From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Stefan Berger <stefanb@us.ibm.com>,
"mst@redhat.com" <mst@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"hagen.lauer@huawei.com" <hagen.lauer@huawei.com>,
"Xu, Quan" <quan.xu@intel.com>,
"silviu.vlasceanu@gmail.com" <silviu.vlasceanu@gmail.com>,
"SERBAN, CRISTINA" <cs1731@att.com>,
"SHIH, CHING C" <cs1815@att.com>
Subject: Re: [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM
Date: Thu, 16 Jun 2016 18:54:34 +0100 [thread overview]
Message-ID: <20160616175433.GC19710@work-vm> (raw)
In-Reply-To: <5762C739.7060806@linux.vnet.ibm.com>
* Stefan Berger (stefanb@linux.vnet.ibm.com) wrote:
> On 06/16/2016 11:22 AM, Dr. David Alan Gilbert wrote:
> > * Stefan Berger (stefanb@linux.vnet.ibm.com) wrote:
> > > On 06/16/2016 04:05 AM, Dr. David Alan Gilbert wrote:
> > > > * Stefan Berger (stefanb@linux.vnet.ibm.com) wrote:
> > > > > On 06/15/2016 03:30 PM, Dr. David Alan Gilbert wrote:
> > > > <snip>
> > > >
> > > > > > So what was the multi-instance vTPM proxy driver patch set about?
> > > > > That's for containers.
> > > > Why have the two mechanisms? Can you explain how the multi-instance
> > > > proxy works; my brief reading when I saw your patch series seemed
> > > > to suggest it could be used instead of CUSE for the non-container case.
> > > The multi-instance vtpm proxy driver basically works through usage of an
> > > ioctl() on /dev/vtpmx that is used to spawn a new front- and backend pair.
> > > The front-end is a new /dev/tpm%d device that then can be moved into the
> > > container (mknod + device cgroup setup). The backend is an anonymous file
> > > descriptor that is to be passed to a TPM emulator for reading TPM requests
> > > coming in from that /dev/tpm%d and returning responses to. Since it is
> > > implemented as a kernel driver, we can hook it into the Linux Integrity
> > > Measurement Architecture (IMA) and have it be used by IMA in place of a
> > > hardware TPM driver. There's ongoing work in the area of namespacing support
> > > for IMA to have an independent IMA instance per container so that this can
> > > be used.
> > >
> > > A TPM does not only have a data channel (/dev/tpm%d) but also a control
> > > channel, which is primarily implemented in its hardware interface and is
> > > typically not fully accessible to user space. The vtpm proxy driver _only_
> > > supports the data channel through which it basically relays TPM commands and
> > > responses from user space to the TPM emulator. The control channel is
> > > provided by the software emulator through an additional TCP or UnixIO socket
> > > or in case of CUSE through ioctls. The control channel allows to reset the
> > > TPM when the container/VM is being reset or set the locality of a command or
> > > retrieve the state of the vTPM (for suspend) and set the state of the vTPM
> > > (for resume) among several other things. The commands for the control
> > > channel are defined here:
> > >
> > > https://github.com/stefanberger/swtpm/blob/master/include/swtpm/tpm_ioctl.h
> > >
> > > For a container we would require that its management stack initializes and
> > > resets the vTPM when the container is rebooted. (These are typically
> > > operations that are done through pulses on the motherboard.)
> > >
> > > In case of QEMU we would need to have more access to the control channel,
> > > which includes initialization and reset of the vTPM, getting and setting its
> > > state for suspend/resume/migration, setting the locality of commands, etc.,
> > > so that all low-level functionality is accessible to the emulator (QEMU).
> > > The proxy driver does not help with this but we should use the swtpm
> > > implementation that either has that CUSE interface with control channel
> > > (through ioctls) or provides UnixIO and TCP sockets for the control channel.
> > OK, that makes sense; does the control interface need to be handled by QEMU
> > or by libvirt or both?
>
> The control interface needs to be handled primarily by QEMU.
