) || res != 0) {
-+        error_report("tpm-emulator: Failed to send CMD_SET_DATAFD: %s",
-+                     strerror(errno));
-+        goto err_exit;
-+    }
-+
-+    tpm_emu->data_ioc = QIO_CHANNEL(qio_channel_socket_new_fd(fds[0], &err));
-+    if (err) {
-+        error_prepend(&err, "tpm-emulator: Failed to create io channel: ");
-+        error_report_err(err);
-+        goto err_exit;
-+    }
-+
-+    closesocket(fds[1]);
-+
-+    return 0;
-+
-+err_exit:
-+    closesocket(fds[0]);
-+    closesocket(fds[1]);
-+    return -1;
-+}
-+
-+static int tpm_emulator_handle_device_opts(TPMEmulator *tpm_emu, QemuOpts *opts)
-+{
-+    const char *value;
-+
-+    value = qemu_opt_get(opts, "chardev");
-+    if (value) {
-+        Error *err = NULL;
-+        Chardev *dev = qemu_chr_find(value);
-+
-+        if (!dev) {
-+            error_report("tpm-emulator: tpm chardev '%s' not found.", value);
-+            goto err;
-+        }
-+
-+        if (!qemu_chr_fe_init(&tpm_emu->ctrl_chr, dev, &err)) {
-+            error_prepend(&err, "tpm-emulator: No valid chardev found at '%s':",
-+                          value);
-+            error_report_err(err);
-+            goto err;
-+        }
-+
-+        tpm_emu->options->chardev = g_strdup(value);
-+    }
-+
-+    if (tpm_emulator_prepare_data_fd(tpm_emu) < 0) {
-+        goto err;
-+    }
-+
-+    /* FIXME: tpm_util_test_tpmdev() accepts only on socket fd, as it also used
-+     * by passthrough driver, which not yet using GIOChannel.
-+     */
-+    if (tpm_util_test_tpmdev(QIO_CHANNEL_SOCKET(tpm_emu->data_ioc)->fd,
-+                             &tpm_emu->tpm_version)) {
-+        error_report("'%s' is not emulating TPM device. Error: %s",
-+                      tpm_emu->options->chardev, strerror(errno));
-+        goto err;
-+    }
-+
-+    DPRINTF("TPM Version %s", tpm_emu->tpm_version == TPM_VERSION_1_2 ? "1.2" :
-+            (tpm_emu->tpm_version == TPM_VERSION_2_0 ?  "2.0" : "Unspecified"));
-+
-+    if (tpm_emulator_probe_caps(tpm_emu) ||
-+        tpm_emulator_check_caps(tpm_emu)) {
-+        goto err;
-+    }
-+
-+    return tpm_emulator_block_migration(tpm_emu);
-+
-+err:
-+    DPRINTF("Startup error");
-+    return -1;
-+}
-+
-+static TPMBackend *tpm_emulator_create(QemuOpts *opts, const char *id)
-+{
-+    TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR));
-+
-+    tb->id = g_strdup(id);
-+
-+    if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) {
-+        goto err_exit;
-+    }
-+
-+    return tb;
-+
-+err_exit:
-+    object_unref(OBJECT(tb));
-+
-+    return NULL;
-+}
-+
-+static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-+    TpmTypeOptions *options = g_new0(TpmTypeOptions, 1);
-+
-+    options->type = TPM_TYPE_OPTIONS_KIND_EMULATOR;
-+    options->u.emulator.data = QAPI_CLONE(TPMEmulatorOptions, tpm_emu->options);
-+
-+    return options;
-+}
-+
-+static const QemuOptDesc tpm_emulator_cmdline_opts[] = {
-+    TPM_STANDARD_CMDLINE_OPTS,
-+    {
-+        .name = "chardev",
-+        .type = QEMU_OPT_STRING,
-+        .help = "Character device to use for out-of-band control messages",
-+    },
-+    { /* end of list */ },
-+};
-+
-+static const TPMDriverOps tpm_emulator_driver = {
-+    .type                     = TPM_TYPE_EMULATOR,
