Re: [PATCH] tpm: add backend for mssim

[Stefan Berger]

On 12/12/22 09:47, James Bottomley wrote:
> On Mon, 2022-12-12 at 09:44 -0500, Stefan Berger wrote:
> > On 12/12/22 09:32, James Bottomley wrote:
> > > On Mon, 2022-12-12 at 09:27 -0500, Stefan Berger wrote:
> > > > On 12/12/22 08:59, James Bottomley wrote:
> > > > > On Mon, 2022-12-12 at 08:43 -0500, Stefan Berger wrote:
> > > > > > On 12/10/22 12:10, James Bottomley wrote:
> > > > > > > The Microsoft Simulator (mssim) is the reference emulation
> > > > > > > platform
> > > > > > > for the TCG TPM 2.0 specification.
> > > > > > >
> > > > > > > https://github.com/Microsoft/ms-tpm-20-ref.git
> > > > > > >
> > > > > > > It exports a fairly simple network socket baset protocol on
> > > > > > > two
> > > > > >
> > > > > > baset -> based.
> > > > > >
> > > > > > > sockets, one for command (default 2321) and one for control
> > > > > > > (default 2322).  This patch adds a simple backend that can
> > > > > > > speak the mssim protocol over the network.  It also allows
> > > > > > > the
> > > > > > > host, and two ports to be specified on the qemu command
> > > > > > > line.
> > > > > > > The benefits are twofold: firstly it gives us a backend
> > > > > > > that
> > > > > > > actually speaks a standard TPM emulation protocol instead
> > > > > > > of
> > > > > > > the linux specific TPM driver format of the current
> > > > > > > emulated
> > > > > > > TPM backend and secondly, using the microsoft protocol, the
> > > > > > > end
> > > > > > > point of the emulator can be anywhere on the network,
> > > > > > > facilitating the cloud use case where a central TPM ervice
> > > > > > > can
> > > > > > > be used over a control network.
> > > > > > >
> > > > > > > The implementation does basic control commands like power
> > > > > > > off/on, but doesn't implement cancellation or startup.  The
> > > > > > > former because cancellation is pretty much useless on a
> > > > > > > fast
> > > > > > > operating TPM emulator and the latter because this emulator
> > > > > > > is
> > > > > > > designed to be used with OVMF which itself does TPM startup
> > > > > > > and
> > > > > > > I wanted to validate that.
> > > > > >
> > > > > > How did you implement VM suspend/resume and snapshotting
> > > > > > support?
> > > > >
> > > > > TPM2 doesn't need to.  The mssim follows the reference model
> > > > > which
> > > >
> > > >
> > > > You mean TPM2 doesn't need to resume at the point where the VM
> > > > resumes (I am not talking about ACPI resume but virsh
> > > > save/restore)
> > > > after for example a host reboot?
> > > > What does this have to do with the mssim reference model and
> > > > TPM2_Shutdown protocol?
> > >
> > > Running S3 suspend/resume before doing VM save/restore could fix a
> > > lot of issue with passthrough PCI and when QEMU gets around to
> > > doing that a TPM following the standard model should just work.
> > > It's useful to have a driver supporting this work.
> > Did you test it with virsh save / restore with the mssim TPM? Does it
> > work? Does it work if you reboot the host in between?
>
> I don't actually use virsh in my harness.  I'm mostly interested in the
> running the kernel TPM selftests against the reference model.  But I
> anticipate it wouldn't currently work because I don't believe virsh
> triggers a S3 event which is why snapshot and migration doesn't always
> work with PCI passthrough.

Then I think you should at least add a blocker to your model so that 
suspend/resume/snapshotting/migration are all disabled because the mssim reference 
implementation doesn't support permanent & volatile state suspend/resume (and 
upgrading!) without significant work on it as can be seen in libtpms.

Why would we support another model for the backend that provides no advantages 
over what is there right now?

  Stefan

> James