Date: Sat, 19 Aug 2023 17:27:37 +0200 From: =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center> To: virtualization@freebsd.org Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <cffa6e51-7b60-2676-d0bb-a7bea6f120da@tilda.center> In-Reply-To: <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org> <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center>
index | next in thread | previous in thread | raw e-mail
On 8/19/23 10:27, Goran Mekić wrote: >>> With updated port there's also support for CUSE, which would allow >>> swtpm >>> to be used with pass-through. The problem is that socket and CUSE >>> have >>> problems which I described in upstream issue: >>> https://github.com/stefanberger/swtpm/issues/820. If there are any >>> suggestions how to fix that fuse error, I'd like to hear them and try >>> and fix it. >>> >>> Regards, >>> meka > > Hello, > > I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has > totally different implementation, so it can not be used by swtpm. As > swtpm has control and server channels, I suppose we need both. To > start both: > > # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl > type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server > type=unixio,path=/tmp/mytpm1/server > > Now to initialize it one should run > > # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i > > If -i is replaced with --stop, swtpm is stopped. Now if I understand > correctly, init function of bhyve should do -i, deinit should do > --stop. If that's correct, I will start implementing init and for now > ignore deinit. As swtpm is BSD licenced, I think it is OK for us to > reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, > please point it out. > > Regards, > meka > > I managed to initialize the swtpm by butchering swtpm_ioctl code and creating this: https://bsd.to/Dq7c. I know that for bhyve it's not viable to include from port, but at this point I just want to make some progress and then I'll see how to properly do it. As swtpm is BSD-3-Clause licensed, we should probably import it to base, but I'll worry about that part when at least something starts working. Regards, mekahome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cffa6e51-7b60-2676-d0bb-a7bea6f120da>