-+    .opts                     = tpm_emulator_cmdline_opts,
-+    .desc                     = "TPM emulator backend driver",
-+
-+    .create                   = tpm_emulator_create,
-+    .startup_tpm              = tpm_emulator_startup_tpm,
-+    .cancel_cmd               = tpm_emulator_cancel_cmd,
-+    .get_tpm_established_flag = tpm_emulator_get_tpm_established_flag,
-+    .reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag,
-+    .get_tpm_version          = tpm_emulator_get_tpm_version,
-+    .get_tpm_options          = tpm_emulator_get_tpm_options,
-+};
-+
-+static void tpm_emulator_inst_init(Object *obj)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(obj);
-+
-+    DPRINTF("%s", __func__);
-+    tpm_emu->options = g_new0(TPMEmulatorOptions, 1);
-+    tpm_emu->cur_locty_number = ~0;
-+}
-+
-+/*
-+ * Gracefully shut down the external TPM
-+ */
-+static void tpm_emulator_shutdown(TPMEmulator *tpm_emu)
-+{
-+    ptm_res res;
-+
-+    if (tpm_emulator_ctrlcmd(&tpm_emu->ctrl_chr, CMD_SHUTDOWN, &res, 0,
-+                             sizeof(res)) < 0) {
-+        error_report("tpm-emulator: Could not cleanly shutdown the TPM: %s",
-+                     strerror(errno));
-+    } else if (res != 0) {
-+        error_report("tpm-emulator: TPM result for sutdown: 0x%x",
-+                     be32_to_cpu(res));
-+    }
-+}
-+
-+static void tpm_emulator_inst_finalize(Object *obj)
-+{
-+    TPMEmulator *tpm_emu = TPM_EMULATOR(obj);
-+
-+    tpm_emulator_shutdown(tpm_emu);
-+
-+    object_unref(OBJECT(tpm_emu->data_ioc));
-+
-+    qemu_chr_fe_deinit(&tpm_emu->ctrl_chr, false);
-+
-+    qapi_free_TPMEmulatorOptions(tpm_emu->options);
-+
-+    if (tpm_emu->migration_blocker) {
-+        migrate_del_blocker(tpm_emu->migration_blocker);
-+        error_free(tpm_emu->migration_blocker);
-+    }
-+}
-+
-+static void tpm_emulator_class_init(ObjectClass *klass, void *data)
-+{
-+    TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
-+    tbc->ops = &tpm_emulator_driver;
-+    tbc->handle_request = tpm_emulator_handle_request;
-+}
-+
-+static const TypeInfo tpm_emulator_info = {
-+    .name = TYPE_TPM_EMULATOR,
-+    .parent = TYPE_TPM_BACKEND,
-+    .instance_size = sizeof(TPMEmulator),
-+    .class_init = tpm_emulator_class_init,
-+    .instance_init = tpm_emulator_inst_init,
-+    .instance_finalize = tpm_emulator_inst_finalize,
-+};
-+
-+static void tpm_emulator_register(void)
-+{
-+    type_register_static(&tpm_emulator_info);
-+    tpm_register_driver(&tpm_emulator_driver);
-+}
-+
-+type_init(tpm_emulator_register)
-diff --git a/hw/tpm/tpm_ioctl.h b/hw/tpm/tpm_ioctl.h
-new file mode 100644
-index 0000000000..33564b11de
--- /dev/null
-+++ b/hw/tpm/tpm_ioctl.h
-@@ -0,0 +1,246 @@
-+/*
-+ * tpm_ioctl.h
-+ *
-+ * (c) Copyright IBM Corporation 2014, 2015.
-+ *
-+ * This file is licensed under the terms of the 3-clause BSD license
-+ */
-+#ifndef _TPM_IOCTL_H_
-+#define _TPM_IOCTL_H_
-+
-+#include <stdint.h>
-+#include <sys/uio.h>
-+#include <sys/types.h>
-+#include <sys/ioctl.h>
-+
-+/*
-+ * Every response from a command involving a TPM command execution must hold
-+ * the ptm_res as the first element.
-+ * ptm_res corresponds to the error code of a command executed by the TPM.
