From: "Michael S. Tsirkin" <mst@redhat.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Stefan Berger <stefanb@us.ibm.com>,
qemu-devel@nongnu.org, jb613w@att.com, quan.xu@intel.com,
silviu.vlasceanu@gmail.com, hagen.lauer@huawei.com
Subject: Re: [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM
Date: Thu, 21 Jan 2016 07:08:20 +0200 [thread overview]
Message-ID: <20160121002441-mutt-send-email-mst@redhat.com> (raw)
In-Reply-To: <569FFB3B.7090600@linux.vnet.ibm.com>
On Wed, Jan 20, 2016 at 04:25:15PM -0500, Stefan Berger wrote:
> On 01/20/2016 01:54 PM, Michael S. Tsirkin wrote:
> >On Wed, Jan 20, 2016 at 11:06:45AM -0500, Stefan Berger wrote:
> >>"Michael S. Tsirkin" <mst@redhat.com> wrote on 01/20/2016 10:58:02 AM:
> >>
> >>>From: "Michael S. Tsirkin" <mst@redhat.com>
> >>>On Wed, Jan 20, 2016 at 10:36:41AM -0500, Stefan Berger wrote:
> >>>>"Michael S. Tsirkin" <mst@redhat.com> wrote on 01/20/2016 10:20:58 AM:
> >>>>
> >>>>>From: "Michael S. Tsirkin" <mst@redhat.com>
> >>>>>>The CUSE TPM and associated tools can be found here:
> >>>>>>
> >>>>>>https://github.com/stefanberger/swtpm
> >>>>>>
> >>>>>>(please use the latest version)
> >>>>>>
> >>>>>>To use the external CUSE TPM, the CUSE TPM should be started as
> >>follows:
> >>>>>># terminate previously started CUSE TPM
> >>>>>>/usr/bin/swtpm_ioctl -s /dev/vtpm-test
> >>>>>>
> >>>>>># start CUSE TPM
> >>>>>>/usr/bin/swtpm_cuse -n vtpm-test
> >>>>>>
> >>>>>>QEMU can then be started using the following parameters:
> >>>>>>
> >>>>>>qemu-system-x86_64 \
> >>>>>> [...] \
> >>>>>> -tpmdev cuse-tpm,id=tpm0,cancel-path=/dev/null,path=/
> >>>dev/vtpm-test
> >>>>\
> >>>>>> -device tpm-tis,id=tpm0,tpmdev=tpm0 \
> >>>>>> [...]
> >>>>>>
> >>>>>>
> >>>>>>Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> >>>>>>Cc: Eric Blake <eblake@redhat.com>
> >>>>>Before we add a dependency on this interface,
> >>>>>I'd rather see this interface supported in kernel
> >>>>>and not just in CUSE.
> >>>>For using the single hardware TPM, we have the passthrough type.
> >>>It's usage is
> >>>>limited.
> >>>>
> >>>>CUSE extends the TPM character device interface with ioctl's. Behind the
> >>>>character device we can implement a TPM 1.2 and a TPM 2. Both TPM
> >>>>implementations require large amounts of code, which I don't thinkshould go
> >>>>into the Linux kernel itself. So I don't know who would implement this
> >>>>interface inside the Linux kernel.
> >>>>
> >>>> Stefan
> >>>>
> >>>BTW I'm not talking about the code - I'm talking about the interfaces here.
> >>>
> >>>One way would be to add support for these interface support in the kernel.
> >>>
> >>>Maybe others can be replaced with QMP events so management
> >>>can take the necessary action.
> >>>
> >>>As long as this is not the case, I suspect this code will have to stay
> >>>out of tree :( We can't depend on interfaces provided solely by cuse
> >>>devices on github.
> >>Why is that? I know that the existing ioctls cannot be modified anymore once
> >>QEMU accepts the code. So I don't understand it. Some of the ioctls are only
> >>useful when emulating a hardware device,
> >Maybe they can be replaced with QMP events?
