From: Stefan Berger <stefanb@linux.ibm.com>
To: jejb@linux.ibm.com, qemu-devel@nongnu.org
Cc: "Daniel P . Berrangé" <berrange@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: Re: [PATCH 2/2] tpm: add backend for mssim
Date: Thu, 15 Dec 2022 15:22:19 -0500 [thread overview]
Message-ID: <9fac7d95-d891-413f-93f1-18324c7943ea@linux.ibm.com> (raw)
In-Reply-To: <b5d26ab0e54c15c408e9bae136bce969283ed5bd.camel@linux.ibm.com>
On 12/15/22 15:07, James Bottomley wrote:
> On Thu, 2022-12-15 at 14:57 -0500, Stefan Berger wrote:
>> On 12/15/22 14:40, James Bottomley wrote:
>>> On Thu, 2022-12-15 at 14:35 -0500, Stefan Berger wrote:
> [...]
>>>> You should also add a description to docs/specs/tpm.rst.
>>>
>>> Description of what? It functions exactly like passthrough on
>>
>> Please describe all the scenarios so that someone else can repeat
>> them when trying out **your** device.
>>
>> There are sections describing how things for swtpm and you should add
>> how things work for the mssim TPM.
>>
>> https://github.com/qemu/qemu/blob/master/docs/specs/tpm.rst#the-qemu-tpm-emulator-device
>> https://github.com/qemu/qemu/blob/master/docs/specs/tpm.rst#migration-with-the-tpm-emulator
>
> The passthrough snapshot/restore isn't described there either. This
Forget about passthrough, rather compare it to swtpm.
> behaves exactly the same in that it's caveat emptor. If something
> happens in the interim to upset the TPM state then the restore will
> have unexpected effects due to the externally changed TPM state. This
> is actually a feature: I'm checking our interposer defences by doing
> external state manipulation.
>
>>> migration. Since the TPM state is retained in the server a
>>> reconnection just brings everything back to where it was.
>>
>> So it's remote. And the ports are always open and someone can just
>> connect to the open ports and power cycle the device?
>
> in the same way as you can power off the hardware and have issues with
> a passthrough TPM on vm restore, yes.
I don't thinkyou should compare the mssim TPM with passthrough but rather with swtpm emulator + tpm_emulator backend. That's a much better comparison.
>
>> This may not be the most important scenario but nevertheless I
>> wouldn't want to deal with bug reports if someone does 'VM
>> snapshotting' -- how this is correctly handled would be of interest.
>
> I'd rather say nothing, like passthrough, then there are no
> expectations beyond it might work if you know what you're doing. I
Why do we need this device then if it doesn't handle migration scenarios in the same or better way than swtpm + tpm_emulator backends already do?
> don't really have much interest in the migration use case, but I knew
> it should work like the passthrough case, so that's what I tested.
I think your device needs to block migrations since it doesn't handle all migration scenarios correctly.
Stefan
>
> James
>
next prev parent reply other threads:[~2022-12-15 20:23 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 18:01 [PATCH 0/2] tpm: add mssim backend James Bottomley
2022-12-15 18:01 ` [PATCH 1/2] tpm: convert tpmdev options processing to new visitor format James Bottomley
2022-12-15 18:01 ` [PATCH 2/2] tpm: add backend for mssim James Bottomley
2022-12-15 18:46 ` Stefan Berger
2022-12-15 19:22 ` James Bottomley
2022-12-15 19:35 ` Stefan Berger
2022-12-15 19:40 ` James Bottomley
2022-12-15 19:57 ` Stefan Berger
2022-12-15 20:07 ` James Bottomley
2022-12-15 20:22 ` Stefan Berger [this message]
2022-12-15 20:30 ` James Bottomley
2022-12-15 20:53 ` Stefan Berger
2022-12-16 10:27 ` Daniel P. Berrangé
2022-12-16 12:28 ` Stefan Berger
2022-12-16 12:54 ` Daniel P. Berrangé
2022-12-16 13:32 ` Stefan Berger
2022-12-16 13:53 ` James Bottomley
2022-12-16 14:01 ` Stefan Berger
2022-12-19 11:49 ` Stefan Berger
2022-12-19 13:02 ` James Bottomley
2022-12-19 14:01 ` Stefan Berger
2022-12-16 14:29 ` Daniel P. Berrangé
2022-12-16 14:55 ` Stefan Berger
2022-12-16 15:48 ` James Bottomley
2022-12-16 16:08 ` Stefan Berger
2022-12-16 16:13 ` James Bottomley
2022-12-16 16:21 ` Stefan Berger
2023-01-09 16:59 ` Dr. David Alan Gilbert
2023-01-09 17:43 ` James Bottomley
2023-01-09 17:52 ` Dr. David Alan Gilbert
2023-01-09 17:55 ` James Bottomley
2023-01-09 18:34 ` Stefan Berger
2023-01-09 18:51 ` James Bottomley
2023-01-09 18:54 ` Dr. David Alan Gilbert
2023-01-09 18:59 ` James Bottomley
2023-01-09 19:01 ` Stefan Berger
2023-01-09 21:06 ` Stefan Berger
2023-01-10 14:14 ` James Bottomley
2023-01-10 14:47 ` Stefan Berger
2023-01-10 14:55 ` James Bottomley
2023-01-10 15:00 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9fac7d95-d891-413f-93f1-18324c7943ea@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).