>
> In case of the libvirt implementation I am running an external program
> swtpm_ioctl that uses the control channel to gracefully shut down any
> existing running TPM emulator whose device name happens to have the same
> name as the device of the TPM emulator that is to be created. So it cleans
> up before starting a new TPM emulator just to make sure that that new TPM
> instance can be started. Detail...
>
> > Either way, I think you're saying that with your kernel interface + a UnixIO
> > socket you can avoid the CUSE stuff?
>
> So in case of QEMU you don't need that new kernel device driver -- it's
> primarily meant for containers. For QEMU one would start the TPM emulator
> and make sure that QEMU has access to the data and control channels, which
> are now offered as
>
> - CUSE interface with ioctl
> - TCP + TCP
> - UnixIO + TCP
> - TCP + UnioIO
> - UnixIO + UnixIO
> - file descriptors passed from invoker
OK, I'm trying to remember back; I'll admit to not having
liked using CUSE, but didn't using TCP/Unix/fd for the actual TPM
side require a lot of code to add a qemu interface that wasn't
ioctl?
Doesn't using the kernel driver give you the benefit of both worlds,
i.e. the non-control side in QEMU is unchanged.
Dave
> Stefan
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2016-06-16 17:54 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-04 15:23 [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM Stefan Berger
2016-01-20 15:00 ` Daniel P. Berrange
2016-01-20 15:31 ` Stefan Berger
[not found] ` <201601201532.u0KFW2q2019737@d03av03.boulder.ibm.com>
2016-01-20 15:46 ` Daniel P. Berrange
2016-01-20 15:54 ` Stefan Berger
2016-01-20 16:03 ` Michael S. Tsirkin
2016-01-20 16:13 ` Stefan Berger
2016-01-20 16:22 ` Daniel P. Berrange
2016-01-21 11:36 ` Dr. David Alan Gilbert
2016-05-31 18:58 ` BICKFORD, JEFFREY E
2016-05-31 19:10 ` Dr. David Alan Gilbert
2016-06-01 22:54 ` BICKFORD, JEFFREY E
2016-06-13 10:56 ` Stefan Berger
2016-06-01 1:58 ` Xu, Quan
2016-06-13 11:02 ` Stefan Berger
2016-06-15 19:30 ` Dr. David Alan Gilbert
2016-06-15 20:54 ` Stefan Berger
2016-06-16 8:05 ` Dr. David Alan Gilbert
2016-06-16 8:25 ` Daniel P. Berrange
2016-06-16 15:20 ` Stefan Berger
2017-03-01 12:25 ` Stefan Berger
2017-03-01 12:54 ` Daniel P. Berrange
2017-03-01 13:25 ` Stefan Berger
2017-03-01 14:17 ` Marc-André Lureau
2017-03-01 14:50 ` Stefan Berger
2017-03-01 15:24 ` Marc-André Lureau
2017-03-01 15:58 ` Stefan Berger
2017-03-01 16:22 ` Michael S. Tsirkin
2017-03-01 16:31 ` Daniel P. Berrange
2017-03-01 16:57 ` Dr. David Alan Gilbert
2017-03-01 17:02 ` Michael S. Tsirkin
2017-03-01 17:12 ` Stefan Berger
2017-03-01 17:16 ` Michael S. Tsirkin
2017-03-01 17:20 ` Daniel P. Berrange
2017-03-01 18:03 ` Michael S. Tsirkin
2017-03-01 17:25 ` Stefan Berger
2017-03-01 17:38 ` Daniel P. Berrange
2017-03-01 17:58 ` Michael S. Tsirkin
2017-03-01 18:06 ` Dr. David Alan Gilbert
2017-03-01 18:09 ` Michael S. Tsirkin
2017-03-01 18:18 ` Dr. David Alan Gilbert
