qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] tpm: add backend for mssim


From: Stefan Berger
Subject: Re: [PATCH 2/2] tpm: add backend for mssim
Date: Thu, 15 Dec 2022 14:35:57 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1



On 12/15/22 14:22, James Bottomley wrote:
On Thu, 2022-12-15 at 13:46 -0500, Stefan Berger wrote:


On 12/15/22 13:01, James Bottomley wrote:
From: James Bottomley <James.Bottomley@HansenPartnership.com>

The Microsoft Simulator (mssim) is the reference emulation platform
for the TCG TPM 2.0 specification.

https://github.com/Microsoft/ms-tpm-20-ref.git

It exports a fairly simple network socket baset protocol on two
sockets, one for command (default 2321) and one for control
(default
2322).  This patch adds a simple backend that can speak the mssim
protocol over the network.  It also allows the host, and two ports
to
be specified on the qemu command line.  The benefits are twofold:
firstly it gives us a backend that actually speaks a standard TPM
emulation protocol instead of the linux specific TPM driver format
of
the current emulated TPM backend and secondly, using the microsoft
protocol, the end point of the emulator can be anywhere on the
network, facilitating the cloud use case where a central TPM
service
can be used over a control network.

The implementation does basic control commands like power off/on,
but
doesn't implement cancellation or startup.  The former because
cancellation is pretty much useless on a fast operating TPM
emulator
and the latter because this emulator is designed to be used with
OVMF
which itself does TPM startup and I wanted to validate that.

To run this, simply download an emulator based on the MS
specification
(package ibmswtpm2 on openSUSE) and run it, then add these two
lines
to the qemu command and it will use the emulator.

      -tpmdev mssim,id=tpm0 \
      -device tpm-crb,tpmdev=tpm0 \

to use a remote emulator replace the first line with

      -tpmdev
"{'type':'mssim','id':'tpm0','command':{'type':inet,'host':'remote'
,'port':'2321'}}"

tpm-tis also works as the backend.

Since this device does not properly support migration you have to
register a migration blocker.

Actually it seems to support migration just fine.  Currently the PCR's
get zero'd which is my fault for doing a TPM power off/on, but
switching that based on state should be an easy fix.

How do you handle virsh save  -> host reboot -> virsh restore?

You should also add a description to docs/specs/tpm.rst.

    Stefan


James




reply via email to

[Prev in Thread] Current Thread [Next in Thread]