Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?

On Sun, 2023-08-06 at 18:47 +0200, Goran Mekić wrote:
>  
> On 8/2/23 02:28, Michael Dexter wrote:
>  
> > Hello all, 
> > 
> > Long-time bhyve-in-production user Jason Tubnor pointed out that a
> > recent Windows 11 update breaks the "lab mode" under which Windows
> > 11 could be run without a TPM (Trusted Platform Module) chip via a
> > registry edit. Corvin has made significant progress with TPM pass-
> > through support but it only supports one VM associated with the
> > hardware TPM. 
> > 
> > This 3-clause BSD-license software TPM project has existed but I
> > have never heard it brought up in the bhyve context, possibly
> > because of the available workaround: 
> > 
> > https://github.com/stefanberger/swtpm 
> > 
> > Is anyone be willing to look into porting this to bhyve? 
> > 
> > All the best, 
> > 
> > Michael 
> > 
> Hello,
> If anyone can take a look and merge these, it would be a start:
>  
>  * libtpms https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272972
>  * swtpm https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272973
>  
> As I never read bhyve code before, I will start glancing it and
> trying to figure out stuff from Corvin's previous PR enabling pass-
> through for TPM. If anyone has any info to speed me up on this quest,
> please speak! Thank you!
> Regards,
> meka 

Hi,

afaik, qemu is making use of the swtpm project too. So, it'd great to
implement it in bhyve.

My TPM passthrough emulation is currently under review.
See https://reviews.freebsd.org/D32961.

I designed it to easily integrate a swtpm in the future. You  just have
to implement a new tpm backend by adding a new TPM_EMUL_SET.
Take a look at the tpm_emul_passthru.c file.

Btw: We may have to add additional functions to the TPM_EMUL_SET like a
"startup_tpm" function.
See https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_backend.h#L52


-- 
Kind regards, Corvin