From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:45911) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T765g-0002ej-88 for qemu-devel@nongnu.org; Thu, 30 Aug 2012 10:51:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T765d-0002pg-QE for qemu-devel@nongnu.org; Thu, 30 Aug 2012 10:51:28 -0400 Received: from e9.ny.us.ibm.com ([32.97.182.139]:49666) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T765d-0002p5-Lg for qemu-devel@nongnu.org; Thu, 30 Aug 2012 10:51:25 -0400 Received: from /spool/local by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 30 Aug 2012 10:51:23 -0400 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 4A8306E803F for ; Thu, 30 Aug 2012 10:51:20 -0400 (EDT) Received: from d03av05.boulder.ibm.com (d03av05.boulder.ibm.com [9.17.195.85]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q7UEpDnW036936 for ; Thu, 30 Aug 2012 10:51:15 -0400 Received: from d03av05.boulder.ibm.com (loopback [127.0.0.1]) by d03av05.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q7UEp8N8011546 for ; Thu, 30 Aug 2012 08:51:09 -0600 Message-ID: <503F7DD3.5080602@linux.vnet.ibm.com> Date: Thu, 30 Aug 2012 10:50:59 -0400 From: Stefan Berger MIME-Version: 1.0 References: <50336381.8040009@scytl.com> <50368D0B.7060402@linux.vnet.ibm.com> <503E11AA.2010709@linux.vnet.ibm.com> <503F76F6.2030801@scytl.com> In-Reply-To: <503F76F6.2030801@scytl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] Is is possible to virtualise or share the TPM? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jordi Cucurull Juan Cc: yoder1@us.ibm.com, Corey Bryant , qemu-devel On 08/30/2012 10:21 AM, Jordi Cucurull Juan wrote: > Dear Stefan, > > What does it mean that the patches with the VTPM functionality exist > but they are behind the regular ones? Does it mean that they are not > currently updated? That they have less priority? It means that in my patch queue they are 'behind' the ones I posted over the last few months. Stefan > > Best regards, > Jordi. > > > > On 08/29/2012 02:57 PM, Stefan Berger wrote: >> On 08/23/2012 04:05 PM, Corey Bryant wrote: >>> >>> >>> On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote: >>>> Dear all, >>>> >>>> After applying the TPM patches to QEMU, I was wondering if it is >>>> possible to simultaneously use the TPM in more than one virtual >>>> machine, >>>> i.e. virtualisation of the TPM. >>>> >>>> According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A. >>>> Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM: >>>> Virtualizing the Trusted Platform Module" this seems to be possible in >>>> Xen. Is not possible in QEMU? >>>> >>>> Thanks! >>>> Jordi. >>>> >>>> >>> >>> I don't think the pass-through driver supports use by multiple VMs. >>> Stefan Berger should be able to answer better so I'm adding him to >>> the thread. >>> >> >> The pass-through driver cannot provide access for multiple VMs to the >> single hardware TPM on the host. The usage model and the statefulness >> of the TPM (SRK password, owner password, keys) basically >> prevent/complicate this. The implementation for Xen was indep. of the >> Qemu code base today and there we used a software implementation of >> the TPM that provided a private TPm instance to each VM. I have >> patches for this for Qemu but due to an IRC chat in Sept. 2011 they >> are 'behind' the pass-through driver patches. >> >> Stefan >> > >