Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?

Reply: Goran_Mekić : "Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?"
In reply to: Corvin K�hne : "Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Goran_Mekić <meka_at_tilda.center>
Date: Sat, 19 Aug 2023 08:27:12 UTC

>> With updated port there's also support for CUSE, which would allow
>> swtpm
>> to be used with pass-through. The problem is that socket and CUSE
>> have
>> problems which I described in upstream issue:
>> https://github.com/stefanberger/swtpm/issues/820. If there are any
>> suggestions how to fix that fuse error, I'd like to hear them and try
>> and fix it.
>>
>> Regards,
>> meka

Hello,

I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has 
totally different implementation, so it can not be used by swtpm. As 
swtpm has control and server channels, I suppose we need both. To start 
both:

# swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl 
type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server 
type=unixio,path=/tmp/mytpm1/server

Now to initialize it one should run

# swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i

If -i is replaced with --stop, swtpm is stopped. Now if I understand 
correctly, init function of bhyve should do -i, deinit should do --stop. 
If that's correct, I will start implementing init and for now ignore 
deinit. As swtpm is BSD licenced, I think it is OK for us to reuse parts 
of swtpm_ioctl code. Anyway, if I'm wrong about anything, please point 
it out.

Regards,
meka