Date: Fri, 11 Aug 2023 09:06:05 +0200 From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org> To: Goran =?iso-8859-2?Q?Meki=E6?= <meka@tilda.center>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? Message-ID: <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> In-Reply-To: <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-gyC+CqPwAv19MqzDm2BC Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2023-08-10 at 16:41 +0200, Goran Meki=C4=87 wrote: > =C2=A0 > On 8/7/23 10:04, Corvin K=C3=B6hne wrote: > =C2=A0 > =C2=A0 > > =C2=A0=C2=A0=C2=A0 > > Hi, > > =C2=A0 > >=20 > > =C2=A0 > > =C2=A0 > > afaik, qemu is making use of the swtpm project too. So, it'd great > > to implement it in bhyve. > > =C2=A0 > >=20 > > =C2=A0 > > =C2=A0 > > My TPM passthrough emulation is currently under review. > > See=C2=A0https://reviews.freebsd.org/D32961. > > =C2=A0 > >=20 > > =C2=A0 > > =C2=A0 > > I designed it to easily integrate a swtpm in the future. You =C2=A0just > > have to implement a new tpm backend by adding a new TPM_EMUL_SET. > > =C2=A0 > > Take a look at the tpm_emul_passthru.c file. > > =C2=A0 > >=20 > > =C2=A0 > > =C2=A0 > > Btw: We may have to add additional functions to the TPM_EMUL_SET > > like a "startup_tpm" function. > > See=C2=A0https://elixir.bootlin.com/qemu/latest/source/include/sysemu/t= p > > m_backend.h#L52 > > =C2=A0 > =C2=A0 > Hello, > =C2=A0 > I was looking at tpm_emul_passthru.c and I've seen it uses open(2) > and write(2) for initialization and command execution. From before > (https://youtu.be/5wDs1K5ppbQ?t=3D940) I know you planned on adding tpm > pass-through, which I think was just merged. There are still two open reviews required for tpm passthrough to work properly: https://reviews.freebsd.org/D40462 https://reviews.freebsd.org/D32961 > Anyway, if pass-through uses open and write, can it be used together > with swtpm, maybe? I can successfully run the following command: > =C2=A0 > swtpm socket --tpmstate dir=3D/tmp/mytpm1 --ctrl > type=3Dunixio,path=3D/tmp/mytpm1/swtpm-sock --tpm2 --log level=3D20 > =C2=A0 > I can see /tmp/mytpm/swtpm-sock but I don't know how to try to use it > with pass-through. > =C2=A0 I don't think that this will work because the swtpm has to be initialized before using while the passthrough device doesn't. So, it's not implemented in bhyve yet. See https://elixir.bootlin.com/qemu/latest/source/backends/tpm/tpm_emulator.c#L= 417 https://elixir.bootlin.com/qemu/latest/source/hw/tpm/tpm_crb.c#L279 > Regards, > =C2=A0meka --=20 Kind regards, Corvin --=-gyC+CqPwAv19MqzDm2BC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmTV3d0ACgkQ2FTaVjFe AmoJGg/8CEwZS/yuNU+5tEaNE+GzAyP5lKWBgYOcLjX4bckSkKTBu8jJk+CYuSwh Np0BG/5cCkbckULSBzvTNMVbH/+hzQDqMnUv8K9zmHlwYTID6YDKjaaqPrVwIuiG hwcm18NsiogYPAhoW3GaviqBggG8i0QvQBa3lDKAO5vgZRaOuQOj6z7BH7C169VR rqhUoEVf51XuBcZye++wt+cj5dgHwguss6rKLAvveoQGk8WU2xjJQ3UjEekYMLtm xXiHn5Xwa1whvy0Np1cediJiNn9LgkTObO3SJ479LO2G8wVbSM6I7Z7ZYtM6u0T6 33KREn4iNlhKJs1gbzJ1BMvdfD/ERuLCXEP0VN9OeTT84PpV7AOr99pBokKdDoFX dL499b9/D59FGwudL9vYYOJdDlQU/oW9fPJNmKgeqo3iGYOtJOl/R2GolnsUBrdm 1RDb49i2otDZEUSqf+qBrqwVDkqdkBLhDtNIaor1vr4P2PZOTuDsBt+5EenGCJ3D Pdk8GgmO8zSBODmRuZoNpj649XJvnVT+v1MUsGj++39biC8glrWswQ84ftRlDO6R 5Te5v81tg9MEcI61XeYnaJmB0qjI9LnNDUmKldLkWX1bSDpAHC8o3yKqWbddzQFq /B4akROaBJ8zYJv954fsBItyp8tbmu9H7frSMGOSgZrq4jfS0Kg= =K4+x -----END PGP SIGNATURE----- --=-gyC+CqPwAv19MqzDm2BC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel>