tpm_resources/lib.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
//! Resources for the TPM device.
#![forbid(unsafe_code)]
use inspect::Inspect;
use mesh::MeshPayload;
use vm_resource::Resource;
use vm_resource::ResourceId;
use vm_resource::ResourceKind;
use vm_resource::kind::ChipsetDeviceHandleKind;
use vm_resource::kind::NonVolatileStoreKind;
/// A handle to a TPM device.
#[derive(MeshPayload)]
pub struct TpmDeviceHandle {
/// Non-volatile store for PPI (physical presence interface) data
pub ppi_store: Resource<NonVolatileStoreKind>,
/// Non-volatile store for TPM NVRAM data
pub nvram_store: Resource<NonVolatileStoreKind>,
/// Whether to refresh TPM seeds on init
pub refresh_tpm_seeds: bool,
/// Type of AK cert
pub ak_cert_type: TpmAkCertTypeResource,
/// vTPM register layout (IO port or MMIO)
pub register_layout: TpmRegisterLayout,
/// Optional guest secret TPM key to be imported
pub guest_secret_key: Option<Vec<u8>>,
}
impl ResourceId<ChipsetDeviceHandleKind> for TpmDeviceHandle {
const ID: &'static str = "tpm";
}
/// A resource kind for AK cert renewal helpers.
pub enum RequestAkCertKind {}
impl ResourceKind for RequestAkCertKind {
const NAME: &'static str = "tpm_request_ak_cert";
}
/// `TpmAkCertType`-equivalent enum for resource
#[derive(MeshPayload)]
pub enum TpmAkCertTypeResource {
/// No Ak cert.
None,
/// Authorized AK cert that is not hardware-attested.
/// Used by TVM
Trusted(Resource<RequestAkCertKind>),
/// Authorized and hardware-attested AK cert (backed by
/// a TEE attestation report).
/// Used by CVM
HwAttested(Resource<RequestAkCertKind>),
}
/// The vTPM control area register layout
#[derive(Inspect, MeshPayload, PartialEq)]
pub enum TpmRegisterLayout {
/// Using IO port
IoPort,
/// MMIO
Mmio,
}