Re: [Qemu-devel] [PATCH 0/5] Extend TPM support with a QEMU-external TPM

[Stefan Berger <stefanb@linux.vnet.ibm.com>]

On 04/16/2015 02:55 PM, Michael S. Tsirkin wrote:
> On Thu, Apr 16, 2015 at 03:35:06PM +0200, Igor Mammedov wrote:
>> On Wed, 15 Apr 2015 18:38:43 -0400
>> Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
>>
>>> The following series of patches extends TPM support with an
>>> external TPM that offers a Linux CUSE (character device in userspace)
>>> interface. This TPM lets each VM access its own private vTPM.
>>> The CUSE TPM supports suspend/resume and migration. Much
>>> out-of-band functionality necessary to control the CUSE TPM is
>>> implemented using ioctl's.
>>>
>>> The series extends the TPM support so far that most functionality of
>>> TPM support on a physical platform is now available to each x86 VM,
>>> this includes the Physical Presence Interface support that has
>>> its counter-part in the SeaBIOS and is implemented using ACPI.
>>>
>>> http://www.seabios.org/pipermail/seabios/2015-March/008978.html
>> is it already merged?
>>
>> Is it possible to use MMIO region instead of allocating tpm_ppi_anchor
>> and tpm_ppi in BIOS memory?
>> That would simplify BIOS part a bit and significantly simplify ACPI code
>> as most of it is dealing with figuring out address of tpm_ppi.
> Which (if it works) I guess brings us back to the idea of using
> a pci device with a bar where we can stick tpm+vm id+whatever?

Well, at least the current implementation works with these patches + 
CUSE TPM + patched SeaBIOS .

So the PCI bar does not get reset during a machine reboot and thus 
preserves values? I did not model the TPM TIS as a PCI device, since it 
typically is not such a device, but a LPC devices (close to ISA type of 
device).

If we wanted to achieve that this method also works on real hardware, 
with SeaBIOS running piggy-backed on coreboot, then we shouldn't assume 
a PCI device, since it won't be. Otherwise, what are we trying to 
achieve? Is the ACPI code the problem?

     Stefan