From nobody Mon Aug 07 09:31:20 2023
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RKB0D2L4dz4mFrQ
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Mon,  7 Aug 2023 09:31:24 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RKB0D1tTnz3KVB;
	Mon,  7 Aug 2023 09:31:24 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1691400684;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=LOJkCGRjIsSFhbb0QlQ3ITgSmifmMo8FWsOb7aHvLOs=;
	b=oyIZSEKVi9q6xoaSWwdK1LBjtwRwWjrpYDBrE5fgu0ZM/N/bOwNtKhbzoSn2Q7GGejYlDa
	JshS/blRhUZgUdWy0RTJPml9dvIqRrIAFWiDhBJL94rG2VMw0y0gnLz6LZilF0J1CAO4J6
	kc3ZqjkNfvkg/Nd8yjJBh5usKGxIgSCtAkWTcRV4Nf/2R1Ics5ca9uqFYykPfYyNfXTCNm
	6LUXaqa1VOXcJ9SdWLKDbwzDGrNbVBaaIxuDRgxW90vyYMp2I/z4TRW6huTQNOKLseBh2l
	ILU0ZCG+KBx91a0abPZln8alsNES+Szuv4u+KsHRZMVwxJ749shqppOCOMlKOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1691400684;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=LOJkCGRjIsSFhbb0QlQ3ITgSmifmMo8FWsOb7aHvLOs=;
	b=TCABb9NBMi9J9QGLUM1EQpkEMgjyFalTE995QuX9yMP1eEYd/GiwfOfBM3sH2dkXNqWZqz
	McAWj7kJYuOZf45lq5sAWUcsq1CIRrId49MIvU4Wj06NJy+Ns6MzFaS03zTN2ycde0ivpw
	EVOTS8UXGbuBbhk995C0Npc4v7pluLV+mv8z79qREhmVmv3rmcKdB+B1WYevFt72oXTjte
	pfiNDZn8tJiFxnwfaFcIW7hqqtgbsj+8PYMDm1cyO3dKJDcYWQugfSkhVtxvrgWp/7cGd5
	jBFwWRFq6bXSjN2YefdKNhweUpFl07xtvFtsEIepPwyl4GMJROKCJA3Xxq73VA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691400684; a=rsa-sha256; cv=none;
	b=BckBEBGxqvEvRrWeY7F8bR9Ec5ccSiLnAKwxV4fm7jzlA7ItuaX1pN14JXM/hBkt+PFikk
	fJXUd99+/vY1WxjA+evUXm8AucBMPAl76DnJfZMKOxeA0skUpidq5rPC9gWuAkVYVI3Rqs
	QA6fkYo9jgG34kGloaUEwSXfyX8So17YEcRe4F1SWHNm4SqVGnae6/09QnZYrbF0sbjdyo
	JC/tqSokvk6WBfLAELhe9Aetn71zc00Ot6fplctAtiL3sKDbdJySBOKrQp0KgHITicixqZ
	ha1tZdeam+7brgZNIv18VvmNMm/TLwaZYxplqVRvf52EGX5SZF2P5SV+eW1YRw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from [172.21.179.48] (unknown [195.226.174.194])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: corvink)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4RKB0C4MQxz14hc;
	Mon,  7 Aug 2023 09:31:23 +0000 (UTC)
	(envelope-from corvink@FreeBSD.org)
Message-ID: <fd58b71368265b9fcee809ce34049fc49853ce31.camel@FreeBSD.org>
Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
From: Corvin =?ISO-8859-1?Q?K=F6hne?= <corvink@FreeBSD.org>
To: Goran =?iso-8859-2?Q?Meki=E6?= <meka@tilda.center>, Michael Dexter
	 <editor@callfortesting.org>, "freebsd-virtualization@freebsd.org"
	 <freebsd-virtualization@freebsd.org>
Date: Mon, 07 Aug 2023 11:31:20 +0200
In-Reply-To: <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org>
References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org>
	 <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center>
	 <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
	protocol="application/pgp-signature"; boundary="=-CQAHCxf9xJZ/RRaLIjv/"
User-Agent: Evolution 3.48.4 
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
Sender: owner-freebsd-virtualization@freebsd.org
X-BeenThere: freebsd-virtualization@freebsd.org
MIME-Version: 1.0


--=-CQAHCxf9xJZ/RRaLIjv/
Content-Type: multipart/alternative; boundary="=-+EmgEC+25BJhENe9vXC7"

