Date: Sat, 19 Aug 2023 17:27:37 +0200 From: =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center> To: virtualization@freebsd.org Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <cffa6e51-7b60-2676-d0bb-a7bea6f120da@tilda.center> In-Reply-To: <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org> <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/19/23 10:27, Goran Mekić wrote: >>> With updated port there's also support for CUSE, which would allow >>> swtpm >>> to be used with pass-through. The problem is that socket and CUSE >>> have >>> problems which I described in upstream issue: >>> https://github.com/stefanberger/swtpm/issues/820. If there are any >>> suggestions how to fix that fuse error, I'd like to hear them and try >>> and fix it. >>> >>> Regards, >>> meka > > Hello, > > I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has > totally different implementation, so it can not be used by swtpm. As > swtpm has control and server channels, I suppose we need both. To > start both: > > # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl > type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server > type=unixio,path=/tmp/mytpm1/server > > Now to initialize it one should run > > # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i > > If -i is replaced with --stop, swtpm is stopped. Now if I understand > correctly, init function of bhyve should do -i, deinit should do > --stop. If that's correct, I will start implementing init and for now > ignore deinit. As swtpm is BSD licenced, I think it is OK for us to > reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, > please point it out. > > Regards, > meka > > I managed to initialize the swtpm by butchering swtpm_ioctl code and creating this: https://bsd.to/Dq7c. I know that for bhyve it's not viable to include from port, but at this point I just want to make some progress and then I'll see how to properly do it. As swtpm is BSD-3-Clause licensed, we should probably import it to base, but I'll worry about that part when at least something starts working. Regards, meka
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cffa6e51-7b60-2676-d0bb-a7bea6f120da>