Date: Sun, 20 Aug 2023 19:52:43 +0200 From: =?UTF-8?Q?Goran_Meki=c4=87?= <meka@tilda.center> To: virtualization@freebsd.org Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <4cf9b819-2a41-8bc1-16a7-60a1eac04e28@tilda.center> In-Reply-To: <cffa6e51-7b60-2676-d0bb-a7bea6f120da@tilda.center> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org> <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center> <cffa6e51-7b60-2676-d0bb-a7bea6f120da@tilda.center>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/19/23 17:27, Goran Mekić wrote: > On 8/19/23 10:27, Goran Mekić wrote: >>>> With updated port there's also support for CUSE, which would allow >>>> swtpm >>>> to be used with pass-through. The problem is that socket and CUSE >>>> have >>>> problems which I described in upstream issue: >>>> https://github.com/stefanberger/swtpm/issues/820. If there are any >>>> suggestions how to fix that fuse error, I'd like to hear them and try >>>> and fix it. >>>> >>>> Regards, >>>> meka >> >> Hello, >> >> I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has >> totally different implementation, so it can not be used by swtpm. As >> swtpm has control and server channels, I suppose we need both. To >> start both: >> >> # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl >> type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server >> type=unixio,path=/tmp/mytpm1/server >> >> Now to initialize it one should run >> >> # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i >> >> If -i is replaced with --stop, swtpm is stopped. Now if I understand >> correctly, init function of bhyve should do -i, deinit should do >> --stop. If that's correct, I will start implementing init and for now >> ignore deinit. As swtpm is BSD licenced, I think it is OK for us to >> reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, >> please point it out. >> >> Regards, >> meka >> >> > I managed to initialize the swtpm by butchering swtpm_ioctl code and > creating this: https://bsd.to/Dq7c. I know that for bhyve it's not > viable to include from port, but at this point I just want to make > some progress and then I'll see how to properly do it. As swtpm is > BSD-3-Clause licensed, we should probably import it to base, but I'll > worry about that part when at least something starts working. > > Regards, > meka > > To make it easier to progress, I created repository for my TPM playground: https://github.com/mekanix/tpmplay. The code currently somewhat resembles tpm_emul_passthru.c. It implements init, deinit and ctrlcmd. I'm confused a bit because swtpm has two sockets, one for control one for data. Looking at tpm_emul_passthru.c I can see one fd is used for all commands. If I'm correct, TSS is used for data channel: https://github.com/stefanberger/swtpm/wiki/Using-the-IBM-TSS-with-swtpm#socket-interface. How come pass-through doesn't have ctrl/data channels? Regards, meka
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4cf9b819-2a41-8bc1-16a7-60a1eac04e28>