-+ */
-+
-+typedef uint32_t ptm_res;
-+
-+/* PTM_GET_TPMESTABLISHED: get the establishment bit */
-+struct ptm_est {
-+    union {
-+        struct {
-+            ptm_res tpm_result;
-+            unsigned char bit; /* TPM established bit */
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/* PTM_RESET_TPMESTABLISHED: reset establishment bit */
-+struct ptm_reset_est {
-+    union {
-+        struct {
-+            uint8_t loc; /* locality to use */
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/* PTM_INIT */
-+struct ptm_init {
-+    union {
-+        struct {
-+            uint32_t init_flags; /* see definitions below */
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/* above init_flags */
-+#define PTM_INIT_FLAG_DELETE_VOLATILE (1 << 0)
-+    /* delete volatile state file after reading it */
-+
-+/* PTM_SET_LOCALITY */
-+struct ptm_loc {
-+    union {
-+        struct {
-+            uint8_t loc; /* locality to set */
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/* PTM_HASH_DATA: hash given data */
-+struct ptm_hdata {
-+    union {
-+        struct {
-+            uint32_t length;
-+            uint8_t data[4096];
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/*
-+ * size of the TPM state blob to transfer; x86_64 can handle 8k,
-+ * ppc64le only ~7k; keep the response below a 4k page size
-+ */
-+#define PTM_STATE_BLOB_SIZE (3 * 1024)
-+
-+/*
-+ * The following is the data structure to get state blobs from the TPM.
-+ * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple reads
-+ * with this ioctl and with adjusted offset are necessary. All bytes
-+ * must be transferred and the transfer is done once the last byte has been
-+ * returned.
-+ * It is possible to use the read() interface for reading the data; however, the
-+ * first bytes of the state blob will be part of the response to the ioctl(); a
-+ * subsequent read() is only necessary if the total length (totlength) exceeds
-+ * the number of received bytes. seek() is not supported.
-+ */
-+struct ptm_getstate {
-+    union {
-+        struct {
-+            uint32_t state_flags; /* may be: PTM_STATE_FLAG_DECRYPTED */
-+            uint32_t type;        /* which blob to pull */
-+            uint32_t offset;      /* offset from where to read */
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+            uint32_t state_flags; /* may be: PTM_STATE_FLAG_ENCRYPTED */
-+            uint32_t totlength;   /* total length that will be transferred */
-+            uint32_t length;      /* number of bytes in following buffer */
-+            uint8_t  data[PTM_STATE_BLOB_SIZE];
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/* TPM state blob types */
-+#define PTM_BLOB_TYPE_PERMANENT  1
-+#define PTM_BLOB_TYPE_VOLATILE   2
-+#define PTM_BLOB_TYPE_SAVESTATE  3
-+
-+/* state_flags above : */
-+#define PTM_STATE_FLAG_DECRYPTED     1 /* on input:  get decrypted state */
-+#define PTM_STATE_FLAG_ENCRYPTED     2 /* on output: state is encrypted */
-+
-+/*
-+ * The following is the data structure to set state blobs in the TPM.
-+ * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple
-+ * 'writes' using this ioctl are necessary. The last packet is indicated
-+ * by the length being smaller than the PTM_STATE_BLOB_SIZE.
-+ * The very first packet may have a length indicator of '0' enabling
-+ * a write() with all the bytes from a buffer. If the write() interface
-+ * is used, a final ioctl with a non-full buffer must be made to indicate
-+ * that all data were transferred (a write with 0 bytes would not work).
-+ */
-+struct ptm_setstate {
-+    union {
-+        struct {
-+            uint32_t state_flags; /* may be PTM_STATE_FLAG_ENCRYPTED */
-+            uint32_t type;        /* which blob to set */
-+            uint32_t length;      /* length of the data;
-+                                     use 0 on the first packet to
-+                                     transfer using write() */
-+            uint8_t data[PTM_STATE_BLOB_SIZE];
-+        } req; /* request */
-+        struct {
-+            ptm_res tpm_result;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+/*
-+ * PTM_GET_CONFIG: Data structure to get runtime configuration information
-+ * such as which keys are applied.
