Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?

In reply to: Corvin K�hne : "Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Corvin K�hne <corvink_at_FreeBSD.org>
Date: Mon, 07 Aug 2023 09:31:20 UTC

On Mon, 2023-08-07 at 10:04 +0200, Corvin Köhne wrote:
> On Sun, 2023-08-06 at 18:47 +0200, Goran Mekić wrote:
> >  
> > On 8/2/23 02:28, Michael Dexter wrote:
> >  
> > > Hello all, 
> > > 
> > > Long-time bhyve-in-production user Jason Tubnor pointed out that
> > > a recent Windows 11 update breaks the "lab mode" under which
> > > Windows 11 could be run without a TPM (Trusted Platform Module)
> > > chip via a registry edit. Corvin has made significant progress
> > > with TPM pass-through support but it only supports one VM
> > > associated with the hardware TPM. 
> > > 
> > > This 3-clause BSD-license software TPM project has existed but I
> > > have never heard it brought up in the bhyve context, possibly
> > > because of the available workaround: 
> > > 
> > > https://github.com/stefanberger/swtpm 
> > > 
> > > Is anyone be willing to look into porting this to bhyve? 
> > > 
> > > All the best, 
> > > 
> > > Michael 
> > > 
> > Hello,
> > If anyone can take a look and merge these, it would be a start:
> >  
> >  * libtpms https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272972
> >  * swtpm https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272973
> >  
> > As I never read bhyve code before, I will start glancing it and
> > trying to figure out stuff from Corvin's previous PR enabling pass-
> > through for TPM. If anyone has any info to speed me up on this
> > quest, please speak! Thank you!
> > Regards,
> > meka 
> 
> Hi,
> 
> afaik, qemu is making use of the swtpm project too. So, it'd great to
> implement it in bhyve.
> 
> My TPM passthrough emulation is currently under review.
> See https://reviews.freebsd.org/D32961.
> 
> I designed it to easily integrate a swtpm in the future. You  just
> have to implement a new tpm backend by adding a new TPM_EMUL_SET.
> Take a look at the tpm_emul_passthru.c file.
> 
> Btw: We may have to add additional functions to the TPM_EMUL_SET like
> a "startup_tpm" function.
> See https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm_backend.h#L52
> 
> 

Btw.: I've opened a review for your ports:
https://reviews.freebsd.org/D41346

-- 
Kind regards, Corvin