Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
Date: Fri, 11 Aug 2023 07:06:05 UTC
On Thu, 2023-08-10 at 16:41 +0200, Goran Mekić wrote: >  > On 8/7/23 10:04, Corvin Köhne wrote: >  >  > >    > > Hi, > >  > > > >  > >  > > afaik, qemu is making use of the swtpm project too. So, it'd great > > to implement it in bhyve. > >  > > > >  > >  > > My TPM passthrough emulation is currently under review. > > See https://reviews.freebsd.org/D32961. > >  > > > >  > >  > > I designed it to easily integrate a swtpm in the future. You  just > > have to implement a new tpm backend by adding a new TPM_EMUL_SET. > >  > > Take a look at the tpm_emul_passthru.c file. > >  > > > >  > >  > > Btw: We may have to add additional functions to the TPM_EMUL_SET > > like a "startup_tpm" function. > > See https://elixir.bootlin.com/qemu/latest/source/include/sysemu/tp > > m_backend.h#L52 > >  >  > Hello, >  > I was looking at tpm_emul_passthru.c and I've seen it uses open(2) > and write(2) for initialization and command execution. From before > (https://youtu.be/5wDs1K5ppbQ?t=940) I know you planned on adding tpm > pass-through, which I think was just merged. There are still two open reviews required for tpm passthrough to work properly: https://reviews.freebsd.org/D40462 https://reviews.freebsd.org/D32961 > Anyway, if pass-through uses open and write, can it be used together > with swtpm, maybe? I can successfully run the following command: >  > swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl > type=unixio,path=/tmp/mytpm1/swtpm-sock --tpm2 --log level=20 >  > I can see /tmp/mytpm/swtpm-sock but I don't know how to try to use it > with pass-through. >  I don't think that this will work because the swtpm has to be initialized before using while the passthrough device doesn't. So, it's not implemented in bhyve yet. See https://elixir.bootlin.com/qemu/latest/source/backends/tpm/tpm_emulator.c#L417 https://elixir.bootlin.com/qemu/latest/source/hw/tpm/tpm_crb.c#L279 > Regards, >  meka -- Kind regards, Corvin