Date: Mon, 07 Aug 2023 10:04:38 +0200 From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org> To: Goran =?iso-8859-2?Q?Meki=E6?= <meka@tilda.center>, Michael Dexter <editor@callfortesting.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> In-Reply-To: <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-x4WA/7BDJaYhC8j9upAc Content-Type: multipart/alternative; boundary="=-PT3HxAg6BgH10g8tIXis" --=-PT3HxAg6BgH10g8tIXis Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, 2023-08-06 at 18:47 +0200, Goran Meki=C4=87 wrote: > =20 > On 8/2/23 02:28, Michael Dexter wrote: > =20 > > Hello all,=20 > >=20 > > Long-time bhyve-in-production user Jason Tubnor pointed out that a > > recent Windows 11 update breaks the "lab mode" under which Windows > > 11 could be run without a TPM (Trusted Platform Module) chip via a > > registry edit. Corvin has made significant progress with TPM pass- > > through support but it only supports one VM associated with the > > hardware TPM.=20 > >=20 > > This 3-clause BSD-license software TPM project has existed but I > > have never heard it brought up in the bhyve context, possibly > > because of the available workaround:=20 > >=20 > > https://github.com/stefanberger/swtpm=20 > >=20 > > Is anyone be willing to look into porting this to bhyve?=20 > >=20 > > All the best,=20 > >=20 > > Michael=20 > >=20 > Hello, > If anyone can take a look and merge these, it would be a start: > =20 > * libtpms https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272972 > * swtpm https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272973 > =20 > As I never read bhyve code before, I will start glancing it and > trying to figure out stuff from Corvin's previous PR enabling pass- > through for TPM. If anyone has any info to speed me up on this quest, > please speak! Thank you! > Regards, > meka=20 Hi, afaik, qemu is making use of the swtpm project too. So, it'd great to implement it in bhyve. My TPM passthrough emulation is currently under review. See=C2=A0https://reviews.freebsd.org/D32961. I designed it to easily integrate a swtpm in the future. You =C2=A0just hav= e to implement a new tpm backend by adding a new TPM_EMUL_SET. Take a look at the tpm_emul_passthru.c file. Btw: We may have to add additional functions to the TPM_EMUL_SET like a "startup_tpm" function. See=C2=A0https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_b= ackend.h#L52 --=20 Kind regards, Corvin --=-PT3HxAg6BgH10g8tIXis Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <html><head> =20 <style>pre,code,address { margin: 0px; } h1,h2,h3,h4,h5,h6 { margin-top: 0.2em; margin-bottom: 0.2em; } ol,ul { margin-top: 0em; margin-bottom: 0em; } blockquote { margin-top: 0em; margin-bottom: 0em; } </style></head> <body><div>On Sun, 2023-08-06 at 18:47 +0200, Goran Meki=C4=87 wrote:</di= v><blockquote type=3D"cite" style=3D"margin:0 0 0 .8ex; border-left:2px #72= 9fcf solid;padding-left:1ex"><div> </div><div class=3D"moz-cite-prefix">On = 8/2/23 02:28, Michael Dexter wrote:<br> </div><div> <br></div><blockquote t= ype=3D"cite" cite=3D"mid:662af723-de9f-36d9-c960-ef08379ca26e@callfortestin= g.org" style=3D"margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-le= ft:1ex"><div>Hello all, <br> <br> Long-time bhyve-in-production user Jason = Tubnor pointed out that a recent Windows 11 update breaks the "lab mode" un= der which Windows 