Re: [PATCH 2/2] tpm: add backend for mssim

[Stefan Berger]

On 12/16/22 10:48, James Bottomley wrote:
> On Fri, 2022-12-16 at 09:55 -0500, Stefan Berger wrote:
> > On 12/16/22 09:29, Daniel P. Berrangé wrote:
> >
> > > All the objections you're raising are related to the current
> > > specifics of the implementation of the mssim remote server.
> > > While valid, this is of no concern to QEMU when deciding whether
> > > to require a migration blocker on the client side. This is 3rd
> > > party remote service that should be considered a black box from
> > > QEMU's POV. It is possible to write a remote server that supports
> > > the mssim network protocol, and has the ability to serialize
> > > its state. Whether such an impl exists today or not is separate.
> >
> > Then let's document the scenarios so someone can repeat them, I think
> > this is just fair. James said he tested state migration scenarios and
> > it works, so let's enable others to do it as well. I am open to
> > someone maintaining just this driver and the dynamics that may
> > develop around it.
>
> Well, OK, this is what I think would be appropriate ... I'll fold it in
> to the second patch.
>
> James
>
> ---
>
> diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst
> index 535912a92b..985d0775a0 100644
> --- a/docs/specs/tpm.rst
> +++ b/docs/specs/tpm.rst
> @@ -270,6 +270,38 @@ available as a module (assuming a TPM 2 is passed through):
>     /sys/devices/LNXSYSTEM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0/pcr-sha256/9
>     ...
>   
> +The QEMU TPM Microsoft Simulator Device
> +---------------------------------------
> +
> +The TCG provides a reference implementation for TPM 2.0 written by
> +Microsoft (See `ms-tpm-20-ref`_ on github).  The reference implementation
> +starts a network server and listens for TPM commands on port 2321 and
> +TPM Platform control commands on port 2322, although these can be
> +altered.  The QEMU mssim TPM backend talks to this implementation.  By
> +default it connects to the default ports on localhost:
> +
> +.. code-block:: console
> +
> +  qemu-system-x86_64 <qemu-options> \
> +    -tpmdev mssim,id=tpm0 \
> +    -device tpm-crb,tpmdev=tpm0
> +
> +
> +Although it can also communicate with a remote host, which must be
> +specified as a SocketAddress via json on the command line for each of
> +the command and control ports:
> +
> +.. code-block:: console
> +
> +  qemu-system-x86_64 <qemu-options> \
> +    -tpmdev 
> "{'type':'mssim','id':'tpm0','command':{'type':inet,'host':'remote','port':'2321'},'control':{'type':'inet','host':'remote','port':'2322'}}"
>  \
> +    -device tpm-crb,tpmdev=tpm0
> +
> +
> +The mssim backend supports snapshotting and migration, but the state
> +of the Microsoft Simulator server must be preserved (or the server
> +kept running) outside of QEMU for restore to be successful.

You said you tested it. Can you show how to set it up with command lines? I 
want to try out at least suspend and resume .



   Stefan

> +
>   The QEMU TPM emulator device
>   ----------------------------
>   
> @@ -526,3 +558,6 @@ the following:
>   
>   .. _SWTPM protocol:
>      https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod
> +
> +.. _ms-tpm-20-ref:
> +   https://github.com/microsoft/ms-tpm-20-ref