From nobody Fri Aug 11 07:06:05 2023
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RMZZn00KYz4mMnq
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Fri, 11 Aug 2023 07:06:09 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RMZZm5VMkz3HKR;
	Fri, 11 Aug 2023 07:06:08 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1691737568;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ShMd+6yxb6+DKcFTHWrjAfmc0ZKSA9S9/R8d6Hx1svc=;
	b=TpjZzMfKTwPKjKrod3ZrViEnoojWQqA7g2UoU0hD2ajOp2VFoJhHjHoZ460WHwFES5vW2b
	vxsIrEB6j/b+V8AxEmEdyunV7r45ZOiBcok8hKCHotI7fAdxWBBNqoshDUvba6t+Vp40jK
	ajPRa5QAQPBhi6UXYonsS1RF1ZcasJn6guvhkdNLW34HzzCJ7Y1habwYXjWXZzuzuCCbKH
	N0cpSMXEYIYoE7nDerUdqsP6D+qnCbHUQlchmd5ZVPPX2K1nsnB62NNt8pFaF5xexhtncx
	WWfU2i3elren1J308+4ucyDDWbQNbbLqbaQ/fvoSoXzdINCj5wppqQv8CcN7Zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1691737568;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ShMd+6yxb6+DKcFTHWrjAfmc0ZKSA9S9/R8d6Hx1svc=;
	b=tsUUwx8DR5bq7ffOO4vHhFhmsMVZ4oGH8uzbxdAeOAtW/mzllqQySZC/tfmZyfezvebWmn
	2OP4tp4fdpnw2mV1NWxFs7oCr2jWkUpiAuG3ckAKmW+yRah6rxQ7O5A7qIoh9VMvjEKinY
	apriS/QZLFohgHLvm9eA+LTxilHFL5Ol7GzG45miOT4wmt6HY6cu80LSN8jPB6eC108Ee4
	NMlLgSvaBJwGtZyZEHoUblhutsvQEQDSyNzm8R7/7k8dU1pWlHN+dAqUOF2LTcbmJlj2jv
	vq6Zmn/fBK0nbe3k6knDD5SGR13uFz2793Zks7DoK9q4tXC5LebBYC77Kxp8wQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691737568; a=rsa-sha256; cv=none;
	b=LTLBLujLr9ETuxUguYe7DDDQMvIDbua7rI/HVIeAb8oqDvI0nb0RFeTkfruCLvu5S4E+3j
	LzF2u07acCbaUzhbgmznLgeNUaeytbyquAK4Ljwy9S5rYxEakNba3TvwSDid+aBhmc/XQT
	ElhoZq3Mw51Crl6Wq3/1ebiZPJy3qwrDcfAtrrojAziVbwaU/cKtvujelhtscKblro/nl2
	Zhvz9q5vUQJWK1sMQvfcE1d79+kQGMwDcuX8wP8MhCslITy/kPl2p/9xq5dwxLXtWomf7z
	v5f4pZVPTDkqD+QNNWa8YZ1Iw5T5+rQAm+U9tQoXThbpzLCe6VrZcY+002ZCKg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from [172.21.179.63] (unknown [195.226.174.194])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: corvink)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4RMZZm1T6pzsyj;
	Fri, 11 Aug 2023 07:06:08 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Message-ID: <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org>
Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org>
To: Goran =?iso-8859-2?Q?Meki=E6?= <meka@tilda.center>, 
	"freebsd-virtualization@freebsd.org"
	 <freebsd-virtualization@freebsd.org>
Date: Fri, 11 Aug 2023 09:06:05 +0200
In-Reply-To: <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center>
References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org>
	 <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center>
	 <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org>
	 <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center>
Content-Type: multipart/signed; micalg="pgp-sha256";
	protocol="application/pgp-signature"; boundary="=-gyC+CqPwAv19MqzDm2BC"
User-Agent: Evolution 3.48.4 
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
Sender: owner-freebsd-virtualization@freebsd.org
X-BeenThere: freebsd-virtualization@freebsd.org
MIME-Version: 1.0