11 could be run without a TPM (Trusted Platform Module) c= hip via a registry edit. Corvin has made significant progress with TPM pass= -through support but it only supports one VM associated with the hardware T= PM. <br> <br> This 3-clause BSD-license software TPM project has existed bu= t I have never heard it brought up in the bhyve context, possibly because o= f the available workaround: <br> <br> <a class=3D"moz-txt-link-freetext" hr= ef=3D"https://github.com/stefanberger/swtpm">https://github.com/stefanberge= r/swtpm</a> <br> <br> Is anyone be willing to look into porting this to bhy= ve? <br> <br> All the best, <br> <br> Michael <br> <br> </div></blockquote>= <div> Hello,<br> </div><p>If anyone can take a look and merge these, it wou= ld be a start:</p><div> </div><ul> <li>libtpms <a class=3D"moz-txt-link-fre= etext" href=3D"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272972">= https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272972</a></li>; <li>swt= pm <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.freebsd.org/bugz= illa/show_bug.cgi?id=3D272973">https://bugs.freebsd.org/bugzilla/show_bug.c= gi?id=3D272973</a></li> </ul><div> </div><p>As I never read bhyve code befo= re, I will start glancing it and trying to figure out stuff from Corvin's p= revious PR enabling pass-through for TPM. If anyone has any info to speed m= e up on this quest, please speak! Thank you!</p><div> Regards,<br> meka </d= iv></blockquote><div><br></div><div>Hi,</div><div><br></div><div>afaik, qem= u is making use of the swtpm project too. So, it'd great to implement it in= bhyve.</div><div><br></div><div>My TPM passthrough emulation is currently = under review. See <a href=3D"https://reviews.freebsd.org/D32961">https= ://reviews.freebsd.org/D32961</a>.</div><div><br></div><div>I designed it t= o easily integrate a swtpm in the future. You just have to implement = a new tpm backend by adding a new TPM_EMUL_SET.</div><div>Take a look at th= e tpm_emul_passthru.c file.</div><div><br></div><div>Btw: We may have to ad= d additional functions to the TPM_EMUL_SET like a "startup_tpm" function. S= ee <a href=3D"https://elixir.bootlin.com/qemu/latest/source/include/sy= semu/tpm_backend.h#L52">https://elixir.bootlin.com/qemu/latest/source/inclu= de/sysemu/tpm_backend.h#L52</a></div><div><br></div><div><br></div><div><sp= an><pre>-- <br></pre><pre>Kind regards, Corvin </pre></span></div></body></html> --=-PT3HxAg6BgH10g8tIXis-- --=-x4WA/7BDJaYhC8j9upAc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmTQpZYACgkQ2FTaVjFe AmpuLw/+NEg/hXPcvheiuhKQ0s2CyK8zLnmv4nuSftjbgem2DCD3PTFoxkbLF/7W F9QCdEjyjmEQbvdBcD23H/BiwfiOztcjuLFq0vrgs9mB+Er98Rj8LZ2RIfJA66lA C7np8QJ//kr1gfJm7dgGIiyt0k8mWHZIRoJI9hfYYtqz0ey6MRwGGcHqzA0WU72/ ajlqvihuqkRVCI2EpX1Mguq9tOmZ84LRDH5I3+GYz3txTGxGAnngkDPUF+0Sh49o Ti/3ZIjXbE4wsM0tO2iIbjlabFmvo9jZlIk0gC0SbAyKHTRLwmza83VsgxkzHxr4 l7NkMqWLhT1ltNH/lH8KukzUT6vqoSkwh0BqUbxVjLNX6lS1lwsGt9o/aNBy0D05 Mwt2O/CPFhGVQvuaYYtgZnHS8cy2sclEVEdUzDU5Jb8alcblW/WIQulBcHfeP+0y ZPABxRYvkME3TYHkKN4MAkluI85YH1zDK80ftnMmyb6a3F9CFbx+dlH+LWAB7Jxf 0C40QQJE0RvaYGylEGUFJ4TBFG9S045Qsv/LZhzABebikkG2/Cd3oumV0QdGaep0 UTOLzsi3CMmD/fA+JHi9h7BamhCE+K/rHDbCP4E/hl2/FVE8xYV1UGIgCmk8vv4n ploofjC83tPnTW+XP6xg+NRBdsKWsPZowTfBl9GTwCLQzDCEMG0= =8YAl -----END PGP SIGNATURE----- --=-x4WA/7BDJaYhC8j9upAc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel>