From nobody Thu Aug 10 14:41:56 2023
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RM8lM0t0bz4mMpl
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Thu, 10 Aug 2023 14:42:07 +0000 (UTC)
	(envelope-from meka@tilda.center)
Received: from c3po.tilda.center (c3po.tilda.center [108.61.164.129])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RM8lL2M2lz3b0F
	for <freebsd-virtualization@freebsd.org>; Thu, 10 Aug 2023 14:42:06 +0000 (UTC)
	(envelope-from meka@tilda.center)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=tilda.center header.s=c3po header.b=Bgd5z9Hg;
	spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates 108.61.164.129 as permitted sender) smtp.mailfrom=meka@tilda.center;
	dmarc=pass (policy=reject) header.from=tilda.center
Received: from [192.168.111.178] (meka.rs [109.93.255.137])
	by c3po.tilda.center (Postfix) with ESMTPSA id 8CA9D3C91E
	for <freebsd-virtualization@freebsd.org>; Thu, 10 Aug 2023 16:39:35 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tilda.center;
	s=c3po; t=1691678376;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=KVz+Z6/FyWrWrh7FeRhb2uE4Yovbjdhrz08ugAGo3Fk=;
	b=Bgd5z9HguIHhPizTfevcHvLcfjgcO+bRtN8h7ZD0moFA9TL5wLY5/BCHJcBhnl4+dcYARk
	49dnWN++FVN4A9HX6HOHp8ot+YrurWYG0HEIiL3R+afSvRKRh4jJqHgR9NeKFuSZZWlKQp
	nS/FDzSwxwH2uHeVluP10H52nF/M2pQ=
Content-Type: multipart/alternative;
 boundary="------------5JEomuJTZc5jI8v1L0YC1pHY"
Message-ID: <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center>
Date: Thu, 10 Aug 2023 16:41:56 +0200
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
Sender: owner-freebsd-virtualization@freebsd.org
X-BeenThere: freebsd-virtualization@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.14.0
Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
Content-Language: en-US
To: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org>
 <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center>
 <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org>
From: =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center>
In-Reply-To: <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org>
X-Spamd-Result: default: False [-2.87 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-0.999];
	NEURAL_HAM_MEDIUM(-0.97)[-0.970];
	DMARC_POLICY_ALLOW(-0.50)[tilda.center,reject];
	R_SPF_ALLOW(-0.20)[+mx];
	R_DKIM_ALLOW(-0.20)[tilda.center:s=c3po];
	ONCE_RECEIVED(0.10)[];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	ASN(0.00)[asn:20473, ipnet:108.61.164.0/22, country:US];
	RCVD_TLS_ALL(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCVD_COUNT_ONE(0.00)[1];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-virtualization@freebsd.org];
	DKIM_TRACE(0.00)[tilda.center:+];
	MID_RHS_MATCH_FROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	TO_DN_EQ_ADDR_ALL(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Spamd-Bar: --
X-Rspamd-Queue-Id: 4RM8lL2M2lz3b0F

This is a multi-part message in MIME format.
--------------5JEomuJTZc5jI8v1L0YC1pHY
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 8/7/23 10:04, Corvin Köhne wrote:
> Hi,
>
> afaik, qemu is making use of the swtpm project too. So, it'd great to 
> implement it in bhyve.
>
> My TPM passthrough emulation is currently under review. See 
> https://reviews.freebsd.org/D32961.
>
> I designed it to easily integrate a swtpm in the future. You  just 
> have to implement a new tpm backend by adding a new TPM_EMUL_SET.
> Take a look at the tpm_emul_passthru.c file.
>
> Btw: We may have to add additional functions to the TPM_EMUL_SET like 
> a "startup_tpm" function. See 
> https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_backend.h#L52

Hello,

I was looking at tpm_emul_passthru.c and I've seen it uses open(2) and 
write(2) for initialization and command execution. From before 
(https://youtu.be/5wDs1K5ppbQ?t=940) I know you planned on adding tpm 
pass-through, which I think was just merged. Anyway, if pass-through 
uses open and write, can it be used together with swtpm, maybe? I can 
successfully run the following command:

swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl 
type=unixio,path=/tmp/mytpm1/swtpm-sock --tpm2 --log level=20

I can see /tmp/mytpm/swtpm-sock but I don't know how to try to use it 
with pass-through.

Regards,
meka

--------------5JEomuJTZc5jI8v1L0YC1pHY
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">On 8/7/23 10:04, Corvin Köhne wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <style>pre,code,address {
  margin: 0px;
}h1,h2,h3,h4,h5,h6 {
  margin-top: 0.2em;
  margin-bottom: 0.2em;
}ol,ul {
  margin-top: 0em;
  margin-bottom: 0em;
}blockquote {
  margin-top: 0em;
  margin-bottom: 0em;
}</style>
      <div>Hi,</div>
      <div><br>
      </div>
      <div>afaik, qemu is making use of the swtpm project too. So, it'd
        great to implement it in bhyve.</div>
      <div><br>
      </div>
      <div>My TPM passthrough emulation is currently under review. See <a
          href="https://reviews.freebsd.org/D32961"
          moz-do-not-send="true" class="moz-txt-link-freetext">https://reviews.freebsd.org/D32961</a>.</div>
      <div><br>
      </div>
      <div>I designed it to easily integrate a swtpm in the future. You
         just have to implement a new tpm backend by adding a new
        TPM_EMUL_SET.</div>
      <div>Take a look at the tpm_emul_passthru.c file.</div>
      <div><br>
      </div>
      <div>Btw: We may have to add additional functions to the
        TPM_EMUL_SET like a "startup_tpm" function. See <a
href="https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_backend.h#L52"
          moz-do-not-send="true" class="moz-txt-link-freetext">https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_backend.h#L52</a></div>
    </blockquote>
    <p>Hello,</p>
    <p>I was looking at tpm_emul_passthru.c and I've seen it uses
      open(2) and write(2) for initialization and command execution.
      From before (<a class="moz-txt-link-freetext" href="https://youtu.be/5wDs1K5ppbQ?t=940">https://youtu.be/5wDs1K5ppbQ?t=940</a>) I know you
      planned on adding tpm pass-through, which I think was just merged.
      Anyway, if pass-through uses open and write, can it be used
      together with swtpm, maybe? I can successfully run the following
      command:</p>
    <p>swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl
      type=unixio,path=/tmp/mytpm1/swtpm-sock --tpm2 --log level=20</p>
    <p>I can see /tmp/mytpm/swtpm-sock but I don't know how to try to
      use it with pass-through.</p>
    <p>Regards,<br>
      meka<br>
    </p>
  </body>
</html>

--------------5JEomuJTZc5jI8v1L0YC1pHY--