From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: yoder1@us.ibm.com, Jordi Cucurull Juan <jordi.cucurull@scytl.com>,
qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Is is possible to virtualise or share the TPM?
Date: Wed, 29 Aug 2012 08:57:14 -0400 [thread overview]
Message-ID: <503E11AA.2010709@linux.vnet.ibm.com> (raw)
In-Reply-To: <50368D0B.7060402@linux.vnet.ibm.com>
On 08/23/2012 04:05 PM, Corey Bryant wrote:
>
>
> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>> Dear all,
>>
>> After applying the TPM patches to QEMU, I was wondering if it is
>> possible to simultaneously use the TPM in more than one virtual machine,
>> i.e. virtualisation of the TPM.
>>
>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>> Virtualizing the Trusted Platform Module" this seems to be possible in
>> Xen. Is not possible in QEMU?
>>
>> Thanks!
>> Jordi.
>>
>>
>
> I don't think the pass-through driver supports use by multiple VMs.
> Stefan Berger should be able to answer better so I'm adding him to the
> thread.
>
The pass-through driver cannot provide access for multiple VMs to the
single hardware TPM on the host. The usage model and the statefulness of
the TPM (SRK password, owner password, keys) basically
prevent/complicate this. The implementation for Xen was indep. of the
Qemu code base today and there we used a software implementation of the
TPM that provided a private TPm instance to each VM. I have patches for
this for Qemu but due to an IRC chat in Sept. 2011 they are 'behind' the
pass-through driver patches.
Stefan
next prev parent reply other threads:[~2012-08-29 12:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-21 10:31 [Qemu-devel] Is is possible to virtualise or share the TPM? Jordi Cucurull Juan
2012-08-23 20:05 ` Corey Bryant
2012-08-29 12:57 ` Stefan Berger [this message]
2012-08-30 14:21 ` Jordi Cucurull Juan
2012-08-30 14:50 ` Stefan Berger
2012-08-30 15:40 ` Jordi Cucurull Juan
2012-08-30 16:17 ` Stefan Berger
2012-08-30 16:18 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=503E11AA.2010709@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=jordi.cucurull@scytl.com \
--cc=qemu-devel@nongnu.org \
--cc=yoder1@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).