Re: [Qemu-devel] [PATCH v6 8/8] tpm: Added support for TPM emulator

[Amarnath Valluri]

On Tue, 2017-07-18 at 05:08 -0700, Marc-André Lureau wrote:
> Hi
> 
> On Tue, Jul 18, 2017 at 1:49 AM, Amarnath Valluri
> <address@hidden> wrote:
> > This change introduces a new TPM backend driver that can communicate with
> > swtpm(software TPM emulator) using unix domain socket interface.
> >
> > Swtpm uses two unix sockets, one for plain TPM commands and responses, and 
> > one
> > for out-of-band control messages.
> >
> > The swtpm and associated tools can be found here:
> >     https://github.com/stefanberger/swtpm
> >
> > The swtpm's control channel protocol specification can be found here:
> >     https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification
> 
> I am afraid this isn't enough yet.
> 
> > Usage:
> >     # setup TPM state directory
> >     mkdir /tmp/mytpm
> >     chown -R tss:root /tmp/mytpm
> >     /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
> >
> >     # Ask qemu to use TPM emulator with given tpm state directory
> >     qemu-system-x86_64 \
> >         [...] \
> >         -tpmdev 
> > emulator,id=tpm0,tpmstatedir=/tmp/mytpm,logfile=/tmp/swtpm.log \
> 
> We should rather follow the vhost-user pattern: do not deal with
> spawning the external swtpm/backend, just use chardev to connect to
> it. At least you don't have to deal with process argument details,
> management etc that may change version to version.
I made the spawning completely optional and it is useful in some
environments, especially makes life easier when multiple QEMU instances
on a system.

One can configure QEMU to connect to already running software emulator
using Unix domain socket paths:
  -tpmdev emulator,id=tpm0,data-path=/path/,ctrl-path=/path

- Amarnath