From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:55342)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1RaSkk-0002y0-2q
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 08:50:42 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1RaSki-0003Jl-ON
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 08:50:42 -0500
Received: from mx1.redhat.com ([209.132.183.28]:24699)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1RaSki-0003JU-Hd
	for qemu-devel@nongnu.org; Tue, 13 Dec 2011 08:50:40 -0500
Date: Tue, 13 Dec 2011 15:51:35 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20111213135135.GC13107@redhat.com>
References: <1323717136-21661-1-git-send-email-stefanb@linux.vnet.ibm.com>
	<4EE68DFF.6050908@codemonkey.ws>
	<4EE6987F.1000100@linux.vnet.ibm.com>
	<201112130451.44284.paul@codesourcery.com>
	<4EE74A45.8000306@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4EE74A45.8000306@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH V13 6/7] Introduce --enable-tpm-passthrough
 configure option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: andreas.niederl@iaik.tugraz.at, Paul Brook <paul@codesourcery.com>, qemu-devel@nongnu.org

On Tue, Dec 13, 2011 at 07:51:17AM -0500, Stefan Berger wrote:
> On 12/12/2011 11:51 PM, Paul Brook wrote:
> >>>>+tpm_passthrough="no"
> >>>Same as before, please probe for existence.
> >>We would be probing for /dev/tpm0. Is that really what we want that this
> >>driver only gets compiled if /dev/tpm0 is (currently) available?
> >If what you say is true then this code should always be enabled.
> >
> Michael Tsirkin previously requested that there be an option for the
> TPM passthrough driver to be selectively enabled since at least
> using /dev/tpm0 may not be what everybody wants. The passthrough
> driver at some point will also be able to use sockets to communicate
> with a TPM when a file descriptor is passed to Qemu, so maybe that
> changes then?
> 
> 
>    Stefan

The passthrough as it is, is pretty easy to misuse.
This is a hardware problem, not software, and
I don't think it's fixable.

So I do not think all downstreams will want to support this
mode, making it easy to disable this is IMO important.

-- 
MST