2017-03-01 18:30 ` Michael S. Tsirkin
2017-03-01 19:24 ` Stefan Berger
2017-03-01 23:36 ` Michael S. Tsirkin
2017-03-01 23:42 ` Michael S. Tsirkin
2017-03-01 18:11 ` Daniel P. Berrange
2017-03-01 18:20 ` Michael S. Tsirkin
2017-03-01 18:32 ` Marc-André Lureau
2017-03-01 18:56 ` Daniel P. Berrange
2017-03-01 19:18 ` Marc-André Lureau
2017-03-01 22:22 ` Michael S. Tsirkin
2017-03-01 17:36 ` Daniel P. Berrange
2017-03-01 15:18 ` Daniel P. Berrange
2017-03-01 15:40 ` Stefan Berger
2017-03-01 16:13 ` Daniel P. Berrange
2016-06-16 13:58 ` SERBAN, CRISTINA
2016-06-16 15:04 ` Stefan Berger
2016-06-16 15:22 ` Dr. David Alan Gilbert
2016-06-16 15:35 ` Stefan Berger
2016-06-16 17:54 ` Dr. David Alan Gilbert [this message]
2016-06-16 18:43 ` Stefan Berger
2016-06-16 19:24 ` Dr. David Alan Gilbert
2016-06-16 21:28 ` Stefan Berger
2017-02-28 18:31 ` Marc-André Lureau
2017-03-01 12:32 ` Stefan Berger
2016-01-28 13:15 ` Daniel P. Berrange
2016-01-28 14:51 ` Stefan Berger
2016-01-20 15:20 ` Michael S. Tsirkin
2016-01-20 15:36 ` Stefan Berger
[not found] ` <201601201536.u0KFanwG004844@d01av04.pok.ibm.com>
2016-01-20 15:58 ` Michael S. Tsirkin
2016-01-20 16:06 ` Stefan Berger
2016-01-20 18:54 ` Michael S. Tsirkin
2016-01-20 21:25 ` Stefan Berger
2016-01-21 5:08 ` Michael S. Tsirkin
2016-01-21 5:41 ` Xu, Quan
2016-01-21 9:19 ` Michael S. Tsirkin
2016-01-21 12:09 ` Stefan Berger
2016-01-20 16:15 ` Daniel P. Berrange
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 2/4] Introduce condition to notify waiters of completed command Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 3/4] Introduce condition in TPM backend for notification Stefan Berger
2016-01-04 15:23 ` [Qemu-devel] [PATCH v5 4/4] Add support for VM suspend/resume for TPM TIS Stefan Berger
2016-01-05 1:26 ` [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM Xu, Quan
2016-01-05 3:36 ` Stefan Berger
2016-01-20 1:40 ` Xu, Quan
2016-01-20 9:23 ` Hagen Lauer
2016-01-20 9:41 ` Xu, Quan
2016-01-20 14:58 ` Daniel P. Berrange
2016-01-20 15:23 ` Stefan Berger
[not found] ` <201601201523.u0KFNwOH000398@d01av04.pok.ibm.com>
2016-01-20 15:42 ` Daniel P. Berrange
2016-01-20 19:51 ` Stefan Berger
[not found] ` <OF1010A111.39918A93-ON00257F40.006CA5ED-85257F40.006D2225@LocalDomain>
2016-01-20 20:16 ` Stefan Berger
2016-01-21 11:40 ` Dr. David Alan Gilbert
2016-01-21 12:31 ` Stefan Berger
[not found] ` <201601211231.u0LCVGCZ021111@d01av01.pok.ibm.com>
2016-01-21 14:53 ` Dr. David Alan Gilbert
[not found] ` <OF7ED031CA.CDD3196F-ON00257F41.004305BB-85257F41.0044C71A@LocalDomain>
2016-02-01 17:40 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160616175433.GC19710@work-vm \
--to=dgilbert@redhat.com \
--cc=cs1731@att.com \
--cc=cs1815@att.com \
--cc=hagen.lauer@huawei.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quan.xu@intel.com \
--cc=silviu.vlasceanu@gmail.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=stefanb@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).