[Qemu-devel] Is is possible to virtualise or share the TPM?

[Qemu-devel] Is is possible to virtualise or share the TPM?

[Jordi Cucurull Juan]

Dear all,

After applying the TPM patches to QEMU, I was wondering if it is 
possible to simultaneously use the TPM in more than one virtual machine, 
i.e. virtualisation of the TPM.

According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A. 
Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM: 
Virtualizing the Trusted Platform Module" this seems to be possible in 
Xen. Is not possible in QEMU?

Thanks!
Jordi.

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Corey Bryant]

On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
> Dear all,
>
> After applying the TPM patches to QEMU, I was wondering if it is
> possible to simultaneously use the TPM in more than one virtual machine,
> i.e. virtualisation of the TPM.
>
> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
> Virtualizing the Trusted Platform Module" this seems to be possible in
> Xen. Is not possible in QEMU?
>
> Thanks!
> Jordi.
>
>

I don't think the pass-through driver supports use by multiple VMs. 
Stefan Berger should be able to answer better so I'm adding him to the 
thread.

-- 
Regards,
Corey

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Stefan Berger]

On 08/23/2012 04:05 PM, Corey Bryant wrote:
>
>
> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>> Dear all,
>>
>> After applying the TPM patches to QEMU, I was wondering if it is
>> possible to simultaneously use the TPM in more than one virtual machine,
>> i.e. virtualisation of the TPM.
>>
>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>> Virtualizing the Trusted Platform Module" this seems to be possible in
>> Xen. Is not possible in QEMU?
>>
>> Thanks!
>> Jordi.
>>
>>
>
> I don't think the pass-through driver supports use by multiple VMs. 
> Stefan Berger should be able to answer better so I'm adding him to the 
> thread.
>

The pass-through driver cannot provide access for multiple VMs to the 
single hardware TPM on the host. The usage model and the statefulness of 
the TPM (SRK password, owner password, keys) basically 
prevent/complicate this. The implementation for Xen was indep. of the 
Qemu code base today and there we used a software implementation of the 
TPM that provided a private TPm instance to each VM. I have patches for 
this for Qemu but due to an IRC chat in Sept. 2011 they are 'behind' the 
pass-through driver patches.

    Stefan

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Jordi Cucurull Juan]

Dear Stefan,

What does it mean that the patches with the VTPM functionality exist but 
they are behind the regular ones? Does it mean that they are not 
currently updated? That they have less priority?

Best regards,
Jordi.



On 08/29/2012 02:57 PM, Stefan Berger wrote:
> On 08/23/2012 04:05 PM, Corey Bryant wrote:
>>
>>
>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>>> Dear all,
>>>
>>> After applying the TPM patches to QEMU, I was wondering if it is
>>> possible to simultaneously use the TPM in more than one virtual 
>>> machine,
>>> i.e. virtualisation of the TPM.
>>>
>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>>> Virtualizing the Trusted Platform Module" this seems to be possible in
>>> Xen. Is not possible in QEMU?
>>>
>>> Thanks!
>>> Jordi.
>>>
>>>
>>
>> I don't think the pass-through driver supports use by multiple VMs. 
>> Stefan Berger should be able to answer better so I'm adding him to 
>> the thread.
>>
>
> The pass-through driver cannot provide access for multiple VMs to the 
> single hardware TPM on the host. The usage model and the statefulness 
> of the TPM (SRK password, owner password, keys) basically 
> prevent/complicate this. The implementation for Xen was indep. of the 
> Qemu code base today and there we used a software implementation of 
> the TPM that provided a private TPm instance to each VM. I have 
> patches for this for Qemu but due to an IRC chat in Sept. 2011 they 
> are 'behind' the pass-through driver patches.
>
>    Stefan
>


-- 
Jordi Cucurull Juan
Researcher
Scytl Secure Electronic Voting
Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
Phone:     + 34 934 230 324
Fax        + 34 933 251 028
jordi.cucurull@scytl.com
http://www.scytl.com

NOTICE: The information in this e-mail and in any of its attachments is confidential and intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or retaining of this message or any part of it, without the prior written consent of Scytl Secure Electronic Voting, SA is prohibited and may be unlawful. If you have received this in error, please contact the sender and delete the material from any computer.

Your data are in a file owned by Scytl Secure Electronic Voting, S.A. You can exercice your rights of access, rectification, cancellation and opposition by contacting Scytl Secure Electronic Voting, S.A. at the following address: Gal·la Placídia, 1-3. 1st, 08006 Barcelona (Spain), according to the Organic Law 15/1999, of 13th December of Protection of Personal Data.

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Stefan Berger]

On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote:
> Dear Stefan,
>
> What does it mean that the patches with the VTPM functionality exist 
> but they are behind the regular ones? Does it mean that they are not 
> currently updated? That they have less priority?