-+ */
-+struct ptm_getconfig {
-+    union {
-+        struct {
-+            ptm_res tpm_result;
-+            uint32_t flags;
-+        } resp; /* response */
-+    } u;
-+};
-+
-+#define PTM_CONFIG_FLAG_FILE_KEY        0x1
-+#define PTM_CONFIG_FLAG_MIGRATION_KEY   0x2
-+
-+
-+typedef uint64_t ptm_cap;
-+typedef struct ptm_est ptm_est;
-+typedef struct ptm_reset_est ptm_reset_est;
-+typedef struct ptm_loc ptm_loc;
-+typedef struct ptm_hdata ptm_hdata;
-+typedef struct ptm_init ptm_init;
-+typedef struct ptm_getstate ptm_getstate;
-+typedef struct ptm_setstate ptm_setstate;
-+typedef struct ptm_getconfig ptm_getconfig;
-+
-+/* capability flags returned by PTM_GET_CAPABILITY */
-+#define PTM_CAP_INIT               (1)
-+#define PTM_CAP_SHUTDOWN           (1 << 1)
-+#define PTM_CAP_GET_TPMESTABLISHED (1 << 2)
-+#define PTM_CAP_SET_LOCALITY       (1 << 3)
-+#define PTM_CAP_HASHING            (1 << 4)
-+#define PTM_CAP_CANCEL_TPM_CMD     (1 << 5)
-+#define PTM_CAP_STORE_VOLATILE     (1 << 6)
-+#define PTM_CAP_RESET_TPMESTABLISHED (1 << 7)
-+#define PTM_CAP_GET_STATEBLOB      (1 << 8)
-+#define PTM_CAP_SET_STATEBLOB      (1 << 9)
-+#define PTM_CAP_STOP               (1 << 10)
-+#define PTM_CAP_GET_CONFIG         (1 << 11)
-+#define PTM_CAP_SET_DATAFD         (1 << 12)
-+
-+enum {
-+    PTM_GET_CAPABILITY     = _IOR('P', 0, ptm_cap),
-+    PTM_INIT               = _IOWR('P', 1, ptm_init),
-+    PTM_SHUTDOWN           = _IOR('P', 2, ptm_res),
-+    PTM_GET_TPMESTABLISHED = _IOR('P', 3, ptm_est),
-+    PTM_SET_LOCALITY       = _IOWR('P', 4, ptm_loc),
-+    PTM_HASH_START         = _IOR('P', 5, ptm_res),
-+    PTM_HASH_DATA          = _IOWR('P', 6, ptm_hdata),
-+    PTM_HASH_END           = _IOR('P', 7, ptm_res),
-+    PTM_CANCEL_TPM_CMD     = _IOR('P', 8, ptm_res),
-+    PTM_STORE_VOLATILE     = _IOR('P', 9, ptm_res),
-+    PTM_RESET_TPMESTABLISHED = _IOWR('P', 10, ptm_reset_est),
-+    PTM_GET_STATEBLOB      = _IOWR('P', 11, ptm_getstate),
-+    PTM_SET_STATEBLOB      = _IOWR('P', 12, ptm_setstate),
-+    PTM_STOP               = _IOR('P', 13, ptm_res),
-+    PTM_GET_CONFIG         = _IOR('P', 14, ptm_getconfig),
-+    PTM_SET_DATAFD         = _IOR('P', 15, ptm_res),
-+};
-+
-+/*
-+ * Commands used by the non-CUSE TPMs
-+ *
-+ * All messages container big-endian data.
-+ *
-+ * The return messages only contain the 'resp' part of the unions
-+ * in the data structures above. Besides that the limits in the
-+ * buffers above (ptm_hdata:u.req.data and ptm_get_state:u.resp.data
-+ * and ptm_set_state:u.req.data) are 0xffffffff.