--=-+EmgEC+25BJhENe9vXC7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 2023-08-07 at 10:04 +0200, Corvin K=C3=B6hne wrote:
> On Sun, 2023-08-06 at 18:47 +0200, Goran Meki=C4=87 wrote:
> > =20
> > On 8/2/23 02:28, Michael Dexter wrote:
> > =20
> > > Hello all,=20
> > >=20
> > > Long-time bhyve-in-production user Jason Tubnor pointed out that
> > > a recent Windows 11 update breaks the "lab mode" under which
> > > Windows 11 could be run without a TPM (Trusted Platform Module)
> > > chip via a registry edit. Corvin has made significant progress
> > > with TPM pass-through support but it only supports one VM
> > > associated with the hardware TPM.=20
> > >=20
> > > This 3-clause BSD-license software TPM project has existed but I
> > > have never heard it brought up in the bhyve context, possibly
> > > because of the available workaround:=20
> > >=20
> > > https://github.com/stefanberger/swtpm=20
> > >=20
> > > Is anyone be willing to look into porting this to bhyve?=20
> > >=20
> > > All the best,=20
> > >=20
> > > Michael=20
> > >=20
> > Hello,
> > If anyone can take a look and merge these, it would be a start:
> > =20
> >  * libtpms https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272972
> >  * swtpm https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272973
> > =20
> > As I never read bhyve code before, I will start glancing it and
> > trying to figure out stuff from Corvin's previous PR enabling pass-
> > through for TPM. If anyone has any info to speed me up on this
> > quest, please speak! Thank you!
> > Regards,
> > meka=20
>=20
> Hi,
>=20
> afaik, qemu is making use of the swtpm project too. So, it'd great to
> implement it in bhyve.
>=20
> My TPM passthrough emulation is currently under review.
> See=C2=A0https://reviews.freebsd.org/D32961.
>=20
> I designed it to easily integrate a swtpm in the future. You =C2=A0just
> have to implement a new tpm backend by adding a new TPM_EMUL_SET.
> Take a look at the tpm_emul_passthru.c file.
>=20
> Btw: We may have to add additional functions to the TPM_EMUL_SET like
> a "startup_tpm" function.
> See=C2=A0https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tpm=
_backend.h#L52
>=20
>=20

