Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Aug 2023 10:27:12 +0200
From:      =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center>
To:        virtualization@freebsd.org
Subject:   Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
Message-ID:  <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center>
In-Reply-To: <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org>
References:  <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
>> With updated port there's also support for CUSE, which would allow
>> swtpm
>> to be used with pass-through. The problem is that socket and CUSE
>> have
>> problems which I described in upstream issue:
>> https://github.com/stefanberger/swtpm/issues/820. If there are any
>> suggestions how to fix that fuse error, I'd like to hear them and try
>> and fix it.
>>
>> Regards,
>> meka

Hello,

I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has 
totally different implementation, so it can not be used by swtpm. As 
swtpm has control and server channels, I suppose we need both. To start 
both:

# swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl 
type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server 
type=unixio,path=/tmp/mytpm1/server

Now to initialize it one should run

# swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i

If -i is replaced with --stop, swtpm is stopped. Now if I understand 
correctly, init function of bhyve should do -i, deinit should do --stop. 
If that's correct, I will start implementing init and for now ignore 
deinit. As swtpm is BSD licenced, I think it is OK for us to reuse parts 
of swtpm_ioctl code. Anyway, if I'm wrong about anything, please point 
it out.

Regards,
meka

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2d2f8c74-47d0-ebb1-154f-3aab68d8a084>