Date: Mon, 21 Aug 2023 08:45:42 +0200 From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org> To: Goran =?iso-8859-2?Q?Meki=E6?= <meka@tilda.center>, virtualization@freebsd.org Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <17c2de9cdefd2d04b65038ddff17b584f48833ea.camel@FreeBSD.org> In-Reply-To: <1a0a0a4fd3f71a281876d9cb726fc59a45501b06.camel@FreeBSD.org> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org> <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center> <cffa6e51-7b60-2676-d0bb-a7bea6f120da@tilda.center> <4cf9b819-2a41-8bc1-16a7-60a1eac04e28@tilda.center> <1a0a0a4fd3f71a281876d9cb726fc59a45501b06.camel@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-Rv3eDWkqFvI8vXtk/mZ1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2023-08-21 at 08:35 +0200, Corvin K=C3=B6hne wrote: > On Sun, 2023-08-20 at 19:52 +0200, Goran Meki=C4=87 wrote: > > On 8/19/23 17:27, Goran Meki=C4=87 wrote: > > > On 8/19/23 10:27, Goran Meki=C4=87 wrote: > > > > > > With updated port there's also support for CUSE, which > > > > > > would > > > > > > allow > > > > > > swtpm > > > > > > to be used with pass-through. The problem is that socket > > > > > > and > > > > > > CUSE > > > > > > have > > > > > > problems which I described in upstream issue: > > > > > > https://github.com/stefanberger/swtpm/issues/820. If there > > > > > > are any > > > > > > suggestions how to fix that fuse error, I'd like to hear > > > > > > them > > > > > > and try > > > > > > and fix it. > > > > > >=20 > > > > > > Regards, > > > > > > meka > > > >=20 > > > > Hello, > > > >=20 > > > > I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE > > > > has=20 > > > > totally different implementation, so it can not be used by > > > > swtpm. > > > > As=20 > > > > swtpm has control and server channels, I suppose we need both. > > > > To > > > > start both: > > > >=20 > > > > # swtpm socket --tpmstate dir=3D/tmp/mytpm1 --ctrl=20 > > > > type=3Dunixio,path=3D/tmp/mytpm1/ctrl --tpm2 --log level=3D20 -- > > > > server=20 > > > > type=3Dunixio,path=3D/tmp/mytpm1/server > > > >=20 > > > > Now to initialize it one should run > > > >=20 > > > > # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i > > > >=20 > > > > If -i is replaced with --stop, swtpm is stopped. Now if I > > > > understand=20 > > > > correctly, init function of bhyve should do -i, deinit should > > > > do=20 > > > > --stop. If that's correct, I will start implementing init and > > > > for > > > > now=20 > > > > ignore deinit. As swtpm is BSD licenced, I think it is OK for > > > > us > > > > to=20 > > > > reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about > > > > anything,=20 > > > > please point it out. > > > >=20 > > > > Regards, > > > > meka > > > >=20 > > > >=20 > > > I managed to initialize the swtpm by butchering swtpm_ioctl code > > > and=20 > > > creating this: https://bsd.to/Dq7c. I know that for bhyve it's > > > not=20 > > > viable to include from port, but at this point I just want to > > > make=20 > > > some progress and then I'll see how to properly do it. As swtpm > > > is=20 > > > BSD-3-Clause licensed, we should probably import it to base, but > > > I'll=20 > > > worry about that part when at least something starts working. > > >=20 > > > Regards, > > > meka > > >=20 > > >=20 > > To make it easier to progress, I created repository for my TPM=20 > > playground: https://github.com/mekanix/tpmplay. The code currently=20 > > somewhat resembles tpm_emul_passthru.c. It implements init, deinit > > and=20 > > ctrlcmd. I'm confused a bit because swtpm has two sockets, one for=20 > > control one for data. Looking at tpm_emul_passthru.c I can see one > > fd > > is=20 > > used for all commands. If I'm correct, TSS is used for data > > channel:=20 > > https://github.com/stefanberger/swtpm/wiki/Using-the-IBM-TSS-with-swtpm= #socket-interface > > . > > How come pass-through doesn't have ctrl/data channels? > >=20 > > Regards, > > meka > >=20 > >=20 >=20 > Hi, >=20 > The passthrough implementation is conceptionally similar to qemu's > passthrough implementation. You can take a look at it here: > https://elixir.bootlin.com/qemu/v8.0.4/source/backends/tpm/tpm_passthroug= h.c > The swtpm implemenation of qemu is found here: > https://elixir.bootlin.com/qemu/latest/source/backends/tpm/tpm_emulator.c > I'd prefer that the swtpm of bhyve is similar to qemu's implemenation > as well. Afaik, qemu doesn't include the swtpm code. Would be nice > for > bhyve too. >=20 > Looking at the use cases of the ctrl channel (set_locality, stop_tpm, > get_established_flag, ...), none of them are used by the passthrough > implementation or they are dummy implementations. >=20 > Note, that most of them, if not all, don't make sense for a > passthrough > implementation. >=20 >=20 Btw. you can also look into qemu's doc on how it starts a tpm emulator: https://qemu-project.gitlab.io/qemu/specs/tpm.html#the-qemu-tpm-emulator-de= vice --=20 Kind regards, Corvin --=-Rv3eDWkqFvI8vXtk/mZ1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmTjCBYACgkQ2FTaVjFe AmrF3w//WJCCC3dbEgIeZrQh2+I6lE6fb1KpHNJc41LaBzhpMFp9sriQiywhzfOT V07O9OpTGK0x5KNY23tvKOWJilRfLkuPG/fyGny+fZ5AE/q7aLhzwCvx/epyGhsd z03c3Pi8ZmFcsLGXLhrv4KThBPkgz6L7O8g2YcLJCqfPOcdgJ7NxQ3auXujp+/MW 1cEE3gvMIlA5k2f0UpkSNMtWJdVRpL0HrMcgTAth60FU1auPh5+JPsiLxk65W7an yQEv45UBef3CH9xfW40Bzz4OnxSCfVAIvzLvlziEmHxHuPtgEjDkwSSmTHyqmOla sf/ueyJxrL2tgulCc9VrjVgIalRMO0qY9YsHwjkNKxlaf9VB/FyLKsO/6P9eB+p0 xwiwIxJykY70iKpv/DXIWem77x42H6VJg9pN4rOIl/BOVp11BnmAjZZRGp21BI3A YSN3Yy1apUHO5Nyq6qnn9yJXxEu1pnwXfVbVjrDQQFm8DHp542wFUVQhbsvShNcv 7zE16Pd8wAJpn0oqYksAH5HmeJqwUcdoilQp2BasWU0MJJLw1eYjHBsE70H5Wm/h hVvehLDhK0ingnzMHBCGHtqpLGzDQYJJz/EBl4ctvexnl5Bpeef4G798WuB0M1y/ t4KaAcEFbi14WGnU+RX4yfIsBg/iJF0WWIJyG2KQkDM4hrYf5oY= =mz8T -----END PGP SIGNATURE----- --=-Rv3eDWkqFvI8vXtk/mZ1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17c2de9cdefd2d04b65038ddff17b584f48833ea.camel>