From nobody Sun Aug 6 16:47:27 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RJlk15Zjbz4m5S1 for ; Sun, 6 Aug 2023 16:47:37 +0000 (UTC) (envelope-from meka@tilda.center) Received: from c3po.tilda.center (c3po.tilda.center [108.61.164.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RJlk06JrTz4CVL for ; Sun, 6 Aug 2023 16:47:36 +0000 (UTC) (envelope-from meka@tilda.center) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tilda.center header.s=c3po header.b=AgvbF6GU; spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates 108.61.164.129 as permitted sender) smtp.mailfrom=meka@tilda.center; dmarc=pass (policy=reject) header.from=tilda.center Received: from [192.168.111.178] (meka.rs [109.93.255.137]) by c3po.tilda.center (Postfix) with ESMTPSA id 7919533948; Sun, 6 Aug 2023 18:45:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tilda.center; s=c3po; t=1691340309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=C+XMRPA+SSTVUUZdtGxGGDLj7w5hs4PNu95Ro1V/v5U=; b=AgvbF6GUPhuY0MCvMrQ2af0OMlmMtfwGHJevCskb3qU8OAGcD2dyDZUwNuW86k4M/+sQfb Hz10RkiXqiaHrtz2j4674uhBPKw+sJL/MLRYM9UHYOeKSYswJnkfT4+dXE/E4Scf3HWMzk TxcGVLJnT/GbSYp10Aw+7w1+XoHceAg= Content-Type: multipart/alternative; boundary="------------W0KCCeKHHIqE0uZCk00J25MY" Message-ID: <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> Date: Sun, 6 Aug 2023 18:47:27 +0200 List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? To: Michael Dexter , "freebsd-virtualization@freebsd.org" References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> Content-Language: en-US From: =?UTF-8?Q?Goran_Meki=c4=87?= In-Reply-To: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> X-Spamd-Result: default: False [-2.87 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.965]; DMARC_POLICY_ALLOW(-0.50)[tilda.center,reject]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[tilda.center:s=c3po]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ONCE_RECEIVED(0.10)[]; MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:20473, ipnet:108.61.164.0/22, country:US]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DKIM_TRACE(0.00)[tilda.center:+]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_SOME(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4RJlk06JrTz4CVL This is a multi-part message in MIME format. --------------W0KCCeKHHIqE0uZCk00J25MY Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 8/2/23 02:28, Michael Dexter wrote: > Hello all, > > Long-time bhyve-in-production user Jason Tubnor pointed out that a > recent Windows 11 update breaks the "lab mode" under which Windows 11 > could be run without a TPM (Trusted Platform Module) chip via a > registry edit. Corvin has made significant progress with TPM > pass-through support but it only supports one VM associated with the > hardware TPM. > > This 3-clause BSD-license software TPM project has existed but I have > never heard it brought up in the bhyve context, possibly because of > the available workaround: > > https://github.com/stefanberger/swtpm > > Is anyone be willing to look into porting this to bhyve? > > All the best, > > Michael > Hello, If anyone can take a look and merge these, it would be a start: * libtpms https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272972 * swtpm https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272973 As I never read bhyve code before, I will start glancing it and trying to figure out stuff from Corvin's previous PR enabling pass-through for TPM. If anyone has any info to speed me up on this quest, please speak! Thank you! Regards, meka --------------W0KCCeKHHIqE0uZCk00J25MY Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
On 8/2/23 02:28, Michael Dexter wrote:
Hello all,

Long-time bhyve-in-production user Jason Tubnor pointed out that a recent Windows 11 update breaks the "lab mode" under which Windows 11 could be run without a TPM (Trusted Platform Module) chip via a registry edit. Corvin has made significant progress with TPM pass-through support but it only supports one VM associated with the hardware TPM.

This 3-clause BSD-license software TPM project has existed but I have never heard it brought up in the bhyve context, possibly because of the available workaround:

https://github.com/stefanberger/swtpm

Is anyone be willing to look into porting this to bhyve?

All the best,

Michael

Hello,

If anyone can take a look and merge these, it would be a start:

As I never read bhyve code before, I will start glancing it and trying to figure out stuff from Corvin's previous PR enabling pass-through for TPM. If anyone has any info to speed me up on this quest, please speak! Thank you!

Regards,
meka --------------W0KCCeKHHIqE0uZCk00J25MY--