The move to Post Quantum Cryptography (PQC) changes how we manage memory buffers. Unlike classic crypto algorithms like RSA or ECC which used small keys and signatures, PQC algorithms require larger buffers.
The new version of TCG TPM v185 (currently under review [1]) supports sending data/commands in chunks for the CRB (Command Response Buffer) interface. This is in line with the initiative to support PQC algorithms. This series implements the logic to send and receive data from the linux guest to the TPM backend in chunks, thereby allowing the guest to send larger data buffers. We introduce 2 new control registers called nextChunk and crbRspRetry that will control the START. We also add the CRB Interface Identifier called CapCRBChunk that is set to 1 indicating that the device supports chunking. The default maximum chunk/buffer size is 3968 (4096 - 128) bytes. During a send operation, the guest driver places data in the CRB buffer and signals nextChunk for each segment until the final chunk is reached. Upon receiving the START signal, QEMU appends the final chunk to its internal buffer and dispatches the complete command to the TPM backend. For responses, the backend's output is buffered. The guest consumes the first chunk once the START bit is cleared. Subsequent chunks are retrieved by the guest toggling the nextChunk bit, which advances the internal buffer offset and populates the CRB data window. For this to work, the linux guest tpm driver will also have to a) probe if CRB chunking is supported b) send data in chunks if the command length exceeds the chunk size. c) receive data in chunks by sending a nextChunk signal and accumulate. The included test demonstrates functional correctness for standard buffer sizes. However, validation of PQC-sized payloads was performed via manual buffer-size overrides. [1] https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p07_rc1_121225.pdf v2 -- - Add the VM migration support. - Increase the TIS TPM interface max buffer size to 8192. Arun Menon (7): hw/tpm: Add TPM CRB chunking fields hw/tpm: Refactor CRB_CTRL_START register access hw/tpm: Add internal buffer state for chunking hw/tpm: Implement TPM CRB chunking logic test/qtest: Add test for tpm crb chunking hw/tpm: Add support for VM migration with TPM CRB chunking hw/tpm: Increase TPM TIS max buffer size to 8192 hw/core/machine.c | 1 + hw/tpm/tpm_crb.c | 291 ++++++++++++++++++++++++++++--- hw/tpm/tpm_tis.h | 2 +- include/hw/acpi/tpm.h | 5 +- tests/qtest/tpm-crb-swtpm-test.c | 10 ++ tests/qtest/tpm-util.c | 106 +++++++++-- tests/qtest/tpm-util.h | 5 + 7 files changed, 382 insertions(+), 38 deletions(-) -- 2.53.0