It means that in my patch queue they are 'behind' the ones I posted over 
the last few months.

   Stefan


>
> Best regards,
> Jordi.
>
>
>
> On 08/29/2012 02:57 PM, Stefan Berger wrote:
>> On 08/23/2012 04:05 PM, Corey Bryant wrote:
>>>
>>>
>>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>>>> Dear all,
>>>>
>>>> After applying the TPM patches to QEMU, I was wondering if it is
>>>> possible to simultaneously use the TPM in more than one virtual 
>>>> machine,
>>>> i.e. virtualisation of the TPM.
>>>>
>>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>>>> Virtualizing the Trusted Platform Module" this seems to be possible in
>>>> Xen. Is not possible in QEMU?
>>>>
>>>> Thanks!
>>>> Jordi.
>>>>
>>>>
>>>
>>> I don't think the pass-through driver supports use by multiple VMs. 
>>> Stefan Berger should be able to answer better so I'm adding him to 
>>> the thread.
>>>
>>
>> The pass-through driver cannot provide access for multiple VMs to the 
>> single hardware TPM on the host. The usage model and the statefulness 
>> of the TPM (SRK password, owner password, keys) basically 
>> prevent/complicate this. The implementation for Xen was indep. of the 
>> Qemu code base today and there we used a software implementation of 
>> the TPM that provided a private TPm instance to each VM. I have 
>> patches for this for Qemu but due to an IRC chat in Sept. 2011 they 
>> are 'behind' the pass-through driver patches.
>>
>>    Stefan
>>
>
>

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Jordi Cucurull Juan]

Do you refer to the patches that add TPM support to the SeaBIOS?

If this is the case, this is just a completely virtual TPM without any 
link with the TPM of the physical machine, right?

Jordi.


On 08/30/2012 04:50 PM, Stefan Berger wrote:
> On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote:
>> Dear Stefan,
>>
>> What does it mean that the patches with the VTPM functionality exist 
>> but they are behind the regular ones? Does it mean that they are not 
>> currently updated? That they have less priority?
>
> It means that in my patch queue they are 'behind' the ones I posted 
> over the last few months.
>
>   Stefan
>
>
>>
>> Best regards,
>> Jordi.
>>
>>
>>
>> On 08/29/2012 02:57 PM, Stefan Berger wrote:
>>> On 08/23/2012 04:05 PM, Corey Bryant wrote:
>>>>
>>>>
>>>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>>>>> Dear all,
>>>>>
>>>>> After applying the TPM patches to QEMU, I was wondering if it is
>>>>> possible to simultaneously use the TPM in more than one virtual 
>>>>> machine,
>>>>> i.e. virtualisation of the TPM.
>>>>>
>>>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>>>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>>>>> Virtualizing the Trusted Platform Module" this seems to be 
>>>>> possible in
>>>>> Xen. Is not possible in QEMU?
>>>>>
>>>>> Thanks!
>>>>> Jordi.
>>>>>
>>>>>
>>>>
>>>> I don't think the pass-through driver supports use by multiple VMs. 
>>>> Stefan Berger should be able to answer better so I'm adding him to 
>>>> the thread.
>>>>
>>>
>>> The pass-through driver cannot provide access for multiple VMs to 
>>> the single hardware TPM on the host. The usage model and the 
>>> statefulness of the TPM (SRK password, owner password, keys) 
>>> basically prevent/complicate this. The implementation for Xen was 
>>> indep. of the Qemu code base today and there we used a software 
>>> implementation of the TPM that provided a private TPm instance to 
>>> each VM. I have patches for this for Qemu but due to an IRC chat in 
>>> Sept. 2011 they are 'behind' the pass-through driver patches.
>>>
>>>    Stefan
>>>
>>
>>
>
>
>

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Stefan Berger]

On 08/30/2012 11:40 AM, Jordi Cucurull Juan wrote:
> Do you refer to the patches that add TPM support to the SeaBIOS?

Sorry for the confusion. What I meant is that the patches adding support 
for a private vTPM for each QEMU VM are 'behind' those adding support 
for the passthrough device model. There are SeaBIOS patches as well 
adding support for TPM, but those are different.

> If this is the case, this is just a completely virtual TPM without any 
> link with the TPM of the physical machine, right?

The SeaBIOS patches don't do that. They just add TPM BIOS support for 
TPM initialization, ACPI tables etc.
To add a completely virtual TPM to QEMU a completely different device 
model is necessary than the one I have recently posted.