> >These could be emitted unconditionally, and ignored
> >by management in passthrough case.
> >
> >>so there's no need for them in a
> >>kernel interface unless one was to put the vTPM code into the Linux kernel, but
> >>I don't see that this is happening. What is better about a kernel interface
> >>versus one implemented by a project on github assuming that the existing ioctls
> >>are stable? What is the real reason here?
> >>
> >> Stefan
> >>
> >That someone went to the trouble of reviewing the interface for
> >long-term maintainability, portability etc. That it obeys some existing
> >standards for API use, coding style etc and will continue to.
>
> The same applies to the libtpms and swtpm projects as well, I suppose. If
> someone wants to join them, let me know.
>
> As stated, we will keep the existing ioctl stables once integrated but will
> adapt where necessary before that.
> >
> >In other words, kernel is already a dependency for QEMU.
>
> I don't see vTPM going into the kernel, at least I don't know of anyone
> trying to do that.
>
> Stefan
>
Well that was just one idea, it's up to you guys.
But while modular multi-process QEMU for security
might happen in future, I don't see us doing this
by moving large parts of QEMU into cuse devices,
and talking to these through ioctls.
> >>>
> >>>
> >>>--
> >>>MST
> >>>
next prev parent reply other threads:[~2016-01-21 5:08 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-04 15:23 [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM Stefan Berger
2016-01-20 15:00 ` Daniel P. Berrange
2016-01-20 15:31 ` Stefan Berger
[not found] ` <201601201532.u0KFW2q2019737@d03av03.boulder.ibm.com>
2016-01-20 15:46 ` Daniel P. Berrange
2016-01-20 15:54 ` Stefan Berger
2016-01-20 16:03 ` Michael S. Tsirkin
2016-01-20 16:13 ` Stefan Berger
2016-01-20 16:22 ` Daniel P. Berrange
2016-01-21 11:36 ` Dr. David Alan Gilbert
2016-05-31 18:58 ` BICKFORD, JEFFREY E
2016-05-31 19:10 ` Dr. David Alan Gilbert
2016-06-01 22:54 ` BICKFORD, JEFFREY E
2016-06-13 10:56 ` Stefan Berger
2016-06-01 1:58 ` Xu, Quan
2016-06-13 11:02 ` Stefan Berger
2016-06-15 19:30 ` Dr. David Alan Gilbert
2016-06-15 20:54 ` Stefan Berger
2016-06-16 8:05 ` Dr. David Alan Gilbert
2016-06-16 8:25 ` Daniel P. Berrange
2016-06-16 15:20 ` Stefan Berger
2017-03-01 12:25 ` Stefan Berger
2017-03-01 12:54 ` Daniel P. Berrange
2017-03-01 13:25 ` Stefan Berger
2017-03-01 14:17 ` Marc-André Lureau
2017-03-01 14:50 ` Stefan Berger
2017-03-01 15:24 ` Marc-André Lureau
2017-03-01 15:58 ` Stefan Berger
2017-03-01 16:22 ` Michael S. Tsirkin
2017-03-01 16:31 ` Daniel P. Berrange
2017-03-01 16:57 ` Dr. David Alan Gilbert
2017-03-01 17:02 ` Michael S. Tsirkin
2017-03-01 17:12 ` Stefan Berger
2017-03-01 17:16 ` Michael S. Tsirkin
2017-03-01 17:20 ` Daniel P. Berrange
2017-03-01 18:03 ` Michael S. Tsirkin
2017-03-01 17:25 ` Stefan Berger
2017-03-01 17:38 ` Daniel P. Berrange
2017-03-01 17:58 ` Michael S. Tsirkin
2017-03-01 18:06 ` Dr. David Alan Gilbert