--=-gyC+CqPwAv19MqzDm2BC
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2023-08-10 at 16:41 +0200, Goran Meki=C4=87 wrote:
> =C2=A0
> On 8/7/23 10:04, Corvin K=C3=B6hne wrote:
> =C2=A0
> =C2=A0
> > =C2=A0=C2=A0=C2=A0
> > Hi,
> > =C2=A0
> >=20
> > =C2=A0
> > =C2=A0
> > afaik, qemu is making use of the swtpm project too. So, it'd great
> > to implement it in bhyve.
> > =C2=A0
> >=20
> > =C2=A0
> > =C2=A0
> > My TPM passthrough emulation is currently under review.
> > See=C2=A0https://reviews.freebsd.org/D32961.
> > =C2=A0
> >=20
> > =C2=A0
> > =C2=A0
> > I designed it to easily integrate a swtpm in the future. You =C2=A0just
> > have to implement a new tpm backend by adding a new TPM_EMUL_SET.
> > =C2=A0
> > Take a look at the tpm_emul_passthru.c file.
> > =C2=A0
> >=20
> > =C2=A0
> > =C2=A0
> > Btw: We may have to add additional functions to the TPM_EMUL_SET
> > like a "startup_tpm" function.
> > See=C2=A0https://elixir.bootlin.com/qemu/latest/source/include/sysemu/t=
p
> > m_backend.h#L52
> > =C2=A0
> =C2=A0
> Hello,
> =C2=A0
> I was looking at tpm_emul_passthru.c and I've seen it uses open(2)
> and write(2) for initialization and command execution. From before
> (https://youtu.be/5wDs1K5ppbQ?t=3D940) I know you planned on adding tpm
> pass-through, which I think was just merged.

There are still two open reviews required for tpm passthrough to work
properly:
https://reviews.freebsd.org/D40462
https://reviews.freebsd.org/D32961

> Anyway, if pass-through uses open and write, can it be used together
> with swtpm, maybe? I can successfully run the following command:
> =C2=A0
> swtpm socket --tpmstate dir=3D/tmp/mytpm1 --ctrl
> type=3Dunixio,path=3D/tmp/mytpm1/swtpm-sock --tpm2 --log level=3D20
> =C2=A0
> I can see /tmp/mytpm/swtpm-sock but I don't know how to try to use it
> with pass-through.
> =C2=A0

I don't think that this will work because the swtpm has to be
initialized before using while the passthrough device doesn't. So, it's
not implemented in bhyve yet. See
https://elixir.bootlin.com/qemu/latest/source/backends/tpm/tpm_emulator.c#L=
417
https://elixir.bootlin.com/qemu/latest/source/hw/tpm/tpm_crb.c#L279

> Regards,
> =C2=A0meka


--=20
Kind regards,
Corvin

--=-gyC+CqPwAv19MqzDm2BC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmTV3d0ACgkQ2FTaVjFe
AmoJGg/8CEwZS/yuNU+5tEaNE+GzAyP5lKWBgYOcLjX4bckSkKTBu8jJk+CYuSwh
Np0BG/5cCkbckULSBzvTNMVbH/+hzQDqMnUv8K9zmHlwYTID6YDKjaaqPrVwIuiG
hwcm18NsiogYPAhoW3GaviqBggG8i0QvQBa3lDKAO5vgZRaOuQOj6z7BH7C169VR
rqhUoEVf51XuBcZye++wt+cj5dgHwguss6rKLAvveoQGk8WU2xjJQ3UjEekYMLtm
xXiHn5Xwa1whvy0Np1cediJiNn9LgkTObO3SJ479LO2G8wVbSM6I7Z7ZYtM6u0T6
33KREn4iNlhKJs1gbzJ1BMvdfD/ERuLCXEP0VN9OeTT84PpV7AOr99pBokKdDoFX
dL499b9/D59FGwudL9vYYOJdDlQU/oW9fPJNmKgeqo3iGYOtJOl/R2GolnsUBrdm
1RDb49i2otDZEUSqf+qBrqwVDkqdkBLhDtNIaor1vr4P2PZOTuDsBt+5EenGCJ3D
Pdk8GgmO8zSBODmRuZoNpj649XJvnVT+v1MUsGj++39biC8glrWswQ84ftRlDO6R
5Te5v81tg9MEcI61XeYnaJmB0qjI9LnNDUmKldLkWX1bSDpAHC8o3yKqWbddzQFq
/B4akROaBJ8zYJv954fsBItyp8tbmu9H7frSMGOSgZrq4jfS0Kg=
=K4+x
-----END PGP SIGNATURE-----

--=-gyC+CqPwAv19MqzDm2BC--