Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?

Reply: Corvin K�hne : "Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?"
In reply to: Goran_Mekić : "Re: Sudden need for bhyve TPM Emulation... willing to port swtpm?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Goran_Mekić <meka_at_tilda.center>
Date: Sun, 20 Aug 2023 17:52:43 UTC

On 8/19/23 17:27, Goran Mekić wrote:
> On 8/19/23 10:27, Goran Mekić wrote:
>>>> With updated port there's also support for CUSE, which would allow
>>>> swtpm
>>>> to be used with pass-through. The problem is that socket and CUSE
>>>> have
>>>> problems which I described in upstream issue:
>>>> https://github.com/stefanberger/swtpm/issues/820. If there are any
>>>> suggestions how to fix that fuse error, I'd like to hear them and try
>>>> and fix it.
>>>>
>>>> Regards,
>>>> meka
>>
>> Hello,
>>
>> I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has 
>> totally different implementation, so it can not be used by swtpm. As 
>> swtpm has control and server channels, I suppose we need both. To 
>> start both:
>>
>> # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl 
>> type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server 
>> type=unixio,path=/tmp/mytpm1/server
>>
>> Now to initialize it one should run
>>
>> # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i
>>
>> If -i is replaced with --stop, swtpm is stopped. Now if I understand 
>> correctly, init function of bhyve should do -i, deinit should do 
>> --stop. If that's correct, I will start implementing init and for now 
>> ignore deinit. As swtpm is BSD licenced, I think it is OK for us to 
>> reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, 
>> please point it out.
>>
>> Regards,
>> meka
>>
>>
> I managed to initialize the swtpm by butchering swtpm_ioctl code and 
> creating this: https://bsd.to/Dq7c. I know that for bhyve it's not 
> viable to include from port, but at this point I just want to make 
> some progress and then I'll see how to properly do it. As swtpm is 
> BSD-3-Clause licensed, we should probably import it to base, but I'll 
> worry about that part when at least something starts working.
>
> Regards,
> meka
>
>
To make it easier to progress, I created repository for my TPM 
playground: https://github.com/mekanix/tpmplay. The code currently 
somewhat resembles tpm_emul_passthru.c. It implements init, deinit and 
ctrlcmd. I'm confused a bit because swtpm has two sockets, one for 
control one for data. Looking at tpm_emul_passthru.c I can see one fd is 
used for all commands. If I'm correct, TSS is used for data channel: 
https://github.com/stefanberger/swtpm/wiki/Using-the-IBM-TSS-with-swtpm#socket-interface. 
How come pass-through doesn't have ctrl/data channels?

Regards,
meka