-+ */
-+enum {
-+    CMD_GET_CAPABILITY = 1,
-+    CMD_INIT,
-+    CMD_SHUTDOWN,
-+    CMD_GET_TPMESTABLISHED,
-+    CMD_SET_LOCALITY,
-+    CMD_HASH_START,
-+    CMD_HASH_DATA,
-+    CMD_HASH_END,
-+    CMD_CANCEL_TPM_CMD,
-+    CMD_STORE_VOLATILE,
-+    CMD_RESET_TPMESTABLISHED,
-+    CMD_GET_STATEBLOB,
-+    CMD_SET_STATEBLOB,
-+    CMD_STOP,
-+    CMD_GET_CONFIG,
-+    CMD_SET_DATAFD
-+};
-+
-+#endif /* _TPM_IOCTL_H */
-diff --git a/qapi-schema.json b/qapi-schema.json
-index 802ea53d00..78a00bc868 100644
--- a/qapi-schema.json
-+++ b/qapi-schema.json
-@@ -5314,10 +5314,12 @@
- # An enumeration of TPM types
- #
- # @passthrough: TPM passthrough type
-+# @emulator: Software Emulator TPM type
-+#            Since: 2.11
- #
- # Since: 1.5
- ##
-{ 'enum': 'TpmType', 'data': [ 'passthrough' ] }
-+{ 'enum': 'TpmType', 'data': [ 'passthrough', 'emulator' ] }
- 
- ##
- # @query-tpm-types:
-@@ -5352,6 +5354,17 @@
-                                              '*cancel-path' : 'str'} }
- 
- ##
-+# @TPMEmulatorOptions:
-+#
-+# Information about the TPM emulator type
-+#
-+# @chardev: Name of a unix socket chardev
-+#
-+# Since: 2.11
-+##
-+{ 'struct': 'TPMEmulatorOptions', 'data': { 'chardev' : 'str' } }
-+
-+##
- # @TpmTypeOptions:
- #
- # A union referencing different TPM backend types' configuration options
-@@ -5361,7 +5374,8 @@
- # Since: 1.5
- ##
- { 'union': 'TpmTypeOptions',
-   'data': { 'passthrough' : 'TPMPassthroughOptions' } }
-+   'data': { 'passthrough' : 'TPMPassthroughOptions',
-+             'emulator': 'TPMEmulatorOptions'} }
- 
- ##
- # @TPMInfo:
-diff --git a/qemu-options.hx b/qemu-options.hx
-index 9f6e2adfff..60eb193c23 100644
--- a/qemu-options.hx
-+++ b/qemu-options.hx
-@@ -3121,7 +3121,9 @@ DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \
-     "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n"
-     "                use path to provide path to a character device; default is /dev/tpm0\n"
-     "                use cancel-path to provide path to TPM's cancel sysfs entry; if\n"
-    "                not provided it will be searched for in /sys/class/misc/tpm?/device\n",
-+    "                not provided it will be searched for in /sys/class/misc/tpm?/device\n"
-+    "-tpmdev emulator,id=id,chardev=dev\n"
-+    "                configure the TPM device using chardev backend\n",
-     QEMU_ARCH_ALL)
- STEXI
- 
-@@ -3130,8 +3132,8 @@ The general form of a TPM device option is:
- 
- @item -tpmdev @var{backend} ,id=@var{id} [,@var{options}]
- @findex -tpmdev
-Backend type must be:
-@option{passthrough}.
-+Backend type must be either one of the following:
-+@option{passthrough}, @option{emulator}.
- 
- The specific backend type will determine the applicable options.
- The @code{-tpmdev} option creates the TPM backend and requires a
-@@ -3181,6 +3183,20 @@ To create a passthrough TPM use the following two options:
- Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by
- @code{tpmdev=tpm0} in the device option.
- 
-+@item -tpmdev emulator, id=@var{id}, chardev=@var{dev}
-+
-+(Linux-host only) Enable access to a TPM emulator using Unix domain socket based
-+chardev backend.
-+
-+@option{chardev} specifies the unique ID of a character device backend that provides connection to the software TPM server.
-+
-+To create a TPM emulator backend device with chardev socket backend:
-+@example
-+
-+-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0
-+
-+@end example
-+
- @end table
- 
- ETEXI
-- 
-2.11.0