Expand description
TPM 2.0 Support
Interface for Trusted Platform Module 2.0 operations including attestation, sealing, and hardware random number generation.
§Hardware Integration Points
TPM hardware can be accessed via multiple interfaces:
- Memory-Mapped I/O (MMIO): Common on x86_64 platforms
- Base addresses: 0xFED40000 (TPM1.2), 0xFED40000 (TPM2.0)
- Registers: Access/Status/Data FIFOs at base + offsets
- I2C/SPI: Common on embedded platforms (ARM, RISC-V)
- Requires I2C/SPI driver integration
- Device addresses configurable via device tree
- Firmware Interface: UEFI/BIOS integration
- Runtime services for TPM access
- Platform-specific implementations
§Implementation
Provides a full TPM 2.0 CRB (Command Response Buffer) interface over MMIO. When no hardware TPM is detected (common in QEMU without swtpm), the module runs in software-emulation mode with in-memory PCR banks, random number generation via the kernel PRNG, and software sealing/unsealing backed by SHA-256 key derivation.
For hardware TPM (e.g., QEMU + swtpm), the CRB interface marshals TPM 2.0 command packets to the MMIO command buffer and reads responses.
Modules§
- mmio
- TPM MMIO base addresses and register offsets (platform-specific)
Structs§
- Tpm
- TPM 2.0 interface
Enums§
- TpmCommand
- TPM 2.0 command codes
- TpmError
- TPM errors
- TpmInterface
Type - TPM Interface type
Functions§
- init
- Initialize TPM support
- is_
available - Check if TPM is available
- pcr_
extend - Convenience: extend a PCR with a measurement hash via the global TPM instance.
- pcr_
read - Convenience: read a PCR value via the global TPM instance.
- with_
tpm - Execute a closure with a reference to the global TPM instance.
- with_
tpm_ mut - Execute a closure with a mutable reference to the global TPM instance.