From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51810) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aLv6D-0001T1-RE for qemu-devel@nongnu.org; Wed, 20 Jan 2016 10:55:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aLv68-00087p-QR for qemu-devel@nongnu.org; Wed, 20 Jan 2016 10:55:09 -0500 Received: from e18.ny.us.ibm.com ([129.33.205.208]:38670) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aLv68-00087c-LV for qemu-devel@nongnu.org; Wed, 20 Jan 2016 10:55:04 -0500 Received: from localhost by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 20 Jan 2016 10:55:02 -0500 Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 3D8DC6E8048 for ; Wed, 20 Jan 2016 10:41:51 -0500 (EST) Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u0KFswJV31326280 for ; Wed, 20 Jan 2016 15:54:58 GMT Received: from d01av04.pok.ibm.com (localhost [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u0KFsvYG031609 for ; Wed, 20 Jan 2016 10:54:57 -0500 References: <1451921002-8263-1-git-send-email-stefanb@us.ibm.com> <1451921002-8263-2-git-send-email-stefanb@us.ibm.com> <20160120150041.GC13215@redhat.com> <201601201532.u0KFW2q2019737@d03av03.boulder.ibm.com> <20160120154657.GF13215@redhat.com> From: Stefan Berger Message-ID: <569FADC7.7060301@linux.vnet.ibm.com> Date: Wed, 20 Jan 2016 10:54:47 -0500 MIME-Version: 1.0 In-Reply-To: <20160120154657.GF13215@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , Stefan Berger Cc: mst@redhat.com, qemu-devel@nongnu.org, jb613w@att.com, quan.xu@intel.com, silviu.vlasceanu@gmail.com, hagen.lauer@huawei.com On 01/20/2016 10:46 AM, Daniel P. Berrange wrote: > On Wed, Jan 20, 2016 at 10:31:56AM -0500, Stefan Berger wrote: >> "Daniel P. Berrange" wrote on 01/20/2016 10:00:41 >> AM: >> >> >>> process at all - it would make sense if there was a single >>> swtpm_cuse shared across all QEMU's, but if there's one per >>> QEMU device, it feels like it'd be much simpler to just have >>> the functionality linked in QEMU. That avoids the problem >> I tried having it linked in QEMU before. It was basically rejected. > I remember an impl you did many years(?) ago now, but don't recall > the results of the discussion. Can you elaborate on why it was > rejected as an approach ? It just doesn't make much sense to me > to have to create an external daemon, a CUSE device and comms > protocol, simply to be able to read/write a plain file containing > the TPM state. Its massive over engineering IMHO and adding way > more complexity and thus scope for failure The TPM 1.2 implementation adds 10s of thousands of lines of code. The TPM 2 implementation is in the same range. The concern was having this code right in the QEMU address space. It's big, it can have bugs, so we don't want it to harm QEMU. So we now put this into an external process implemented by the swtpm project that builds on libtpms which provides TPM 1.2 functionality (to be extended with TPM 2). We cannot call APIs of libtpms directly anymore, so we need a control channel, which is implemented through ioctls on the CUSE device. Stefan > > > Regards, > Daniel