vTPM: switch from MS TPM to TCG TPM

.github/workflows/publish-docs.yml

@@ -27,7 +27,7 @@ jobs:
             profile: minimal
             override: true
 
-      - name: Install Microsoft TPM build dependencies
+      - name: Install TPM 2.0 Reference Implementation build dependencies
         run: sudo apt install -y autoconf autoconf-archive pkg-config build-essential automake
 
       - uses: actions/setup-python@v5

.github/workflows/rust.yml

@@ -28,7 +28,7 @@ jobs:
             override: true
             components: rustfmt, rust-src, clippy
 
-      - name: Install Microsoft TPM build dependencies
+      - name: Install TPM 2.0 Reference Implementation build dependencies
         run: sudo apt install -y autoconf autoconf-archive pkg-config build-essential automake
 
       - name: Check that Cargo.lock is up to date
@@ -104,8 +104,8 @@ jobs:
       # building the code with nightly. So we initialize bindings.rs here
       # for cargo-fmt in the next workflow, otherwise it will fail reporting
       # that bindings.rs does not exist.
-      - name: Touch libmstpm bindings
-        run: echo "" > libmstpm/src/bindings.rs
+      - name: Touch libtcgtpm bindings
+        run: echo "" > libtcgtpm/src/bindings.rs
 
       - name: Format doctests
         uses: actions-rs/cargo@v1

.gitmodules

@@ -1,6 +1,6 @@
-[submodule "libmstpm/deps/openssl"]
-	path = libmstpm/deps/openssl
+[submodule "libtcgtpm/deps/openssl"]
+	path = libtcgtpm/deps/openssl
 	url = https://github.com/openssl/openssl.git
-[submodule "libmstpm/deps/ms-tpm-20-ref"]
-	path = libmstpm/deps/ms-tpm-20-ref
-	url = https://github.com/coconut-svsm/ms-tpm-20-ref.git
+[submodule "libtcgtpm/deps/tpm-20-ref"]
+	path = libtcgtpm/deps/tpm-20-ref
+	url = https://github.com/TrustedComputingGroup/TPM.git

Cargo.toml

@@ -10,8 +10,8 @@ members = [
     "fuzz",
     # ELF loader
     "elf",
-    # Microsoft TPM library
-    "libmstpm",
+    # TPM 2.0 Reference Implementation library
+    "libtcgtpm",
     # syscall interface definitions
     "syscall",
 ]
@@ -24,7 +24,7 @@ cpuarch = { path = "cpuarch" }
 test = { path = "test" }
 svsm = { path = "kernel" }
 elf = { path = "elf" }
-libmstpm = { path = "libmstpm" }
+libtcgtpm = { path = "libtcgtpm" }
 syscall = { path = "syscall" }
 
 # crates.io

Documentation/docs/installation/INSTALL.md

@@ -193,8 +193,8 @@ Building the SVSM itself requires:
 - `x86_64-unknown-none` target toolchain installed (`rustup target add x86_64-unknown-none`)
 - `binutils` >= 2.39
 
