From: James Bottomley <jejb@linux.ibm.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Stuart Yoder <stuart.yoder@arm.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: "amd-sev-snp@lists.suse.com" <amd-sev-snp@lists.suse.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: SVSM vTPM specification
Date: Sun, 16 Oct 2022 12:44:34 -0400 [thread overview]
Message-ID: <fb7d5aa64187daff6e61cdcfe7084a5eef7e0153.camel@linux.ibm.com> (raw)
In-Reply-To: <485fd3eb-5547-6688-cb6f-007c0c08af2c@apertussolutions.com>
On Sun, 2022-10-16 at 12:29 -0400, Daniel P. Smith wrote:
> If enlightened guest/driver is acceptable, then why not adopt the
> pv-vTPM protocol, Xen's vTPM driver, for which there is already a
> driver present in the kernel, was designed for deep attestation, and
> does not inhibit/block features such as locality?
Erm, because it requires the Xen bus for discovery and communication
... the KVM people might not be so keen on adding that. The other
problem, even if we were to write a virtio equivalent (which KVM
doesn't have today because it relies on TIS or CRB emulations), is that
for all these virtual drivers, the back endpoint is in the host and we
want to terminate it in the SVSM, which is the guest.
To be clear, the current KVM drivers do emulate localites, it's just
that they're unused by the OS and Firmware. If you look at the TPM
emulators themselves, they have the concept of locality, but when they
need it, they indirect via an additional platform call (in the ms-tpm,
which the current IBM prototype uses, it's a stubbed call to
__plat__LocalityGet/Set) ... the locality isn't provided as part of the
main TPM command processor, which is why we don't need to worry about
it in the initial prototype. That means if anyone ever does figure out
how to do dynamic launch for virtual machines, and requires localities,
we can simply add handlers for the stub routines.
James
next prev parent reply other threads:[~2022-10-16 16:44 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 16:38 SVSM vTPM specification Tom Lendacky
2022-10-12 17:33 ` Dr. David Alan Gilbert
2022-10-12 18:44 ` James Bottomley
2022-10-13 15:14 ` Tom Lendacky
2022-10-13 15:29 ` Daniele Buono
2022-10-13 15:30 ` James Bottomley
2022-10-18 20:22 ` Dov Murik
2022-10-19 5:47 ` Christophe de Dinechin
2022-10-19 6:39 ` Dov Murik
2022-10-19 8:08 ` Daniel P. Berrangé
2022-10-19 12:09 ` Christophe de Dinechin
2022-10-19 12:38 ` James Bottomley
2022-10-19 13:05 ` Daniel P. Berrangé
2022-10-19 14:43 ` Tom Lendacky
2022-10-19 15:20 ` James Bottomley
2022-10-19 21:58 ` Tom Lendacky
2022-10-19 20:57 ` Dov Murik
2022-10-19 22:04 ` Tom Lendacky
2022-10-19 22:14 ` Dionna Amalie Glaze
2022-10-19 23:38 ` James Bottomley
2022-10-19 22:36 ` [EXTERNAL] " David Altobelli
[not found] ` <CABayD+cYCj=uOtC5h1d781jh_B6XqxmZNfR69taEex7yvkizRw@mail.gmail.com>
[not found] ` <SJ0PR21MB132378C080FFED1E283B4051E92A9@SJ0PR21MB1323.namprd21.prod.outlook.com>
2022-10-20 20:29 ` James Bottomley
2022-10-21 0:02 ` [EXTERNAL] " Jon Lange
2022-10-21 13:04 ` James Bottomley
2022-10-21 16:31 ` [EXTERNAL] " Jon Lange
2022-10-22 3:20 ` James Bottomley
2022-10-24 4:51 ` [EXTERNAL] " Jon Lange
2022-10-24 10:59 ` Dr. David Alan Gilbert
2022-10-24 11:45 ` Dov Murik
2022-10-24 19:02 ` Tom Lendacky
2022-10-24 19:18 ` Dionna Amalie Glaze
2022-10-25 8:51 ` Dov Murik
2022-10-25 9:43 ` Christophe de Dinechin
2022-10-25 14:08 ` Tom Lendacky
2022-10-25 14:13 ` James Bottomley
2022-10-29 0:25 ` Steve Rutherford
2022-10-29 13:27 ` James Bottomley
2022-10-19 11:21 ` Dr. David Alan Gilbert
2022-10-19 11:45 ` James Bottomley
2022-10-12 19:05 ` James Bottomley
2022-10-13 18:54 ` Tom Lendacky
2022-10-13 19:20 ` James Bottomley
2022-10-13 20:54 ` Daniel P. Smith
2022-10-13 21:06 ` James Bottomley
2022-10-13 21:14 ` Daniel P. Smith
2022-10-13 21:41 ` James Bottomley
2022-10-14 17:16 ` Stuart Yoder
2022-10-14 21:46 ` Tom Lendacky
2022-10-16 16:29 ` Daniel P. Smith
2022-10-16 16:44 ` James Bottomley [this message]
2022-10-21 11:54 ` Daniel P. Smith
2022-10-21 12:31 ` James Bottomley
2022-10-18 20:45 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb7d5aa64187daff6e61cdcfe7084a5eef7e0153.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgilbert@redhat.com \
--cc=dpsmith@apertussolutions.com \
--cc=linux-coco@lists.linux.dev \
--cc=stuart.yoder@arm.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).