From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:55454)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1RaWMe-0003xm-Ui
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 12:42:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1RaWMa-0001hY-HE
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 12:42:04 -0500
Received: from mail-yw0-f45.google.com ([209.85.213.45]:55524)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1RaWMa-0001hU-88
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 12:42:00 -0500
Received: by yhgg71 with SMTP id g71so687282yhg.4
	for <qemu-devel@nongnu.org>; Tue, 13 Dec 2011 09:41:59 -0800 (PST)
Message-ID: <4EE78E64.2080807@codemonkey.ws>
Date: Tue, 13 Dec 2011 11:41:56 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <1323717136-21661-1-git-send-email-stefanb@linux.vnet.ibm.com>	<4EE68DFF.6050908@codemonkey.ws>	<4EE6987F.1000100@linux.vnet.ibm.com>	<201112130451.44284.paul@codesourcery.com>	<4EE74A45.8000306@linux.vnet.ibm.com>
	<20111213135135.GC13107@redhat.com>
In-Reply-To: <20111213135135.GC13107@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH V13 6/7] Introduce --enable-tpm-passthrough
 configure option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: qemu-devel@nongnu.org, Paul Brook <paul@codesourcery.com>, andreas.niederl@iaik.tugraz.at, Stefan Berger <stefanb@linux.vnet.ibm.com>

On 12/13/2011 07:51 AM, Michael S. Tsirkin wrote:
> On Tue, Dec 13, 2011 at 07:51:17AM -0500, Stefan Berger wrote:
>> On 12/12/2011 11:51 PM, Paul Brook wrote:
>>>>>> +tpm_passthrough="no"
>>>>> Same as before, please probe for existence.
>>>> We would be probing for /dev/tpm0. Is that really what we want that this
>>>> driver only gets compiled if /dev/tpm0 is (currently) available?
>>> If what you say is true then this code should always be enabled.
>>>
>> Michael Tsirkin previously requested that there be an option for the
>> TPM passthrough driver to be selectively enabled since at least
>> using /dev/tpm0 may not be what everybody wants. The passthrough
>> driver at some point will also be able to use sockets to communicate
>> with a TPM when a file descriptor is passed to Qemu, so maybe that
>> changes then?
>>
>>
>>     Stefan
>
> The passthrough as it is, is pretty easy to misuse.
> This is a hardware problem, not software, and
> I don't think it's fixable.

Can you elaborate?  And can this be documented such that users are aware of this.

Regards,

Anthony Liguori

>
> So I do not think all downstreams will want to support this
> mode, making it easy to disable this is IMO important.
>