-You may also need to install the Microsoft TPM build dependencies. On OpenSUSE
-you can do this by:
+You may also need to install the TPM 2.0 Reference Implementation build
+dependencies. On OpenSUSE you can do this by:
 
 ```
 $ sudo zypper in system-user-mail make gcc curl patterns-devel-base-devel_basis \

Makefile

@@ -1,7 +1,7 @@
-FEATURES ?= mstpm
+FEATURES ?= vtpm
 SVSM_ARGS += --features ${FEATURES}
 
-FEATURES_TEST ?= mstpm
+FEATURES_TEST ?= vtpm
 SVSM_ARGS_TEST += --no-default-features --features ${FEATURES_TEST}
 
 ifdef RELEASE
@@ -187,6 +187,6 @@ clean:
 	rm -rf bin
 
 distclean: clean
-	$(MAKE) -C libmstpm $@
+	$(MAKE) -C libtcgtpm $@
 
 .PHONY: test clean clippy bin/stage2.bin bin/svsm-kernel.elf bin/test-kernel.elf distclean

kernel/Cargo.toml

@@ -34,7 +34,7 @@ intrusive-collections.workspace = true
 log = { workspace = true, features = ["max_level_info", "release_max_level_info"] }
 packit.workspace = true
 tdx-tdcall.workspace = true
-libmstpm = { workspace = true, optional = true }
+libtcgtpm = { workspace = true, optional = true }
 zerocopy.workspace = true
 
 [target."x86_64-unknown-none".dev-dependencies]
@@ -43,7 +43,7 @@ test.workspace = true
 [features]
 default = []
 enable-gdb = ["dep:gdbstub", "dep:gdbstub_arch"]
-mstpm = ["dep:libmstpm"]
+vtpm = ["dep:libtcgtpm"]
 nosmep = []
 nosmap = []
 shadow-stacks = []

kernel/src/lib.rs

@@ -39,7 +39,7 @@ pub mod syscall;
 pub mod task;
 pub mod types;
 pub mod utils;
-#[cfg(all(feature = "mstpm", not(test)))]
+#[cfg(all(feature = "vtpm", not(test)))]
 pub mod vtpm;
 
 #[test]

kernel/src/protocols/mod.rs

@@ -7,7 +7,7 @@
 pub mod apic;
 pub mod core;
 pub mod errors;
-#[cfg(all(feature = "mstpm", not(test)))]
+#[cfg(all(feature = "vtpm", not(test)))]
 pub mod vtpm;
 
 use cpuarch::vmsa::{GuestVMExit, VMSA};

kernel/src/protocols/vtpm.rs

@@ -17,15 +17,15 @@ use crate::{
     mm::{valid_phys_address, GuestPtr, PerCPUPageMappingGuard},
     protocols::{errors::SvsmReqError, RequestParams},
     types::PAGE_SIZE,
-    vtpm::{vtpm_get_locked, MsTpmSimulatorInterface, VtpmProtocolInterface},
+    vtpm::{vtpm_get_locked, TcgTpmSimulatorInterface, VtpmProtocolInterface},
 };
 
 /// vTPM platform commands (SVSM spec, section 8.1 - SVSM_VTPM_QUERY)
 ///
 /// The platform commmand values follow the values used by the
 /// Official TPM 2.0 Reference Implementation by Microsoft.
 ///
-/// `ms-tpm-20-ref/TPMCmd/Simulator/include/TpmTcpProtocol.h`
+/// `tpm-20-ref/TPMCmd/Simulator/include/TpmTcpProtocol.h`
 #[repr(u32)]
 #[derive(PartialEq, Copy, Clone, Debug)]
 pub enum TpmPlatformCommand {

kernel/src/requests.rs

@@ -13,7 +13,7 @@ use crate::protocols::core::core_protocol_request;
 use crate::protocols::errors::{SvsmReqError, SvsmResultCode};
 use crate::sev::ghcb::switch_to_vmpl;
 
-#[cfg(all(feature = "mstpm", not(test)))]
+#[cfg(all(feature = "vtpm", not(test)))]
 use crate::protocols::{vtpm::vtpm_protocol_request, SVSM_VTPM_PROTOCOL};
 use crate::protocols::{RequestParams, SVSM_APIC_PROTOCOL, SVSM_CORE_PROTOCOL};
 use crate::sev::vmsa::VMSAControl;
@@ -108,7 +108,7 @@ fn request_loop_once(
 
     match protocol {
         SVSM_CORE_PROTOCOL => core_protocol_request(request, params).map(|_| true),
-        #[cfg(all(feature = "mstpm", not(test)))]
+        #[cfg(all(feature = "vtpm", not(test)))]
         SVSM_VTPM_PROTOCOL => vtpm_protocol_request(request, params).map(|_| true),
         SVSM_APIC_PROTOCOL => apic_protocol_request(request, params).map(|_| true),
         _ => Err(SvsmReqError::unsupported_protocol()),

kernel/src/svsm.rs

@@ -50,7 +50,7 @@ use svsm::task::exec_user;
 use svsm::task::{create_kernel_task, schedule_init};
 use svsm::types::{PageSize, GUEST_VMPL, PAGE_SIZE};
 use svsm::utils::{immut_after_init::ImmutAfterInitCell, zero_mem_region};
-#[cfg(all(feature = "mstpm", not(test)))]
+#[cfg(all(feature = "vtpm", not(test)))]
 use svsm::vtpm::vtpm_init;
 
 use svsm::mm::validate::{init_valid_bitmap_ptr, migrate_valid_bitmap};
@@ -452,7 +452,7 @@ pub extern "C" fn svsm_main() {
         prepare_fw_launch(fw_meta).expect("Failed to setup guest VMSA/CAA");
     }
 
-    #[cfg(all(feature = "mstpm", not(test)))]
+    #[cfg(all(feature = "vtpm", not(test)))]
     vtpm_init().expect("vTPM failed to initialize");
 
     virt_log_usage();

kernel/src/vtpm/mod.rs

@@ -7,10 +7,10 @@
 //! This crate defines the Virtual TPM interfaces and shows what
 //! TPM backends are supported
 
-/// TPM 2.0 Reference Implementation by Microsoft
-pub mod mstpm;
+/// TPM 2.0 Reference Implementation
+pub mod tcgtpm;
 
-use crate::vtpm::mstpm::MsTpm as Vtpm;
