From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49647)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z7Giy-0002TT-T2
	for qemu-devel@nongnu.org; Tue, 23 Jun 2015 01:26:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z7Giu-0006xn-Cs
	for qemu-devel@nongnu.org; Tue, 23 Jun 2015 01:26:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:34757)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z7Giu-0006xh-6w
	for qemu-devel@nongnu.org; Tue, 23 Jun 2015 01:26:16 -0400
Date: Tue, 23 Jun 2015 07:26:13 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20150623052613.GA7860@redhat.com>
References: <1433762257-1752411-1-git-send-email-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1433762257-1752411-1-git-send-email-stefanb@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH v4 0/4] Extend TPM support with a
	QEMU-external TPM
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: stefanb@us.ibm.com, qemu-devel@nongnu.org, quan.xu@intel.com

On Mon, Jun 08, 2015 at 07:17:33AM -0400, Stefan Berger wrote:
> The following series of patches extends TPM support with an
> external TPM that offers a Linux CUSE (character device in userspace)
> interface. This TPM lets each VM access its own private vTPM.
> The CUSE TPM supports suspend/resume and migration. Much
> out-of-band functionality necessary to control the CUSE TPM is
> implemented using ioctls.

I was hoping this can get a wider discussion, but apparently no one
noticed this.

This needs some thought: how do we decide which ioctls we support?
It's easier with kernel since we know distros ship it, but
will they do so with this tpm? We do want to reuse system components
but we don't want random parts of QEMU delegated to a random
out of tree module.

Couldn't you re-use in-kernel interfaces for the CUSE module?
Then existing pass-through in QEMU would more or less just work with it -
merely open a different chardev.


> Stefan Berger (4):
>   Provide support for the CUSE TPM
>   Introduce condition to notify waiters of completed command
>   Introduce condition in TPM backend for notification
>   Add support for VM suspend/resume for TPM TIS
> 
>  hmp.c                        |   6 +
>  hw/tpm/tpm_int.h             |   4 +
>  hw/tpm/tpm_ioctl.h           | 209 ++++++++++++++++++++++
>  hw/tpm/tpm_passthrough.c     | 409 +++++++++++++++++++++++++++++++++++++++++--
>  hw/tpm/tpm_tis.c             | 151 +++++++++++++++-
>  hw/tpm/tpm_tis.h             |   2 +
>  hw/tpm/tpm_util.c            | 223 +++++++++++++++++++++++
>  hw/tpm/tpm_util.h            |   7 +
>  include/sysemu/tpm_backend.h |  12 ++
>  qapi-schema.json             |  18 +-
>  qemu-options.hx              |  21 ++-
>  qmp-commands.hx              |   2 +-
>  tpm.c                        |  11 +-
>  13 files changed, 1056 insertions(+), 19 deletions(-)
>  create mode 100644 hw/tpm/tpm_ioctl.h
> 
> -- 
> 1.9.3