HomeFreeBSD

bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()

Description

bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()

The TPM spec (TPM Library, Part3: Commands, Section 5.2: Command Header
Validation) requires that no more bytes are written than the size of the
commands, as given in the request header. Thus the TPM CRB interface
needs to get the command size from the request header and pass that to
the emulation backend.

As the guest OS driver can set the address and size of the command and
response buffers freely within the limits of the provided CRB data
buffer, bhyve should verify that the values set in the corresponding
registers make sense before processing a command.

Reviewed by: corvink
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46564

Details

Provenance
rosenfeld_grumpf.hope-2000.orgAuthored on Sep 9 2024, 8:42 AM
corvinkCommitted on Oct 22 2024, 12:04 PM
Reviewer
corvink
Differential Revision
D46564: bhyve: TPM CRB: pass actual TPM request length to backend execute_cmd()
Parents
rG2feea221b248: bhyve: don't crash when guest writes TPM int_enable register
Branches
Unknown
Tags
Unknown