Btw.: I've opened a review for your ports:
https://reviews.freebsd.org/D41346

--=20
Kind regards, Corvin

--=-+EmgEC+25BJhENe9vXC7
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html><head>
   =20
  <style>pre,code,address {
  margin: 0px;
}
h1,h2,h3,h4,h5,h6 {
  margin-top: 0.2em;
  margin-bottom: 0.2em;
}
ol,ul {
  margin-top: 0em;
  margin-bottom: 0em;
}
blockquote {
  margin-top: 0em;
  margin-bottom: 0em;
}
</style><style>pre,code,address {
  margin: 0px;
}
h1,h2,h3,h4,h5,h6 {
  margin-top: 0.2em;
  margin-bottom: 0.2em;
}
ol,ul {
  margin-top: 0em;
  margin-bottom: 0em;
}
blockquote {
  margin-top: 0em;
  margin-bottom: 0em;
}
</style></head>
  <body><div>On Mon, 2023-08-07 at 10:04 +0200, Corvin K=C3=B6hne wrote:</d=
iv><blockquote type=3D"cite" style=3D"margin:0 0 0 .8ex; border-left:2px #7=
29fcf solid;padding-left:1ex"><div>On Sun, 2023-08-06 at 18:47 +0200, Goran=
 Meki=C4=87 wrote:</div><blockquote type=3D"cite" style=3D"margin:0 0 0 .8e=
x; border-left:2px #729fcf solid;padding-left:1ex"><div> </div><div class=
=3D"moz-cite-prefix">On 8/2/23 02:28, Michael Dexter wrote:<br> </div><div>=
 <br></div><blockquote type=3D"cite" cite=3D"mid:662af723-de9f-36d9-c960-ef=
08379ca26e@callfortesting.org" style=3D"margin:0 0 0 .8ex; border-left:2px =
#729fcf solid;padding-left:1ex"><div>Hello all, <br> <br> Long-time bhyve-i=
n-production user Jason Tubnor pointed out that a recent Windows 11 update =
breaks the "lab mode" under which Windows 11 could be run without a TPM (Tr=
usted Platform Module) chip via a registry edit. Corvin has made significan=
t progress with TPM pass-through support but it only supports one VM associ=
ated with the hardware TPM. <br> <br> This 3-clause BSD-license software TP=
M project has existed but I have never heard it brought up in the bhyve con=
text, possibly because of the available workaround: <br> <br> <a class=3D"m=
oz-txt-link-freetext" href=3D"https://github.com/stefanberger/swtpm">https:=
//github.com/stefanberger/swtpm</a> <br> <br> Is anyone be willing to look =
into porting this to bhyve? <br> <br> All the best, <br> <br> Michael <br> =
<br> </div></blockquote><div> Hello,<br> </div><p>If anyone can take a look=
 and merge these, it would be a start:</p><div> </div><ul> <li>libtpms <a c=
lass=3D"moz-txt-link-freetext" href=3D"https://bugs.freebsd.org/bugzilla/sh=
ow_bug.cgi?id=3D272972">https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=
=3D272972</a></li> <li>swtpm <a class=3D"moz-txt-link-freetext" href=3D"htt=
ps://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272973">https://bugs.freeb=
sd.org/bugzilla/show_bug.cgi?id=3D272973</a></li> </ul><div> </div><p>As I =
never read bhyve code before, I will start glancing it and trying to figure=
 out stuff from Corvin's previous PR enabling pass-through for TPM. If anyo=
ne has any info to speed me up on this quest, please speak! Thank you!</p><=
div> Regards,<br> meka </div></blockquote><div><br></div><div>Hi,</div><div=
><br></div><div>afaik, qemu is making use of the swtpm project too. So, it'=
d great to implement it in bhyve.</div><div><br></div><div>My TPM passthrou=
gh emulation is currently under review. See&nbsp;<a href=3D"https://reviews=
.freebsd.org/D32961">https://reviews.freebsd.org/D32961</a>.</div><div><br>=
</div><div>I designed it to easily integrate a swtpm in the future. You &nb=
sp;just have to implement a new tpm backend by adding a new TPM_EMUL_SET.</=
div><div>Take a look at the tpm_emul_passthru.c file.</div><div><br></div><=
div>Btw: We may have to add additional functions to the TPM_EMUL_SET like a=
 "startup_tpm" function. See&nbsp;<a href=3D"https://elixir.bootlin.com/qem=
u/latest/source/include/sysemu/tpm_backend.h#L52">https://elixir.bootlin.co=
m/qemu/latest/source/include/sysemu/tpm_backend.h#L52</a></div><div><br></d=
iv><div><br></div><div><span><pre></pre></span></div></blockquote><div><br>=
</div><div>Btw.: I've opened a review for your ports:</div><div><a href=3D"=
https://reviews.freebsd.org/D41346">https://reviews.freebsd.org/D41346</a><=
/div><div><br></div><div><span><pre>-- <br></pre><pre>Kind regards,
Corvin
</pre></span></div></body></html>

--=-+EmgEC+25BJhENe9vXC7--

--=-CQAHCxf9xJZ/RRaLIjv/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmTQuegACgkQ2FTaVjFe
AmrNMhAAq8mP1ZU5UrmFplf5BayaPsTQd5HxNYIOBcHxzeUVgFNeUnOf+kQAJ7gw
0S6mmAi7KlbPkos5t3G7IAr9hjB1/c3xGZ08YKJHAf/0k2Ayb5n/HcCOpJ35WSgG
ZC1QxHP+77zYSWVIbBBO0wv1qE/JcVXf8XkxVo4iTAUjFMGCTMn7GWYGErtXxF2l
rVSH6rbB313wAv4TGGR+aPymDw2WM0AGFtwffOcL7kaymNNDSDzz7wcU3GifrEdg
UrB5akNTs6/SjsMrLLsJ0yMcvNhXb0HYhPwVAamPKw5wbRsURGKIGogTFm8FHbzZ
JNUjfoP7VldJDnf14+cRqtg/YCXtMbT924h8SeqVATADKl1y0IBKjOAOj65LO5Jz
YTf7u+eqa4fDpiYSQwHAEs5ZzldljvdNLTaSzpl5Hu7j3gevpxThsPKWMvD1j3RG
ZfLvAafzMe6j/RcxqDJ1mCVEkX+RXgBKHNo/MntngmGs6i/JX/3WZwiPxlNAidIc
iZtmUZatZiB/gpHp9Z2RU2mW0BX+nZc0MG0xmNbi/6EQL7Ksey2cpCRFoe8UEelo
ApA3u0R7qfV3x+UHxes486IR9sQ1G0Sa7h5x3lZ/Yg5qtFKCTbTir6/wlsc20Ers
UDEC/rcdAwAnefkpQtKCK2S4rJ/nmW/Wn0NFtXTor7eE5ElyHw4=
=q4sP
-----END PGP SIGNATURE-----

--=-CQAHCxf9xJZ/RRaLIjv/--