From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39191) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YipLr-0005et-LE for qemu-devel@nongnu.org; Thu, 16 Apr 2015 15:21:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YipLo-00043o-El for qemu-devel@nongnu.org; Thu, 16 Apr 2015 15:21:27 -0400 Received: from e18.ny.us.ibm.com ([129.33.205.208]:57247) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YipLo-00043c-At for qemu-devel@nongnu.org; Thu, 16 Apr 2015 15:21:24 -0400 Received: from /spool/local by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 16 Apr 2015 15:21:22 -0400 Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 4DEA66E8045 for ; Thu, 16 Apr 2015 15:13:09 -0400 (EDT) Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t3GJLJHD65601640 for ; Thu, 16 Apr 2015 19:21:20 GMT Received: from d01av05.pok.ibm.com (localhost [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t3GJLJAs016804 for ; Thu, 16 Apr 2015 15:21:19 -0400 Message-ID: <55300BAE.5050800@linux.vnet.ibm.com> Date: Thu, 16 Apr 2015 15:21:18 -0400 From: Stefan Berger MIME-Version: 1.0 References: <1429137528-1069064-1-git-send-email-stefanb@linux.vnet.ibm.com> <20150416153506.3260becd@nial.brq.redhat.com> <20150416205335-mutt-send-email-mst@redhat.com> In-Reply-To: <20150416205335-mutt-send-email-mst@redhat.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 0/5] Extend TPM support with a QEMU-external TPM List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" , Igor Mammedov Cc: safford@watson.ibm.com, qemu-devel@nongnu.org, quan.xu@intel.com On 04/16/2015 02:55 PM, Michael S. Tsirkin wrote: > On Thu, Apr 16, 2015 at 03:35:06PM +0200, Igor Mammedov wrote: >> On Wed, 15 Apr 2015 18:38:43 -0400 >> Stefan Berger wrote: >> >>> The following series of patches extends TPM support with an >>> external TPM that offers a Linux CUSE (character device in userspace) >>> interface. This TPM lets each VM access its own private vTPM. >>> The CUSE TPM supports suspend/resume and migration. Much >>> out-of-band functionality necessary to control the CUSE TPM is >>> implemented using ioctl's. >>> >>> The series extends the TPM support so far that most functionality of >>> TPM support on a physical platform is now available to each x86 VM, >>> this includes the Physical Presence Interface support that has >>> its counter-part in the SeaBIOS and is implemented using ACPI. >>> >>> http://www.seabios.org/pipermail/seabios/2015-March/008978.html >> is it already merged? >> >> Is it possible to use MMIO region instead of allocating tpm_ppi_anchor >> and tpm_ppi in BIOS memory? >> That would simplify BIOS part a bit and significantly simplify ACPI code >> as most of it is dealing with figuring out address of tpm_ppi. > Which (if it works) I guess brings us back to the idea of using > a pci device with a bar where we can stick tpm+vm id+whatever? Well, at least the current implementation works with these patches + CUSE TPM + patched SeaBIOS . So the PCI bar does not get reset during a machine reboot and thus preserves values? I did not model the TPM TIS as a PCI device, since it typically is not such a device, but a LPC devices (close to ISA type of device). If we wanted to achieve that this method also works on real hardware, with SeaBIOS running piggy-backed on coreboot, then we shouldn't assume a PCI device, since it won't be. Otherwise, what are we trying to achieve? Is the ACPI code the problem? Stefan