2017-03-01 18:09 ` Michael S. Tsirkin
2017-03-01 18:18 ` Dr. David Alan Gilbert
2017-03-01 18:30 ` Michael S. Tsirkin
2017-03-01 19:24 ` Stefan Berger
2017-03-01 23:36 ` Michael S. Tsirkin
2017-03-01 23:42 ` Michael S. Tsirkin
2017-03-01 18:11 ` Daniel P. Berrange
2017-03-01 18:20 ` Michael S. Tsirkin
2017-03-01 18:32 ` Marc-André Lureau
2017-03-01 18:56 ` Daniel P. Berrange
2017-03-01 19:18 ` Marc-André Lureau
2017-03-01 22:22 ` Michael S. Tsirkin
2017-03-01 17:36 ` Daniel P. Berrange
2017-03-01 15:18 ` Daniel P. Berrange
2017-03-01 15:40 ` Stefan Berger
2017-03-01 16:13 ` Daniel P. Berrange
2016-06-16 13:58 ` SERBAN, CRISTINA
2016-06-16 15:04 ` Stefan Berger
2016-06-16 15:22 ` Dr. David Alan Gilbert
2016-06-16 15:35 ` Stefan Berger
2016-06-16 17:54 ` Dr. David Alan Gilbert
2016-06-16 18:43 ` Stefan Berger
2016-06-16 19:24 ` Dr. David Alan Gilbert
2016-06-16 21:28 ` Stefan Berger
2017-02-28 18:31 ` Marc-André Lureau
2017-03-01 12:32 ` Stefan Berger
2016-01-28 13:15 ` Daniel P. Berrange
2016-01-28 14:51 ` Stefan Berger
2016-01-20 15:20 ` Michael S. Tsirkin
2016-01-20 15:36 ` Stefan Berger
[not found] ` <201601201536.u0KFanwG004844@d01av04.pok.ibm.com>
2016-01-20 15:58 ` Michael S. Tsirkin
2016-01-20 16:06 ` Stefan Berger
2016-01-20 18:54 ` Michael S. Tsirkin
2016-01-20 21:25 ` Stefan Berger
2016-01-21 5:08 ` Michael S. Tsirkin [this message]
2016-01-21 5:41 ` Xu, Quan
2016-01-21 9:19 ` Michael S. Tsirkin
2016-01-21 12:09 ` Stefan Berger
2016-01-20 16:15 ` Daniel P. Berrange
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 2/4] Introduce condition to notify waiters of completed command Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 3/4] Introduce condition in TPM backend for notification Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 4/4] Add support for VM suspend/resume for TPM TIS Stefan Berger
2016-01-05 1:26 ` [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM Xu, Quan
2016-01-05 3:36 ` Stefan Berger
2016-01-20 1:40 ` Xu, Quan
2016-01-20 9:23 ` Hagen Lauer
2016-01-20 9:41 ` Xu, Quan
2016-01-20 14:58 ` Daniel P. Berrange
2016-01-20 15:23 ` Stefan Berger
[not found] ` <201601201523.u0KFNwOH000398@d01av04.pok.ibm.com>
2016-01-20 15:42 ` Daniel P. Berrange
2016-01-20 19:51 ` Stefan Berger
[not found] ` <OF1010A111.39918A93-ON00257F40.006CA5ED-85257F40.006D2225@LocalDomain>
2016-01-20 20:16 ` Stefan Berger
2016-01-21 11:40 ` Dr. David Alan Gilbert
2016-01-21 12:31 ` Stefan Berger
[not found] ` <201601211231.u0LCVGCZ021111@d01av01.pok.ibm.com>
2016-01-21 14:53 ` Dr. David Alan Gilbert
[not found] ` <OF7ED031CA.CDD3196F-ON00257F41.004305BB-85257F41.0044C71A@LocalDomain>
2016-02-01 17:40 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160121002441-mutt-send-email-mst@redhat.com \
--to=mst@redhat.com \
--cc=hagen.lauer@huawei.com \
--cc=jb613w@att.com \
--cc=qemu-devel@nongnu.org \
--cc=quan.xu@intel.com \
--cc=silviu.vlasceanu@gmail.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=stefanb@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.