HomeFreeBSD

bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()

Description

bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()

The TPM spec (TPM Library, Part3: Commands, Section 5.2: Command Header
Validation) requires that no more bytes are written than the size of the
commands, as given in the request header. Thus the TPM CRB interface
needs to get the command size from the request header and pass that to
the emulation backend.

As the guest OS driver can set the address and size of the command and
response buffers freely within the limits of the provided CRB data
buffer, bhyve should verify that the values set in the corresponding
registers make sense before processing a command.

Reviewed by: corvink
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46564

(cherry picked from commit bc3d09e90b8625f17017663fad3e049348b04ded)

Details

Provenance
rosenfeld_grumpf.hope-2000.orgAuthored on Sep 9 2024, 8:42 AM
corvinkCommitted on Tue, Nov 12, 7:54 AM
Reviewer
corvink
Differential Revision
D46564: bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()
Parents
rG5a43d257c0fe: bhyve: don't crash when guest writes TPM int_enable register
Branches
Unknown
Tags
Unknown