Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) inte

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) inte

From:	Michael S. Tsirkin
Subject:	Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration
Date:	Sun, 2 Oct 2011 13:38:37 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

On Wed, Sep 28, 2011 at 09:22:55AM -0400, Stefan Berger wrote:
> The following series of patches adds TPM (Trusted Platform Module) support
> to Qemu. An emulator for the TIS (TPM Interface Spec) interface is
> added that provides the basis for accessing a 'backend' implementing the 
> actual
> TPM functionality. The TIS emulator serves as a 'frontend' enabling for
> example Linux's TPM TIS (tpm_tis) driver.
> 
> In this series I am posting a backend implementation that makes use of the
> host's TPM through a passthrough driver, which on Linux is accessed
> using /dev/tpm0.

Looks pretty clean, ACK to patches 1-4.

The passthrough mode is quite easy to misuse, though most
of the problem is in the hardware, not on our side.

I'm still trying to think of a good way to warn users
about the pitfalls with that. Disabling by default in configure, unless
explictly required, is certainly one way.
And/or, let's rename it 'assigned' mode to resemble the name of
another fragile qemu feature :) Only half joking ...

> 
> v11:
>  - applies to checkout of 46f3069 (Sep 28)
>  - some filing on the documentation
>  - small nits fixed
> 
> v10:
>  - applies to checkout of 1ce9ce6 (Sep 27)
>  - addressed Michael Tsirkin's comments on v9
> 
> v9:
>  - addressed Michael Tsirkin's and other reviewers' comments
>  - only posting Andreas Niederl's passthrough driver as the backend driver
> 
> v8:
>  - applies to checkout of f0fb8b7 (Aug 30)
>  - fixing compilation error pointed out by Andreas Niederl
>  - adding patch that allows to feed an initial state into the libtpms TPM
>  - following memory API changes (glib) where necessary
> 
> v7:
>  - applies to checkout of b9c6cbf (Aug 9)
>  - measuring the modules if multiboot is used
>  - coding style fixes
> 
> v6:
>  - applies to checkout of 75ef849 (July 2nd)
>  - some fixes and improvements to existing patches; see individual patches
>  - added a patch with a null driver responding to all TPM requests with
>    a response indicating failure; this backend has no dependencies and
>    can alwayy be built;
>  - added a patch to support the hashing of kernel, ramfs and command line
>    if those were passed to Qemu using -kernel, -initrd and -append
>    respectively. Measurements are taken, logged, and passed to SeaBIOS using
>    the firmware interface.
>  - libtpms revision 7 now requires 83kb of block storage due to having more
>    NVRAM space
> 
> v5:
>  - applies to checkout of 1fddfba1
>  - adding support for split command line using the -tpmdev ... -device ...
>    options while keeping the -tpm option
>  - support for querying the device models using -tpm model=?
>  - support for monitor 'info tpm'
>  - adding documentation of command line options for man page and web page
>  - increasing room for ACPI tables that qemu reserves to 128kb (from 64kb)
>  - adding (experimental) support for block migration
>  - adding (experimental) support for taking measurements when kernel,
>    initrd and kernel command line are directly passed to Qemu
> 
> v4:
>  - applies to checkout of d2d979c6
>  - more coding style fixes
>  - adding patch for supporting blob encryption (in addition to the existing
>    QCoW2-level encryption)
>    - this allows for graceful termination of a migration if the target
>      is detected to have a wrong key
>    - tested with big and little endian hosts
>  - main thread releases mutex while checking for work to do on behalf of
>    backend
>  - introducing file locking (fcntl) on the block layer for serializing access
>    to shared (QCoW2) files (used during migration)
> 
> v3:
>  - Building a null driver at patch 5/8 that responds to all requests
>    with an error response; subsequently this driver is transformed to the
>    libtpms-based driver for real TPM functionality
>  - Reworked the threading; dropped the patch for qemu_thread_join; the
>    main thread synchronizing with the TPM thread termination may need
>    to write data to the block storage while waiting for the thread to 
>    terminate; did not previously show a problem but is safer
>  - A lot of testing based on recent git checkout 4b4a72e5 (4/10):
>    - migration of i686 VM from x86_64 host to i686 host to ppc64 host while
>      running tests inside the VM
>    - tests with S3 suspend/resume
>    - tests with snapshots
>    - multiple-hour tests with VM suspend/resume (using virsh save/restore)
>      while running a TPM test suite inside the VM
>    All tests passed; [not all of them were done on the ppc64 host]
> 
> v2:
>  - splitting some of the patches into smaller ones for easier review
>  - fixes in individual patches
> 
> Regards,
>     Stefan
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration, Michael S. Tsirkin <=
- Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration, Stefan Berger, 2011/10/02
  - Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration, Michael S. Tsirkin, 2011/10/02

Prev by Date: Re: [Qemu-devel] [PATCH V11 5/5] Add a TPM Passthrough backend driver implementation
Next by Date: Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA
Previous by thread: Re: [Qemu-devel] [PATCH V11 5/5] Add a TPM Passthrough backend driver implementation
Next by thread: Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration
Index(es):
- Date
- Thread