    Stefan

>
> Jordi.
>
>
> On 08/30/2012 04:50 PM, Stefan Berger wrote:
>> On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote:
>>> Dear Stefan,
>>>
>>> What does it mean that the patches with the VTPM functionality exist 
>>> but they are behind the regular ones? Does it mean that they are not 
>>> currently updated? That they have less priority?
>>
>> It means that in my patch queue they are 'behind' the ones I posted 
>> over the last few months.
>>
>>   Stefan
>>
>>
>>>
>>> Best regards,
>>> Jordi.
>>>
>>>
>>>
>>> On 08/29/2012 02:57 PM, Stefan Berger wrote:
>>>> On 08/23/2012 04:05 PM, Corey Bryant wrote:
>>>>>
>>>>>
>>>>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>>>>>> Dear all,
>>>>>>
>>>>>> After applying the TPM patches to QEMU, I was wondering if it is
>>>>>> possible to simultaneously use the TPM in more than one virtual 
>>>>>> machine,
>>>>>> i.e. virtualisation of the TPM.
>>>>>>
>>>>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>>>>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>>>>>> Virtualizing the Trusted Platform Module" this seems to be 
>>>>>> possible in
>>>>>> Xen. Is not possible in QEMU?
>>>>>>
>>>>>> Thanks!
>>>>>> Jordi.
>>>>>>
>>>>>>
>>>>>
>>>>> I don't think the pass-through driver supports use by multiple 
>>>>> VMs. Stefan Berger should be able to answer better so I'm adding 
>>>>> him to the thread.
>>>>>
>>>>
>>>> The pass-through driver cannot provide access for multiple VMs to 
>>>> the single hardware TPM on the host. The usage model and the 
>>>> statefulness of the TPM (SRK password, owner password, keys) 
>>>> basically prevent/complicate this. The implementation for Xen was 
>>>> indep. of the Qemu code base today and there we used a software 
>>>> implementation of the TPM that provided a private TPm instance to 
>>>> each VM. I have patches for this for Qemu but due to an IRC chat in 
>>>> Sept. 2011 they are 'behind' the pass-through driver patches.
>>>>
>>>>    Stefan
>>>>
>>>
>>>
>>
>>
>>
>
>
>

Re: [Qemu-devel] Is is possible to virtualise or share the TPM?

[Stefan Berger]

On 08/30/2012 11:40 AM, Jordi Cucurull Juan wrote:
> Do you refer to the patches that add TPM support to the SeaBIOS?

Sorry for the confusion. What I meant is that the patches adding support 
for a private vTPM for each QEMU VM are 'behind' those adding support 
for the passthrough device model. There are SeaBIOS patches as well 
adding support for TPM, but those are different.

>
> If this is the case, this is just a completely virtual TPM without any 
> link with the TPM of the physical machine, right?
>
The SeaBIOS patches don't do that. They just add TPM BIOS support for 
TPM initialization, ACPI tables etc.
To add a completely virtual TPM to QEMU a completely different device 
model is necessary than the one I have recently posted.

    Stefan

> Jordi.
>
>
> On 08/30/2012 04:50 PM, Stefan Berger wrote:
>> On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote:
>>> Dear Stefan,
>>>
>>> What does it mean that the patches with the VTPM functionality exist 
>>> but they are behind the regular ones? Does it mean that they are not 
>>> currently updated? That they have less priority?
>>
>> It means that in my patch queue they are 'behind' the ones I posted 
>> over the last few months.
>>
>>   Stefan
>>
>>
>>>
>>> Best regards,
>>> Jordi.
>>>
>>>
>>>
>>> On 08/29/2012 02:57 PM, Stefan Berger wrote:
>>>> On 08/23/2012 04:05 PM, Corey Bryant wrote:
>>>>>
>>>>>
>>>>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:
>>>>>> Dear all,
>>>>>>
>>>>>> After applying the TPM patches to QEMU, I was wondering if it is
>>>>>> possible to simultaneously use the TPM in more than one virtual 
>>>>>> machine,
>>>>>> i.e. virtualisation of the TPM.
>>>>>>
>>>>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A.
>>>>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM:
>>>>>> Virtualizing the Trusted Platform Module" this seems to be 
>>>>>> possible in
>>>>>> Xen. Is not possible in QEMU?
>>>>>>
>>>>>> Thanks!
>>>>>> Jordi.
>>>>>>
>>>>>>
>>>>>
>>>>> I don't think the pass-through driver supports use by multiple 
>>>>> VMs. Stefan Berger should be able to answer better so I'm adding 
>>>>> him to the thread.
>>>>>
>>>>
>>>> The pass-through driver cannot provide access for multiple VMs to 
>>>> the single hardware TPM on the host. The usage model and the 
>>>> statefulness of the TPM (SRK password, owner password, keys) 
>>>> basically prevent/complicate this. The implementation for Xen was 
>>>> indep. of the Qemu code base today and there we used a software 
>>>> implementation of the TPM that provided a private TPm instance to 
>>>> each VM. I have patches for this for Qemu but due to an IRC chat in 
>>>> Sept. 2011 they are 'behind' the pass-through driver patches.
>>>>
>>>>    Stefan
>>>>
>>>
>>>
>>
>>
>>
>
>
>