+use crate::vtpm::tcgtpm::TcgTpm as Vtpm;
 use crate::{locking::LockGuard, protocols::vtpm::TpmPlatformCommand};
 use crate::{locking::SpinLock, protocols::errors::SvsmReqError};
 
@@ -21,12 +21,12 @@ pub trait VtpmProtocolInterface {
 }
 
 /// This implements one handler for each [`TpmPlatformCommand`] supported by the
-/// VTPM Protocol. These handlers are based on the TPM Simulator
-/// interface (by Microsoft), but with a few changes to make it more Rust
-/// idiomatic.
+/// VTPM Protocol. These handlers are based on the TPM Simulator interface
+/// provided by the TPM 2.0 Reference Implementation, but with a few changes
+/// to make it more Rust idiomatic.
 ///
-/// `ms-tpm-20-ref/TPMCmd/Simulator/include/prototypes/Simulator_fp.h`
-pub trait MsTpmSimulatorInterface: VtpmProtocolInterface {
+/// `tpm-20-ref/TPMCmd/Simulator/include/prototypes/Simulator_fp.h`
+pub trait TcgTpmSimulatorInterface: VtpmProtocolInterface {
     /// Send a command for the TPM to run in a given locality
     ///
     /// # Arguments
@@ -59,7 +59,7 @@ pub trait MsTpmSimulatorInterface: VtpmProtocolInterface {
 }
 
 /// Basic TPM driver services
-pub trait VtpmInterface: MsTpmSimulatorInterface {
+pub trait VtpmInterface: TcgTpmSimulatorInterface {
     /// Check if the TPM is powered on.
     fn is_powered_on(&self) -> bool;
 

kernel/src/vtpm/mstpm/mod.rs → kernel/src/vtpm/tcgtpm/mod.rs

@@ -7,15 +7,15 @@
 //! This crate implements the virtual TPM interfaces for the TPM 2.0
 //! Reference Implementation (by Microsoft)
 
-/// Functions required to build the Microsoft TPM libraries
+/// Functions required to build the TPM 2.0 Reference Implementation libraries
 #[cfg(not(any(test, fuzzing)))]
 mod wrapper;
 
 extern crate alloc;
 
 use alloc::vec::Vec;
 use core::ffi::c_void;
-use libmstpm::bindings::{
+use libtcgtpm::bindings::{
     TPM_Manufacture, TPM_TearDown, _plat__LocalitySet, _plat__NVDisable, _plat__NVEnable,
     _plat__RunCommand, _plat__SetNvAvail, _plat__Signal_PowerOn, _plat__Signal_Reset,
 };
@@ -24,17 +24,17 @@ use crate::{
     address::VirtAddr,
     protocols::{errors::SvsmReqError, vtpm::TpmPlatformCommand},
     types::PAGE_SIZE,
-    vtpm::{MsTpmSimulatorInterface, VtpmInterface, VtpmProtocolInterface},
+    vtpm::{TcgTpmSimulatorInterface, VtpmInterface, VtpmProtocolInterface},
 };
 
 #[derive(Debug, Copy, Clone, Default)]
-pub struct MsTpm {
+pub struct TcgTpm {
     is_powered_on: bool,
 }
 
-impl MsTpm {
-    pub const fn new() -> MsTpm {
-        MsTpm {
+impl TcgTpm {
+    pub const fn new() -> TcgTpm {
+        TcgTpm {
             is_powered_on: false,
         }
     }
@@ -68,15 +68,15 @@ impl MsTpm {
 
 const TPM_CMDS_SUPPORTED: &[TpmPlatformCommand] = &[TpmPlatformCommand::SendCommand];
 
-impl VtpmProtocolInterface for MsTpm {
+impl VtpmProtocolInterface for TcgTpm {
     fn get_supported_commands(&self) -> &[TpmPlatformCommand] {
         TPM_CMDS_SUPPORTED
     }
 }
 
 pub const TPM_BUFFER_MAX_SIZE: usize = PAGE_SIZE;
 
-impl MsTpmSimulatorInterface for MsTpm {
+impl TcgTpmSimulatorInterface for TcgTpm {
     fn send_tpm_command(
         &self,
         buffer: &mut [u8],
@@ -147,13 +147,13 @@ impl MsTpmSimulatorInterface for MsTpm {
     }
 }
 
-impl VtpmInterface for MsTpm {
+impl VtpmInterface for TcgTpm {
     fn is_powered_on(&self) -> bool {
         self.is_powered_on
     }
 
     fn init(&mut self) -> Result<(), SvsmReqError> {
-        // Initialize the MS TPM following the same steps done in the Simulator:
+        // Initialize the TPM TCG following the same steps done in the Simulator:
         //
         // 1. Manufacture it for the first time
         // 2. Make sure it does not fail if it is re-manufactured
@@ -184,7 +184,7 @@ impl VtpmInterface for MsTpm {
         self.signal_poweron(false)?;
         self.signal_nvon()?;
 
-        log::info!("VTPM: Microsoft TPM 2.0 initialized");
+        log::info!("VTPM: TPM 2.0 Reference Implementation initialized");
 
         Ok(())
     }

kernel/src/vtpm/mstpm/wrapper.rs → kernel/src/vtpm/tcgtpm/wrapper.rs

@@ -4,7 +4,8 @@
 //
 // Authors: Claudio Carvalho <[email protected]>
 
-//! Implement functions required to build the Microsoft TPM libraries.
+//! Implement functions required to build the TPM 2.0 Reference Implementation
+//! libraries.
 //! All these functionalities are owned by the SVSM Rust code,
 //! so we just need to create wrappers for them.
 

libmstpm/Cargo.toml → libtcgtpm/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "libmstpm"
+name = "libtcgtpm"
 version = "0.1.0"
 edition = "2021"