From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:37832) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T76rT-00068Q-HI for qemu-devel@nongnu.org; Thu, 30 Aug 2012 11:40:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T76rR-0008L7-PR for qemu-devel@nongnu.org; Thu, 30 Aug 2012 11:40:51 -0400 Received: from mail3.scytl.com ([217.111.179.100]:46387) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T76rR-0008Kh-Ba for qemu-devel@nongnu.org; Thu, 30 Aug 2012 11:40:49 -0400 Message-ID: <503F897F.4000306@scytl.com> Date: Thu, 30 Aug 2012 17:40:47 +0200 From: Jordi Cucurull Juan MIME-Version: 1.0 References: <50336381.8040009@scytl.com> <50368D0B.7060402@linux.vnet.ibm.com> <503E11AA.2010709@linux.vnet.ibm.com> <503F76F6.2030801@scytl.com> <503F7DD3.5080602@linux.vnet.ibm.com> In-Reply-To: <503F7DD3.5080602@linux.vnet.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] Is is possible to virtualise or share the TPM? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Berger Cc: yoder1@us.ibm.com, Corey Bryant , qemu-devel Do you refer to the patches that add TPM support to the SeaBIOS? If this is the case, this is just a completely virtual TPM without any link with the TPM of the physical machine, right? Jordi. On 08/30/2012 04:50 PM, Stefan Berger wrote: > On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote: >> Dear Stefan, >> >> What does it mean that the patches with the VTPM functionality exist >> but they are behind the regular ones? Does it mean that they are not >> currently updated? That they have less priority? > > It means that in my patch queue they are 'behind' the ones I posted > over the last few months. > > Stefan > > >> >> Best regards, >> Jordi. >> >> >> >> On 08/29/2012 02:57 PM, Stefan Berger wrote: >>> On 08/23/2012 04:05 PM, Corey Bryant wrote: >>>> >>>> >>>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote: >>>>> Dear all, >>>>> >>>>> After applying the TPM patches to QEMU, I was wondering if it is >>>>> possible to simultaneously use the TPM in more than one virtual >>>>> machine, >>>>> i.e. virtualisation of the TPM. >>>>> >>>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A. >>>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM: >>>>> Virtualizing the Trusted Platform Module" this seems to be >>>>> possible in >>>>> Xen. Is not possible in QEMU? >>>>> >>>>> Thanks! >>>>> Jordi. >>>>> >>>>> >>>> >>>> I don't think the pass-through driver supports use by multiple VMs. >>>> Stefan Berger should be able to answer better so I'm adding him to >>>> the thread. >>>> >>> >>> The pass-through driver cannot provide access for multiple VMs to >>> the single hardware TPM on the host. The usage model and the >>> statefulness of the TPM (SRK password, owner password, keys) >>> basically prevent/complicate this. The implementation for Xen was >>> indep. of the Qemu code base today and there we used a software >>> implementation of the TPM that provided a private TPm instance to >>> each VM. I have patches for this for Qemu but due to an IRC chat in >>> Sept. 2011 they are 'behind' the pass-through driver patches. >>> >>> Stefan >>> >> >> > > >