Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external

From:	Stefan Berger
Subject:	Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM
Date:	Mon, 4 Jan 2016 22:36:10 -0500

"Xu, Quan" <address@hidden> wrote on 01/04/2016 08:26:03 PM: > Date: 01/04/2016 08:26 PM
> Subject: RE: [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM
> > On January 04 2016 11:23 PM, <address@hidden> wrote: > > The following series of patches extends TPM support with an > external TPM that > > offers a Linux CUSE (character device in userspace) interface. This TPM lets > > each VM access its own private vTPM. > > The CUSE TPM supports suspend/resume and migration. Much out-of-band > > functionality necessary to control the CUSE TPM is implemented using ioctls. > > > > Stefan, > it is a good solution. Could you share more about this architecture? > If you have an existing doc.

The architecture is as follows:

An extern tool (i.e., libvirt) start the CUSE TPM, which then provides /dev/vtpm-<uuid> for the QEMU VM to talk to. QEMU receives the open filedescriptor or device name on the command line. All TPM commands from the guest go right into /dev/vtpm-<uuid> via read/write() interface, so just like the passthrough. Out-of-band control, which we need for proper vTPM emualtipon, such as setting the locality, getting and setting of the state blobs of the vTPM following suspend/resume/snapshotting/migration, resetting the vTPM following a VM reset, shutdown of the vTPM process following VM shutdown, is done through the ioctl interface. The ioctl interface is defined in this file here:

https://github.com/stefanberger/swtpm/blob/master/include/swtpm/tpm_ioctl.h

I do not have an existing doc but the github swtpm project contains a man page describing the ioctls:

https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod

I hope this helps us to make progress.

Thanks and regards,
Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM, (continued)
- Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Xu, Quan, 2016/01/04
  - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Stefan Berger <=
- Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Xu, Quan, 2016/01/19
  - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Hagen Lauer, 2016/01/20
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Xu, Quan, 2016/01/20
- Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Daniel P. Berrange, 2016/01/20
  - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Stefan Berger, 2016/01/20
  - Message not available
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Daniel P. Berrange, 2016/01/20
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Stefan Berger, 2016/01/20
    - Message not available
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Stefan Berger, 2016/01/20
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Dr. David Alan Gilbert, 2016/01/21
    - Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM, Stefan Berger, 2016/01/21

Prev by Date: Re: [Qemu-devel] [RFC PATCH 0/3] x86: Add support for guest DMA dirty page tracking
Next by Date: Re: [Qemu-devel] [PATCH v4 01/14] block: Add "file" output parameter to block status query functions
Previous by thread: Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM
Next by thread: Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM
Index(es):
- Date
- Thread