From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60650)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1VisuE-0002xS-AT
	for qemu-devel@nongnu.org; Tue, 19 Nov 2013 16:32:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1Visu5-0006Ss-C6
	for qemu-devel@nongnu.org; Tue, 19 Nov 2013 16:32:22 -0500
Received: from e9.ny.us.ibm.com ([32.97.182.139]:57706)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1Visu5-0006Sj-7Q
	for qemu-devel@nongnu.org; Tue, 19 Nov 2013 16:32:13 -0500
Received: from /spool/local
	by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Tue, 19 Nov 2013 16:32:10 -0500
Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com
	[9.57.198.24])
	by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 2255038C804D
	for <qemu-devel@nongnu.org>; Tue, 19 Nov 2013 16:32:06 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64])
	by b01cxnp22034.gho.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	rAJLW7HP3277080
	for <qemu-devel@nongnu.org>; Tue, 19 Nov 2013 21:32:07 GMT
Received: from d01av04.pok.ibm.com (localhost [127.0.0.1])
	by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	rAJLW6C2007058
	for <qemu-devel@nongnu.org>; Tue, 19 Nov 2013 16:32:07 -0500
Message-ID: <528BD8D6.5070404@linux.vnet.ibm.com>
Date: Tue, 19 Nov 2013 16:32:06 -0500
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1383748722-8723-1-git-send-email-coreyb@linux.vnet.ibm.com>
	<CA+aC4ktOz9zSL87UmAzfkThMPF+t21WJWL5htjy+C=Q-vdKt7w@mail.gmail.com>
In-Reply-To: <CA+aC4ktOz9zSL87UmAzfkThMPF+t21WJWL5htjy+C=Q-vdKt7w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel <qemu-devel@nongnu.org>, Anthony Liguori <aliguori@amazon.com>


On 11/19/2013 02:50 PM, Anthony Liguori wrote:
> On Wed, Nov 6, 2013 at 6:38 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
>> This patch series provides support for a software Trusted Platform
>> Module (otherwise known as a vTPM).  This support is provided via a
>> new backend that works with the existing QEMU tpm-tis front end.
>
> We do device emulation within QEMU.  This is fundamentally what QEMU does.
>
> Why should we link against an external library instead of providing
> TPM emulation within QEMU itself?  What makes TPM so special here?

Because 70k+ LOC *definitely* doesn't have a chance of getting into 
QEMU, so it makes more sense to link against a library.

>
> I know the answer to these questions of course.  There isn't a good
> reason but there exists vTPM as an external tool for historical
> reasons.  I don't think that's a good justification for doing this.
> libtpms has had no review by anyone and does not have a community
> around it.  Once we link against it, we are responsible for resolving

The source is now more readily available on github and while the 
community is small, there is a community.  Besides, QEMU uses other 
libraries that have very small communities doesn't it?

> any security issue around it and fixing any bug within it.

Is this really true?  Is QEMU responsible for fixing every bug in glibc?

-- 
Regards,
Corey Bryant

>
> That's essentially asking us to merge 70k+ LOCS without any review or
> validation ahead of time.  That's an unreasonable request.
>
> Regards,
>
> Anthony Liguori
>
>> With this patch series, multiple guests can run with their own vTPM.
>> In comparison, the existing passthrough vTPM does not allow this
>> because the host TPM cannot be shared.
>>
>> Note: There is seabios code that is not yet upstream that is
>> required to run with this support.  It provides support such as
>> initialization, ACPI table updates, and menu updates.  If anyone
>> would like to run with that support, let me know and I can send you
>> a bios.bin.
>>
>> Following is a sample command line:
>>
>> qemu-img create -f qcow2 /home/qemu/images/nvram.qcow2 500K
>>
>> qemu-system-x86_64 ... \
>> -drive file=/home/qemu/images/nvram.qcow2,if=none,id=nvram0-0-0,format=qcow2 \
>> -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \
>> -tpmdev libtpms,id=tpm-tpm0,nvram=nvram0-0-0
>>
>> Corey Bryant (4):
>>    tpm: Add TPM NVRAM implementation
>>    tpm: Share tpm_write_fatal_error_response
>>    tpm: QMP/HMP support for libtpms TPM backend
>>    tpm: Provide libtpms software TPM backend
>>
>>   configure                    |   24 ++
>>   hmp.c                        |    5 +
>>   hw/tpm/Makefile.objs         |    2 +
>>   hw/tpm/tpm_libtpms.c         |  885 ++++++++++++++++++++++++++++++++++++++++++
>>   hw/tpm/tpm_nvram.c           |  340 ++++++++++++++++
>>   hw/tpm/tpm_nvram.h           |   25 ++
>>   hw/tpm/tpm_passthrough.c     |   14 -
>>   hw/tpm/tpm_tis.h             |    1 +
>>   include/sysemu/tpm_backend.h |    3 +
>>   qapi-schema.json             |   18 +-
>>   qemu-options.hx              |   31 ++-
>>   tpm.c                        |   28 ++-
>>   12 files changed, 1357 insertions(+), 19 deletions(-)
>>   create mode 100644 hw/tpm/tpm_libtpms.c
>>   create mode 100644 hw/tpm/tpm_nvram.c
>>   create mode 100644 hw/tpm/tpm_nvram.h
>>
>>
>
>