Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?
Date: Sat, 19 Aug 2023 15:27:37 UTC
On 8/19/23 10:27, Goran Mekić wrote: >>> With updated port there's also support for CUSE, which would allow >>> swtpm >>> to be used with pass-through. The problem is that socket and CUSE >>> have >>> problems which I described in upstream issue: >>> https://github.com/stefanberger/swtpm/issues/820. If there are any >>> suggestions how to fix that fuse error, I'd like to hear them and try >>> and fix it. >>> >>> Regards, >>> meka > > Hello, > > I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has > totally different implementation, so it can not be used by swtpm. As > swtpm has control and server channels, I suppose we need both. To > start both: > > # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl > type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server > type=unixio,path=/tmp/mytpm1/server > > Now to initialize it one should run > > # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i > > If -i is replaced with --stop, swtpm is stopped. Now if I understand > correctly, init function of bhyve should do -i, deinit should do > --stop. If that's correct, I will start implementing init and for now > ignore deinit. As swtpm is BSD licenced, I think it is OK for us to > reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, > please point it out. > > Regards, > meka > > I managed to initialize the swtpm by butchering swtpm_ioctl code and creating this: https://bsd.to/Dq7c. I know that for bhyve it's not viable to include from port, but at this point I just want to make some progress and then I'll see how to properly do it. As swtpm is BSD-3-Clause licensed, we should probably import it to base, but I'll worry about that part when at least something starts working. Regards, meka